Service Domain Security
The solution includes dedicated firewall platforms providing protection with more intelligence. The firewall understands the signaling and can perform inspection and validation on a deep level. For DNS services a DNS Application Layer Gateway (ALG) is screening all requests and enable blocking of malicious traffic. For IMS platforms the firewall includes a back-2-back user-agent performing stateful handling, inspection and validation of SIP signaling.
For secure traffic request to for instance a Secure Webservices server the firewall is able to host the certificate of the destination server inside the firewall, enabling it to decrypt the traffic and preforming full inspection before delivering the requests to the web-severs. This not only enables a layer of security it also offloads the web-server infrastructure as encryption there is now optional.
With this layer of protection in front of the service domain the CSP can be sure that all traffic is screened and validated. In addition, traffic overload situations can be mitigated using smart shaping strategies.
Protects critical systems