STARX25
Table of contents

STARX25 Introduction

STARX25 is a unique access control system and application development tool for X25 networks.

Thanks to its high level language, it is possible to design highly reliable applications in record time.

STARX25 includes a powerful configurator to help design STARX25 applications, a database and a real-time application processor. STARX25 also features an optional backup system ready in case of hardware, software or network failure.

STARX25 can authenticate users either using an advanced password database and/or DES-based authentication in conjunction with various DES tokens and Smart Cards.

X25 Network-level tests enable to discard any unwanted packets. X25 packet processing functions enable powerful applications while remaining transparent to server applications.

STARX25 also supports X25 redirecting switches to increase capacity and seamless integration into X25 networks. ACTANE has been an active promoter and developer of redirecting protocols for X25 switch manufacturers.

STARX25 enables extensive event logging and alarm generation, it is managed through its console and remotely (secured by STARX25). STARX25 can generate any type of custom log file format.

ACTANE can develop custom STARX25 applications and/or train engineers to develop and maintain their own applications.

With more than 400 systems installed mostly in France, STARX25 is the leader of X25 access control since 1989 with more than 90% market share. STARX25 is widely used in most of the French government agencies that have secured access to their X25 networks. Among them are France TELECOM, TRANSPAC (a France Telecom subsidiary operating the world largest X25 network), La CNAM (French social security and biggest French HMO), La Poste (French Postal Service), The European Parliament and many others.

STARX25 is Y2K compliant.

STARX25 is used in business-critical 365 days/year X25 networks and its reliability is one of its major features thanks to ten years of intensive testing.

STARX25 And X25 Network Security

STARX25 acts as an X25 firewall and ante-server.

Logically, STARX25 is a security gateway between X25 subscribers and X25 applications and services.

STARX25 enable network administrators to:

- Provide X25 network users logging, presentation and user-level call routing
- Manage X25 network users profiles
- Protects X25 network applications from unauthorized access
- Mask network numbering to X25 network terminal users
- Setup Multi-level access-control policies
- Authenticate users using advanced password databases
- Authenticate users using Smart Cards and other cryptographic tokens (option)
- Etc.

Once users are authenticated and have selected their desired application, STARX25 can route or redirect the communication to the destination server.

X25 Redirection Basics

X25 redirection enables an X25 application to redirect a communication to a target X25 server by issuing to X25 network a redirection request. This operation is transparent to the end-user (X25 subscriber).

Redirection is controlled by a first application (redirector) that instructs the X25 switch to redirect the communication to another application (target).

Redirection is transparent to the X25 subscriber (usually the caller) who is not informed that a redirection took place nor can control redirection in any way.

Redirection typically enable ante-server application such as STARX25 to control communications while remaining very efficient once the communication has been validated by relying on X25 switches for X25 data-packet exchange.

There are different types of redirection protocols more or less sophisticated; some are proprietary to X25 switch manufacturers. STARX25 handles most types of proprietary redirection protocols. ACTANE has been involved in definition of redirection protocols and has contributed to enhance basic redirection in a number of X25 switches.

The basic X29 reselection is a non-proprietary redirection and should be implemented by most PAD (Packet Assembly Disassembly).

X29 reselection only enables to modify X25 called address (the addressee) while other proprietary X25 redirection protocols may enable to modify X25 caller address, X25 caller data and protocol identifier.

STARX25 can also act as an X25 switch when redirection not available or not enough sophisticated to handle particular functions such as for example X25 facilities modifications. This mode also enables to fully control all packets for the duration of the communication thus enabling any imaginable treatment. STARX25 can handle simultaneously any type of redirection or X25 switching.

STARX25 Overview

STARX25 runs on PC/AT and compatible computers using X25 network interfaces. STARX25 is connected to the X25 network through up to 16 X25 interfaces.

With the STARX25 language a custom application can contain any of the following features depending on the amount of time available for development:

·  Extensive call packet analysis (caller address, called address, data, protocol identifier, facilities).

·  X29 reselection, X29m Videopad Redirection with private parameters handling.

·  X25 switching with data control and modification for example for an automatic logging on the target server.

·  Date and Time management.

·  Database to store any large number of sorted user oriented data (addresses, user id and passwords, etc.).

