SECOM Co. Ltd., Japan's largest provider of corporate security services, maintains an Intranet of some 10,000 computer systems. These systems comprise everything from desktop workstations to high-end MIS servers. Consequently, SECOM is confronted with the daunting task of managing and controlling the information and resources within this massive network.
SECOM adopted a strategy of utilizing a high-performance, secure Intranet replacement approach based on DASCOM's IntraVerse technology, which uses DCE from The Open Group.
SECOM's Intranet is partitioned into four distinct functional areas which, for business organizational reasons, are directly aligned to MIS management domains. These are:
The original architecture proved problematic in the following areas:
THE DCE-BASED INTRAVERSE PRODUCT SET ENABLED SECOM TO MIGRATE THEIR NETWORK INFRASTRUCTURE TO A COMPLETE SECURITY ARCHITECTURE INCORPORATING EXISTING LEGACY TCP/IP-BASED SERVICES AND MORE MODERN INTRANET RESOURCE SERVERS WITH BUILT-IN SECURITY.
In light of the above problems, SECOM adopted an Intranet replacement strategy based on the following requirements:
The replacement Intranet architecture was introduced in two phases. In phase one, the existing public and internal Web servers were secured using DASCOM's DCE-based IntraVerse Web server as a secure front-end to provide centralized, fine-grain access control over each of the Web spaces. Four distinct IntraVerse Web servers were installed as security front-ends to the existing Web servers in each of the four administrative domains.
This approach had the advantage of enabling the Webmasters of each secure domain to maintain their existing document space with an instant fine-grain access control mechanism.
Clients wishing to gain access to restricted portions of the newly-secured document space now do so via the IntraVerse WebSEAT DCE-based security client (available for download from each of the Web servers). The WebSEAT software provides a mechanism for commercial off-the-shelf browsers to gain secure access to restricted document spaces.
In phase two, the conventional firewalls are replaced with DCE-based IntraVerse NetSEAL distributed firewalls. NetSEAL software enables network administrators of a secure domain to maintain a high level of secure access to existing, legacy Internet services (FTP, Telnet, News etc.).
In addition, the WebSEATs deployed in phase one are replaced by NetSEAT software to provide mutual authentication between clients and servers for every Internet service across the organization.
In summary, the DCE-based IntraVerse product set enabled SECOM to migrate their network infrastructure to a complete security architecture incorporating existing legacy TCP/IP-based services and more modern Intranet resource servers with built-in security. The IntraVerse software also enabled a mapping of SECOM's security policy to the DCE access control framework, something not possible with existing firewall technologies.