A double firewalled system is disclosed for protecting remote enterprise
servers that provide communication services to telecommunication network
customers from unauthorized third parties. A first router directs all
connection requests to one or more secure web servers, which may utilize
a load balancer to efficiently distribute the session connection load
among a high number of authorized client users. On the network side of
the web servers, a second router directs all connection requests to a
dispatcher server, which routes application server calls to a proxy
server for the application requested. A plurality of data security
protocols are also employed. The protocols provide for an identification
of the user, and an authentication of the user to ensure the user is who
he/she claims to be and a determination of entitlements that the user may
avail themselves of within the enterprise system. Session security is
described, particularly as to the differences between a remote user's
copper wire connection to a legacy system and a user's remote connection
to the enterprise system over a "stateless" public Internet, where each
session is a single transmission, rather than an interval of time between
logon and logoff, as is customary in legacy systems.
