RE: XML Firewall

["Peter, Matthew F." <matt.peter () capgemini com>]

To add to this,

We have deployed IBM DataPower as an XML Firewall for a number of
customers. Its typically deployed around the edges of a network. The
documentation can give you more specifics, but its two major advantage
categories are:

- Offload XML Processing to firmware: All encryption, decryption,
authorization, etc is done on the appliance at wirespeed rather than an
application server, which can be a big performance hit in traditional
deployments

- Content based AAA: A variety of different security policies can be
defined and incorporated into legacy systems. For a quick example, if a
legacy service uses HTTP Basic, this can be transformed into a SAML or
WS-Security artifact to be processed by a backend system, or
authenticated against a Radius server.

It can also protect against DOS attacks, XML based SQL injection, and
virus scanning of encoded content, to name just a few features.

http://www-306.ibm.com/software/integration/datapower/library/index.html
http://www.redbooks.ibm.com/abstracts/redp4327.html

~ Matt

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Logan Douglas
Sent: Monday, March 24, 2008 6:03 PM
To: security-basics () securityfocus com
Subject: Re: XML Firewall

hi

check out http://en.wikipedia.org/wiki/XML_appliance

An XML appliance is a separate computer system with deliberately narrow
functionality that exchanges XML messages with other computer systems.
XML appliances secure, accelerate and route XML so enterprises can
cost-effectively realize its full potential for messaging and
service-oriented architectures (SOAs). They are designed specifically to
be easy to install, configure and manage. While some XML appliances must
rely on specialized hardware and software to accelerate the processing
of XML messages, others accomplish the same tasks using standards-based
hardware and operating systems.

http://en.wikipedia.org/wiki/XML_firewall


First brought to market by Forum Systems[citation needed], an XML
firewall is a specialized firewall used to provide security for XML
messaging such as Web services. XML firewalls are types of XML
appliances that are separated from internal computer systems and
frequently reside in an organization's DMZ.

I hope this helps :)

Regards,
SSANZ

***************************************

Server Systems Administration NZ

Server Security | Server Systems Management

ServerSystemsAdministration.COM | SSANZ.NET | ServerSecurityNZ.COM

***************************************


Quoting wuggy77 () msn com:

> I have been around the security block, but obviously I have not been  
>  exposed to everything because I was asked to research an XML   
> Firewall.  I have never heard of an XML Firewall and so I wanted to   
> start by getting some input on what an XML Firewall is supposed to   
> do.  I am not opposed to doing some reading so if anyone has some   
> good links to sites that explain these devices I will be happy to   
> look it up.  Secondly I would like to recieve some recommendation as  
> to what would be considered good XML firewall.




This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It 
is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized 
to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  
message in error, please notify the sender immediately and delete all  copies of this message.