Article

XML firewalls dig deeper than traditional firewalls

Edward Hurley, News Writer

Traditional firewalls work well with traditional traffic, but screening streams of data like XML requires a shift in technology.

FOR MORE INFORMATION:

    Requires Free Membership to View

SearchSecurity news exclusive: "Sorting out the Web services security landscape"

See this archived SearchSecurity.com Webcast "Truth and fiction about Web services security"

See this SearchSecurity.com news exclusive "Web services: Many uses, many worries"

Best Web Links on firewalls

SearchSecurity network and infrastructure expert


Feedback on this story? Send your comments to News Writer Edward Hurley

Web services are driving XML use because these services send and receive data using XML messages that are transported via Simple Object Access Protocol (SOAP). Yet XML traffic presents some of the security challenges that have been major stumbling blocks for Web services projects.

XML firewalls are one piece of the puzzle for making Web services secure.

Traditional firewalls examine header information of passing data to determine if it will be allowed to pass through. But such a cursory inspection won't be enough for XML traffic, all of which will slide through because it looks like general Web traffic.

An XML firewall has to go beyond inspecting the packet or protocol level to examining the actual content of the transmission, said Ron Schmelzer, a senior analyst and founder of Waltham, Mass.-based ZapThink, a firm specializing in Web services and XML. "This is much more complicated as messages have to be decrypted or uncompressed without adding latency," he said.

For example, a SOAP message needs to be examined to make sure it's an authorized request, said Jason Bloomberg, another senior analyst with ZapThink, a firm that specializes in security. Examining the message is even more complicated if part or the entire message is encrypted, he said.

Now, some traditional firewalls can do deeper level inspection of data for jobs like checking for viruses, Bloomberg said. But such inspection is pretty "dumb" as it just looks for strings of bytes that could equate to a virus. Examining XML messages is "an order of magnitude more of a challenge," Bloomberg said.

So far, a few approaches have emerged to answer this challenge. Some vendors have created appliances to act as XML firewalls. This approach has the advantage of maximizing performance, a major concern for these products, Schmelzer said.

Other vendors have taken a software approach. These programs can be installed on an application server or other locations and offer more flexibility in terms of where to install the firewall than a hardware appliance.

No one can definitively say which approach will take off, Schmelzer said. The future of XML firewalls depends on the adoption of XML. Currently, only early adopters from financial services and other vertical markets are using XML firewalls.

Schmelzer and Bloomberg predict XML firewalls won't be mainstream until 2003 or 2004.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: