- +
ARN's A-Z guide to networking 19 December, 2007 14:50:54
As business needs change, so do the requirements for the business backbone. ARN looks at networking trends and technologies and reports on predictions for 2008 and beyond. - +
Business continuity 09 November, 2007 17:09:55
Click here for case studies, whitepapers and other useful vendor content Newsletter Subscription
Clear text messages used in transferring applications via Web services can potentially slip through existing security hardware allowing malformed code to run rampant within organizations.
Typically malicious code such as Trojans and worms are detected at the gateway; however, current XML and SOAP attachments (Simple Object Access Protocol) can potentially allow threats to enter the network, as well as information leakage.
Dean Dierickx, Asia-Pacific director of Forum Systems, said existing firewalls are blind to XML- and SOAP-based messages.
"Adding to the problem is security controls built into Web services applications, which offer a compromise in performance and as a result are systematically being turned off," Dierickx said.
"Because some tools allow developers to write security (like access control) into layers and because of how much demand it makes on the application server, the number of CPUs to parse and validate bogs down application performance; system operators are turning the security off because of application degradation issues."
Dierickx said the likes of Microsoft and BEA have made it easy to write Web services and security problems are now surfacing.
"We are now hearing of Schema poisoning and XML perimeter tampering, and probably another 12 different ways for Web services application breaches to [appear]," he said.
"For companies writing Web services applications using SOAP with attachments, systems need to be set up to scan and detect code coming in on an XML payload, because no existing infrastructure can detect if a company has been breached."
Amer Qureshi, director of Forum systems field operations, said scanning attachments for Web services applications is vital at the network perimeter, before the applications are allowed into the enterprise infrastructure.
"XML attachments work the same as e-mail, but there are no application servers exchanging information and people interact directly with the application; the attachments can be anything so it is vital to scan these documents at the edge of the perimeter before they are let inside the infrastructure."
Crossbeam Systems, in partnership with Forum Systems, released their unified threat management solution X-Series across Australia this week The X-Series is a three-blade chassis offering VPN, IDS/IPS, antivirus, HTTP scanning, URL filtering, Web Firewall, Application Firewall and XML firewall.
ARN Member Login
ARN Panel Sessions: Day 3The last of our panel sessions recorded live at CeBIT 2008. Today, the topic is storage. Data is growing at an enormous rate, so what does the future hold?
IFA: LG's newest TV includes BluetoothBluetooth will be installed in models in LG's PG7000-series plasma sets and LG7000-series LCD sets, which are due on sale across Europe before the end of September.
Brian's bloopersIt takes a long time to produce an episode of Channel Watch. Maybe you'll understand why after watching this...
When an IT disaster occurs, how handy it would be to push a button and start again as if nothing had happened.
Discover and learn more about CA XOSoft today.
Tumbleweed appoints O2 Networks to its Australian Channel Partner Program 29 August, 2008 12:31:00
HP ProCurve Brings Big Business Gigabit Switching Features to Small Businesses 29 August, 2008 12:00:00
GlobalConnect Provides Treatment for Healthcare Provider’s Contact Support Requirements 29 August, 2008 09:59:00
Sybase and Logica Partner To Mobilise The Supply Chain 29 August, 2008 09:47:00
New global landscape for qualitative researchers with Spanish and Chinese software releases 29 August, 2008 09:34:00
Bankstown Council streamlines their IT with Microsoft® Windows Server® 2008
Deciding it was time for more streamlined operations, Bankstown Council teamed up with OSS Infotech, a Microsoft Gold Certified Partner. The solution included Microsoft Windows Server, Microsoft SQL Server® and Microsoft Exchange®.
Subscribe to ARN
