Firewall Wizards mailing list archives
Re: Web Services and Firewall/Network Architecture
From: Karl <karl.mueller () asolutions com>
Date: Thu, 20 Mar 2008 14:13:21 -0500
We've done some work in this area. Basically, you implement a "front-side" Service Bus (ESB in SOA parlance) in your DMZ that exposes (read "hosts") "Enterprise Services" to your public consumers. These "Enterprise Services" in turn consume, aggregate, mitigate, bingo! and return the interesting protected business services in your environment that provide the data your public customers are looking for. Essentially its another abstraction layer.
Regards.. -karl Ginski, Richard J wrote:
Hi All,There’s talk in our org to directly interface one of our back-end servers to provide web services for external entities via the Internet. On the surface, this is a risky option for me. Although firewall “protected”, I don’t want a “protected device” directly interacting with web service “consumers” from the Internet. It sounds like a bad idea to me.I have been searching around looking for sample diagrams (etc) on environments that support Web Services. I am trying to determine where stuff goes in this environment and how a firewall/DMZ fit into the picture. Can anyone point me to where info would be available for this? I’ve checked the archives for the past year and checked at OASIS, W3C, OWASP, and XML.com, with no luck. The “web services sites” focus on coding practices, coding architecture, and coding frameworks. Although very important, it’s not the info I am looking for. We are trying to determine how web services fit in our environment using best practices in network design and network security to support web services.Any help would be greatly appreciated. TIA! ------------------------------------------------------------------------ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Web Services and Firewall/Network Architecture Ginski, Richard J (Mar 20)
- Re: Web Services and Firewall/Network Architecture ArkanoiD (Mar 24)
- Re: Web Services and Firewall/Network Architecture Darden, Patrick S. (Mar 24)
- Re: Web Services and Firewall/Network Architecture Karl (Mar 24)
- Re: Web Services and Firewall/Network Architecture Dan Lynch (Mar 26)
- Re: Web Services and Firewall/Network Architecture Ginski, Richard J (Mar 26)