Security overview

B2B Advanced Communications provides a multi-layer approach to securing messages and other data with identification, authentication, authorization, confidentiality, data integrity, and non-repudiation.

The security management functions include these commonly accepted aspects of security:

Identification and authentication
Identification is the ability to identify uniquely a user of a system or an application that is running in the system. Authentication is the ability to prove that a user or application is genuinely who that person or what that application claims to be.
Authorization
Authorization protects critical resources in a system by limiting access only to authorized users and their applications. It prevents the unauthorized use of a resource or the use of a resource in an unauthorized manner.
Confidentiality
The confidentiality mechanisms protect sensitive information from unauthorized disclosure.
Data integrity and nonrepudiation
The data integrity and nonrepudiation mechanisms detect whether unauthorized modification of data occurred.

Security mechanisms are standards that are used to ensure secure operations and communications. A mechanism might operate by itself, or with others, to provide a particular service. Some of the security mechanisms that are used by B2B Advanced Communications to keep your data secure are:

  • Authenticating all users and organizations through credentials, such as user name and password pairs.
  • Enforcing session timeout limits after which a user is automatically logged out of B2B Advanced Communications.
  • Ensuring that data is validated each time a trust boundary in crossed. Messages (including payloads) are validated at both entry to and exit from B2B Advanced Communications.
  • Providing access control and authorization for resources and operations by running processes that use accounts with minimal privileges and access rights. Additionally, access to administrative function is restricted to users with Master Account Administrator and System Administrator privileges. Access control also enforces data confidentiality.
  • Predefining access privileges by adding each user to a group for which permissions are assigned by user role.
  • Protecting data at rest by enabling encryption by default and setting properties to provide the necessary default certificates.
  • Using Secure Sockets Layer (SSL) to exchange messages securely over the transport protocol.
  • Setting a connection timeout after which it is disconnected if the connection is not established.
  • Providing secure mechanisms to audit, log, and monitor security-related events. Effective auditing and logging is the key to nonrepudiation. Nonrepudiation ensures that a partner cannot deny sending or receiving a message.
  • AS4 security logging is done by publishing visibility events of the audit event type. These events are published after AS4 security processing and contains the X.509 certificate that was used for digital signature, the digest algorithm, the message digest, the user subject, and the source IP.
  • Establishing trust boundaries to indicate where trust levels change from a perspective of confidentiality and integrity. For example, a change in access control levels in your application, where a specific role or privilege level is required to access a resource or operation, is a change in trust level. Another example is at an entry point in your system where you might not fully trust the data that is passed to the entry point.
  • Identifying trust boundaries from a data flow perspective. For each component, the system considers whether the upstream data flow or user input is trusted, and if it is not, the data flow and input can be authenticated and authorized.
  • Storing user password as encrypted in the database.

B2B Advanced Communications also provides these methods that you can use to secure your data:

  • Ensure message confidentiality by converting the contents to ciphertext with XML encryption. This encryption ensures that data remains private and confidential, and that it cannot be viewed by unauthorized users or eavesdroppers.
  • Ensure message integrity and authentication by signing a message with a digital signature. This signature confirms the source of the message and detect whether the contents were altered in transit.
  • Identify and reject messages that are resubmitted (duplicate messages) to defend against message replay attacks.
  • Use the secure HTTPS protocol to transmit messages when they are transmitted to and from your partners. HTTPS, a combination of Hypertext Transfer Protocol (HTTP) and Secure Sockets Layer (SSL), is the industry standard for securing information that is transmitted between partners.
  • Use SFTP protocol to transfer files between you and your partners. SFTP is a full file system protocol that is secured with Secure Shell (SSH).
  • Set the maximum size of a message request. This message validation measures the message size against the criteria you specify and any request that is larger than the specified size limit is rejected.
  • Set the maximum size of message payloads to prevent denial of service because a large payload is exhausting system resources.
  • Allow user authentication checking through the system or user exit, with either an X.509 certificate or user name token, or both.
  • Allow user credential SSH authentication for SFTP with either a password or public key, or both.
  • Allow the signing of outbound exchanges with an X.509 certificate to ensure message integrity and prevent data modification in transit.
  • Specify that inbound messages must be signed, and specify the signature hash to be used. For NIST compliance, you must specify a higher key strength algorithm (for example, SHA256) in the conformance policy.
  • Ensure high availability of the system for legitimate users. The goal for many attackers in denial of service attacks is to disable an application or overwhelm it so that other users cannot access it.
  • Use digital certificates for identity authentication, and select the certificate that is based on alias name and function usage (such as sign, verify, encrypt, decrypt, SSL client).
  • Allow authentication by using the certificate issuer and serial number to return the unique subject.
  • Allow authentication by using a user name and password token to return the unique subject.
  • Allow authentication by using an X.509 certificate to return the unique subject.
  • Allow authentication by using a certificate subject key identifier or thumbprint to return the unique subject.
  • Allow SSH authentication with an SSH public key.
  • Trust received public certificates by using the configured CA store and Certificate Revocation Lists (CRLs).

  • Create security policies (for AS2) or conformance policies (for AS4) that specify security aspects and settings to secure communication with your partners. Security policies can include whether:

    • HTTP or HTTPS basic authentication is required
    • Signed messages are required
    • Signed Message Disposition Notifications (MDNs) are required
    • Messages are required to be encrypted

These are some effective security methods in B2B Advanced Communications:

  • Use multiple layers of security to circumvent unauthorized interception of data if one layer is bypassed or compromised. For example, use digital signatures to sign your message and also encrypt the message.
  • Give each user the least amount of access control necessary.
  • Use Private Key Infrastructure (PKI) keys and certificates at two levels, the transport level (HTTP transport with SSL or SFTP transport with SSH), and at the message level (by using XML signature and XML encryption elements or SSH authentication).
  • >Set user account policies that define a secure password for your systems. Some things to consider when you create a password policy are:
    • Enforcing password history to establish how frequently old passwords can be reused.
    • Setting a minimum password age to determine how long users must keep a password before they can change it. This minimum age prevents users from bypassing the password policy.
    • Setting a maximum password age to determine how long users can keep a password before they must change it.
    • Setting password length and complexity requirements, such as requiring at least 6 characters.
    • Ensuring your policy is updated and distributed to all users.
    • Establishing regular policy review milestones.
    • Tracking user compliance to the policy and managing policy violations.
    • Associate a user credential with an SSH public key for SSH authentication.