·  Automatic update of the backup system database or another distant site.

·  Advanced password management (disabling after a number of consecutive wrong entries, force password modification after a given period, dictionary of forbidden passwords, no reuse of previously used password by a given user).

·  User authentication using DES-Tokens (requires the Authentication extension).

·  Event logging and alarm generation at any point (any number of logs per connection) for example, connection discarded or accepted, server connection errors, etc..

·  Log and Alarm formatting for any text based application. SNMPv1 format can be generated and sent over UDP.

·  IP/UDP protocol using RFC 877 (IP over X25).

·  Connection Discard against any condition that can be tested by the system.

·  And much more.

STARX25 Architecture

STARX25 is a self-contained system and application containing a mailbox-based real-time multitask operating system called "LinkOS". This OS enables a seamless operation with multiple communications enabling the network administrator to define the application just as if there was only one X25 communication. The system will then automatically handle multiple calls as multiple instances of the same application.

The database runs as a separate process under DESQview that enable to handle multiple DOS processes. The database can then be queried by the STARX25 application through its high-level language. DOSCOM is a system tool developed by ACTANE to enable inter-process communications under DESQview.

DOS is used for file access, date and time, and user-interface functions.

STARX25 components use a multi-window text-based user interface with very intuitive features.

To define an application, the network administrator uses a high-level language with built-in X25 capabilities, a powerful set of database access functions, time management functions, system file access, etc.

The set of functions that define STARX25 can be edited using any text-based editor or using the STARX25 configurator with its powerful commands and instructions wizards. The configuration is compiled in real-time under the STARX25 Configurator or is compiled with the parser that runs as a separate application if the configuration is edited use a text editor. The result of such compilation is a STARX25 Configuration file that can be launched under STARX25 application.

The STARX25 application can runs simultaneously multiple configurations to enable seamless transition from a configuration to a new release. Only the last configuration launched will handle new incoming calls while other configuration will continue to run until they no longer have any communication to handle.

Configurations can be sent and launched through the network using STARX25 built-in agent, which access is controlled by a STARX25 configuration itself. Multiple agents can run simultaneously enabling multi-management and avoiding management access conflicts.

STARX25 can handle up to 8 X25 boards with two X25 lines enabling up to 16 X25 lines. Usually two lines on one board is enough, the first line will be connected to the network, the second line will be connected to the optional backup system either directly or through the network.

STARX25 Backup System

The optional backup system runs the same configurations as its master system automatically when the X25 connection is established between the two systems. When a configuration is launched on one system, it is automatically transferred and launched over the network on the other system. Databases can be updated in real-time using a special set of functions that have to be included into the configuration.

STARX25 Into the X25 Network

STARX25 can be connected to an X25 switch through one X25 line; the second line is typically used to connect to either a redundant link on another X25 switch or to the optional STARX25 backup system.

X25 switched will be configured to route all incoming calls to STARX25 or its optional backup system. Doing so can be done by inserting a one digit prefix to X121 addresses or by any other mean available within a specific X25 network. Then STARX25 will authenticate and authorize or reject user after what it will redirect the communication to the desired X121 address after appropriate suppression of the prefix enabling to reach the destination address. X29 PADS can be configured to force the X121 address of STARX25, which will then query the end-user for its destination and verify its identity and rights to the application.

As a security access control system, STARX25 contain security information such as passwords, X121 addresses, user profiles, etc. As such the security level of the network will depend upon at least on STARX25 physical access. X25 switches that are configured to force incoming calls to STARX25 should also be considered as part of this logical access control system. STARX25 provides basic console password protection but most cases physical access to the system itself will be required.

Hardware Requirements

Standard PC/AT 486 DX2/66 or higher
8 Mega Byte DRAM
200 Mega Byte Hard Disk Drive
1.44Mb (3"1/2) Floppy Disk Drive
1 or more X25 user boards (Newbridge or Elios)
UPS (recommended)

Software Requirements

MSDOS 3.3 or higher,
Quarterdeck QEMM,
QuarterDeck DESQVIEW 386


ACTANE Home Page

Copyright (c) 1986-2003 ACTANE, All brands are (registered) trademarks of their respective owners.