XML Firewalls: Taking the Holistic Approach to Security

Posted by Gary E Smith - THE SOA NETWORK at Monday, May 07, 2007 7:08 AM and is filed under White Paper




XML Firewalls: Taking the Holistic Approach to Security

"SOA has been the buzzword for long enough for it to cease to be a buzzword and become a mandatory part of any organisation's strategy. While SOA offers a great deal, it is not a technology, rather an underlying framework, and Web services is the principal SOA platform to be used by businesses to automate business processes, E-governance, financial trading and so on.


However, while providing advanced business functionality, Web services introduce significant security challenges than need to be managed, says the SANS Institute report. The report, authored by Don Patterson, states that the threats have brought about the need for sophisticated application layer firewalls that can "scan deep into the packets' payload and examine Simple Object Access Protocol (SOAP), Universal Description, Discovery and Integration (UDDI), Security Assertion Mark-up Language (SAML) or other Web service protocols for attacks." Enter XML firewalls or gateways.


XML firewalls perform a variety of functions like authentication, authorization, auditing, XML schema validation and more, but the report warns that unless securely deployed, configured, and tested, Web service threats will still pose the same risk.


The paper lists the best practices for configuring an XML security gateway device and recommended security testing procedures for effective control over security. "Since security will always be a moving target, the deployment of an XML gateway should not be considered "bullet-proof". Rather than having an unrealistic sense of security, organisations should adapt this technology to their overall security strategy and architecture to ensure a more holistic approach for defending against the enemy at the gate," concludes the report. "

SOURCE: JAX Magazine

XML Firewall Architecture and Best Practices for Configuration and Auditing (No Registration Required)



____________________________________________




____________________________________________

>> Back to Main Page

Gary E. Smith
SOA Security Architect - Securing SOA in a Connected World
Check out THE SOA NETWORK for the latest SOA NEWS

 del.icio.us  Stumbleupon  Technorati  Digg 

 
Trackbacks
Trackback specific URL for this entry
  • Trackbacks are closed for this entry.
Comments
  • No comments exist for this entry.
Leave a comment

Comments are closed.