Customer Center and Support | Global Sites | Partners | Resource Center
IndustriesProductsServicesCustomersAbout
 

Sterling Secure Proxy

The Internet remains risky for file transfer
While the Internet provides organizations with an attractive channel for file transfer, it is vulnerable to external attacks. These increasingly sophisticated attacks include man-in-the-middle, denial-of-service, and eavesdropping, and often lead to the loss of consumer information that can put your business at risk.

Sterling Secure Proxy increases perimeter security
Sterling Secure Proxy is a demilitarized zone (DMZ)-based application proxy that protects your file transfers from the public Internet, by enforcing tight controls that include trading-partner authorization, multi-factor authentication and session break all before the transfer ever enters your trusted zone. Sterling Secure Proxy will help you:

  • Protect your brand and enhance customer confidence and loyalty by securing transfers with multi-factor authentication
  • Pass stringent security audits by implementing session break, authorization and non-staged data in the DMZ
  • Reduce the cost of leased lines by safely leveraging the Internet

Capability

Description

Application proxy
  • Resides in the demilitarized zone (DMZ)
  • Meets customer requirements for all-electronic data transfer
  • Supports FTP, FTPS, HTTP, HTTPS, SSH/SFTP, PeSIT and Connect:Direct protocols
  • Supports Connect:Direct, Connect Express and Sterling Integrator servers

Firewall navigation best practices

  • Prevents inbound holes in the firewall
  • Minimizes rich targets in the DMZ by ensuring that files, user credentials and data are not stored in the DMZ
  • Establishes sessions from more-trusted to less-trusted zones
  • Enforces internal and external security policies

Perimeter security
  • Session break and protocol validation: Prevents direct communications between internal and external sessions by establishing SSL session breaks in the DMZ. Inspects protocol and sensitive control information, enabling configurable error handling for protocol violations
  • Certificate validation and authentication: Authenticates incoming connections using the SSL or TLS protocol. Exchanges and validates certificates prior to allowing a separate connection to the trusted zone
  • Multifactor authentication: Enforces tight controls with strong validation of trading partner identity in the DMZ using IP address, CRL checks, and custom lookups with options to interface with external user databases such as LDAP, Active Directory and Tivoli Access Manager
  • Session limits and data encryption: Ensures business continuity and guards against Denial-of-Service attacks with support for SSL and TLS encryption algorithms
  • User ID mapping: Protects internal applications by mapping trading partner user IDs and passwords to user IDs and passwords valid for internal systems

Clustering
  • One central configuration manager pushes out configuration rules to multiple engines running in the DMZ, making it easy to scale
  • Clustering for high availability and load balancing  provides operational continuity and improved performance



More information
Sterling Secure Proxy Capabilities Brief

Request Information