Improving AS2 Security Using Secure Proxy

Securing electronic communications is of paramount concern for companies exchanging business-critical transactions.  A recommended method to ensure a high level of security is to introduce an additional layer to the process: HTTP Proxy.  A previous EXTOL blog discussed some of the benefits provided by a proxy for AS2 transmissions; this will focus on the EXTOL Secure (ESX) Proxy.

It is important to consider that Secure Proxy is not a generalized HTTP proxy to be used for all network traffic.  It is a lightweight, low complexity solution designed to work for AS2 traffic only.  Secure Proxy should be deployed within a “DMZ” where it can perform important security functions such as weeding out insecure and potentially malicious traffic before it ever reaches the firewall.

The most important benefit of Secure Proxy is that it is not necessary to expose the firewall port and address to outside connections.  By monitoring the destination ports (that your customers [trading partners] are sending to), the application can be set to “forward” data to the correct address without your trading partners (or others) knowing of the transfer.

Secure Proxy has other features common to general HTTP proxies such as the ability to accept requests only from ‘White Listed’ addresses. Because it is concerned only with AS2 traffic, Secure Proxy will also automatically reject messages without “AS2 Headers”.  When paired with ESX, Secure Proxy can be configured to check whether (or not) the partner information found in the AS2 header represents a valid and known partnership.  Should an attempt to forward a message be unsuccessful, Secure Proxy can suspend the transmission of asynchronous AS2 messages and automatically retry the connection at a later time.

One thought on “Improving AS2 Security Using Secure Proxy

  1. Pingback: Tweets that mention Improving AS2 Security Using Secure Proxy | EXTOL Technology Blog -- Topsy.com

Leave a Reply

Your email address will not be published. Required fields are marked *


*