PLANTEAMIENTO DEL PROBLEMA

XML firewall is a proxy, which performs security services such as authentication, authorisation, auditing and XML validation at message level, in order to secure XML traffic before it reaches service providers in an application server (Patterson, 2007). According to Marks (2008), XML firewall is a policy enforcement point (PEP) responsible for enforcing policies and security for Web services.

79

Network firewalls are well known for protection against malicious attacks on organisations‟ networks, but they are incapable of providing information security for Web services (Gralla, 2002). Gralla (2002) also found that network firewalls can only examine a message at packet level, but they cannot examine the contents of the Web service message that may carry malicious content. Network firewalls protect an organisational network by blocking network traffic at certain points, which include:

 Certain ports, excluding port 80, which is responsible for HTTP network traffic, and port 443, which is responsible for HTTPs network traffic.

 Defined IP addresses.

 Those based on the characteristics of traffic usage.

Gralla (2002) found that network firewalls cannot secure Web services because they are designed to use HTTP and HTTPS ports. This loophole brought the need for a firewall that can provide message level security. Thus an XML firewall was developed, able to analyse and examine message packets that have Simple Object Access Protocol (SOAP), Universal Description, and Discovery and Integration (UDDI) (Gralla, 2002). SOAP and UDDI are standards used for the transfer of messages in services providers and service consumers. Chapter 2 outlined these terms as follows:

 UDDI is an entity that provides a mechanism which helps service consumers to locate services. It is an example of a service registry and is referred to as a directory for storing information about Web services (Patterson, 2007).

 SOAP is a standard for formatting XML messages used in the information exchange process between the service consumer and service provider.

SOAP is also referred to as a communication protocol that acts as a container for XML messages transferred between the service consumer and service provider (Paterson, 2007).

Furthermore, Patterson (2007) outlines that XML firewalls can enforce information security services such as authentication, authorisation and auditing. These

80

information security services are defined in Chapter 4. An XML firewall is regarded as the simplest method of protecting Web services because it serves as the first point of contact before the message reaches the service in the server. However, services may still be in danger if the XML firewall is not configured, tested and deployed in a secure manner. Besides securing Web services, it is also responsible for network traffic performance, scalability and monitoring (Patterson, 2007).

XML firewalls are also responsible for examining the SOAP headers and XML tags of the message transported between the service and the consumer (Gralla, 2002).

After the message examination, based on the contents of the message, an XML firewall may take action such as blocking the message, sending it to other channels for advanced examination, or allowing it go through. Since XML Firewalls can examine Web service metadata and the functionality provided by Web services, they can perform authentication using the requester and recipient information found in Web service metadata. In terms of policies, XML firewalls can be used for enforcing governance policies and to ensure that XML-based attacks and viruses do not affect policies (Marks, 2008). XML Firewalls can also provide real-time monitoring, authorisation and reporting for auditing purposes (Patterson, 2007).

There are two types of XML firewalls, a standalone XML firewall device and XML firewall software. The former is normally referred to as „XML security gateway‟ and it has features of a network firewall (Patterson, 2007). The latter has lower costs but as Web services mature and organisations merge to create a large consortium, it becomes difficult to manage security standards and policies using it (Patterson, 2007).

According to Patterson (2007), benefits of using a standalone XML firewall are:

 Performance: the device accelerates the encryption and decryption process, which is a basic measure of XML security.

81

 Scalability: it can handle a large number of transactions without assistance from servers. Implementing it can reduce the number of application servers in organisations and they are easy to replace. Furthermore, depending on the vendor, some provide firewall functionalities (Gralla, 2002).

 Security: it is a security platform that protects vulnerable application servers against Web service attacks. This gives service developers a benefit of excluding security logic in service applications.

 Interoperability: as Web service evolves in organisations, there may be change in security standards and transport mediums. A standalone XML firewall is flexible and can translate across multiple security and transport standards.

 Monitoring: It provides a central point for auditing transferred messages, since Web service traffic passes through it before reaching the service providers (Patterson, 2007). It can be configured to notify relevant parties if there is an attempted service attack.

 Manageability: If an organisation implements few high-capacity standalone XML firewalls, it can reduce the number of security enforcement points.

Fewer XML firewalls in an organisation are easily managed and can reduce maintenance costs.

These benefits give a standalone XML firewall device a greater preference over XML firewall software.

The XML firewall is defined as a proxy that provides security services at a message level (Patterson, 2007). Gralla (2002) regards an XML Firewall as an SOA governance tool that follows the message-level security approach because it provides information security at message level.