XML Adds Muscle to New Firewalls
Stubborn security issues have kept a great many enterprises from deploying Web services outside their firewalls.
With no tried-and-true (or even agreed-upon) methods to secure XML messages and schemas, the march toward Web services has been halting and unsteady, despite the efforts of standards organizations to develop frameworks to secure Web services.
Hoping to move things along, Forum Systems Inc. and Reactivity Inc. last month showcased firewall products at Demo in Scottsdale, Ariz. The Forum and Reactivity offerings are the first eWEEK Labs has seen that are specifically geared to protect Web servicesand its about time. Todays network firewalls and intrusion prevention systems cannot detect XML viruses, parser attacks and schema poisoning.
The lack of a guaranteed level of trust between enterprise Web services deployments represents a major stumbling block to widespread Web services deployment beyond the enterprise. Take one look at public-key infrastructure, which struggled for years to gain acceptance, and it should be obvious that Web services security issues must be resolved for the technology to become ubiquitous beyond enterprise borders.
Although XML-specific firewalls likely wont herald unprecedented numbers of new enterprise Web services deployments, defending the network perimeter from malicious activity is a start.
During its demonstration at the conference, Forum, of Sandy, Utah, launched the XWallT Web Services Firewall, which it hailed as the first firewall for Web services. The XWallT, available now, comes in software priced at $2,500, PCI card for $5,000 or $9,995 for a hardware appliance.
The XWallT Web Services Firewall scans WSDL (Web Services Description Language) schemas and XML messages to detect XML-related threats and to prevent intrusion. The firewall, which is aimed at the small and midsize business market segment, also recognizes attacks based on knowledge of Web services operations, users and XML and SOAP (Simple Object Access Protocol) messages using signature threat detection capabilities.
While Forum is targeting smaller organizations, Reactivity, of Santa Clara, Calif., is focused on securing large-scale enterprise Web services deployments.
Reactivity used its Demo slot to show the Reactivity XML Firewall 2300, an XML Web services security appliance that applies multiple security policies to bring granularity to Web services security. The Reactivity XML Firewall 2300 is available now; pricing starts at $50,000.
The Reactivity XML Firewall 2300 handles Secure Sockets Layer termination, as well as authentication and authorization to control access to Web services.
During a demonstration of the appliance, we were pleased to see that the Reactivity XML Firewall 2300 prevents malicious activity by performing data validation on requests from external systems. And for companies still trying to decide on a Web services security framework, the XML Firewall 2300 supports all existing and evolving Web services standards, including SOAP 1.1 and 1.2, SOAP with attachments, Security Assertion Markup Language, WSDL, and WS-Security.
Senior Writer Anne Chen can be reached at firstname.lastname@example.org.