 |
Forum XWall™ |
 |
|
Forum XWall™ is the industry's first Web Services Firewall equipped with data authentication as well as XML intrusion prevention to actively protect against XML viruses, data corruption and denial of Web service attacks. Forum XWall™ ensures critical applications are appropriately accessible and continuously available by allowing network administrators to enforce perimeter policies that check the integrity of data and control access to exposed enterprise Web services.
Today's network firewall's are blind to Web services because ports 80 and 443 are open to HTTP traffic, allowing SOAP and XML messages to flow undetected into a company's internal network. The security challenge becomes even greater as hackers bury malicious commands and data within Web services.
Only by decrypting the communications channel (e.g. Secure Sockets Layer sessions) and simultaneously checking the content of the messages can the network protect itself from hidden threats. Forum's Web Services Firewall peers into the "XML packet" using a unique blend of threat detection and real-time preventative countermeasures.
Major Web Services Threat Categories
- Vulnerability discovery: Similar to a thief searching for an open window or unlocked door, revealing internal weaknesses and exposures. E.g. WSDL scanning.
- Probing attacks: Similar to a thief jumping over the fence and then running back out, stealing bits and pieces of information. E.g. Parameter Tampering and Replay Attacks.
- Coercive Parsing: Similar to a thief cutting the wires to a core system of a house - the XML parser - in order to gain access. E.g. Recursive Payloads, Oversize Payloads and Denial of Web service Attacks.
- External Reference Attack: Similar to letting a stranger into your house who you think is a friend. E.g. External URI Reference.
- Malicious Content: Similar to a thief delivering a misleading package that results in stolen identities, information leaks and fraudulent transactions. E.g. Schema Poisoning and SQL Injections.
|
 |
 |
 |
 |
Forum XWall™ Benefits |
|
|
| XML INTRUSION PREVENTION |
 |
Recognize attacks based on knowledge of Web services operations, users, and messages
|
|
Systematically inspect and categorize SOAP and XML traffic for risk to the enterprise
|
|
Protect against vulnerabilities associated with XML parsers, .Net and J2EE frameworks
|
|
| WEB SERVICES CONTROL |
|
Decide whether or not individual XML/SOAP messages, API's Users and URL's may gain access (read, write, or execute privileges) to enterprise Web services
|
|
Create an audit trail that records exactly who did what, how and where
|
|
Monitor the activity of transactions from the transport, session, to the data-level
|
|
Track usage, failures and other statistics as well as generate reports
|
|
| DATA INTEGRITY ENFORCEMENT |
|
Check raw XML and SOAP messages for conformance to XML Schemas, WS-I Basic Profile as well as customized filtration and data-validation rules - catch data entry errors early before they reach the application
|
|
Block external references and rely on sanitized pre-fetched or approved content when de-referencing URI's
|
|
WS-I Basic Profile Conformance checks
|
|
HIGHER PERFOMANCE /
LOWER TCO |
|
Offload processing from application servers and back-office systems to lower total cost of ownership of service-oriented architecture
|
|
Avoid costly decentralized patching of application servers and machines to cover new exploits
|
|
Centralized data validation removes the processing burden from application servers and ensures peak application performance
|
|
|
|
|
© Copyright 2001-2008, Forum Systems, Inc. All rights reserved.
Press Releases
