Re: XML firewall/gateway needed

From: Theodoros Assimakopoulos (theo@xelmos.com)
Date: Fri Jun 04 2004 - 09:44:04 EDT

• Next message: Gadi Evron: "Re: USB delivered attacks"
• Previous message: Kurt Seifried: "Re: USB delivered attacks"
• Maybe in reply to: Erwin van der Zwan: "XML firewall/gateway needed"
• Next in thread: Larry Vezz: "Re: XML firewall/gateway needed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Erwin,

our company does security testing and evaluation of products and
solutions for security product manufacturers and for their customers,
very often in preparation for the potential use of these products in
telecommunications. Quit recently, we evaluated for a large
installation in telecoms an XML/SOAP Firewall product
from Xtradyne Technologies, (look at: http://www.xtradyne.com)
They call it Web Services Domain Boundary Controller. It is a software
product for Unix and Linux platforms and provides, roughly speaking,
deep packet inspection firewalling and detailed WS-Security, including
things such as XML Encryption and XML Digital Signature, but also things
such as Schema checking, access control down to single operations and
even parameter values. Not only the rich and mature functionality was
convincing, but also the solutions regarding the practical issues
typical for large enterprises, such as high-availabilty and scalability.
As far as I can see it does perfectly all the things you mention.
Particularly, I remember a nice feature: they can generate Schemas from
the WSDL descriptions and then perform really detailed controls based on
these Schemas.
This gateway is a control point where each message is stopped, checked,
and passed further only if permitted by the security policy. Of course,
they support the use of public key certificates, but I think that's
something all these products of this type do.

Cheers,
Theodoros

>From: Erwin van der Zwan <erwin.zwan-van-der_at_siemens.nl>
>To: pen-test_at_securityfocus.com
>Subject: XML firewall/gateway needed
>
>
>
>Hi list,
>
>Does anybody know a good solution/product which can act as a XML/SOAP
secure proxy. Thus validating the namespace/method combination,
verifying the XML message against a given WDSL template, block error
messages, terminate the XML session and initiate a new one to the back
office server and provide optionally support for secure XML as well
(XMLDsig and XMLEnc) using certificates?
>
>I know this might not be the right list but here is where lots of
experts hangout :-)
>
>Erwin

-- 
Theodoros Assimakopoulos
XELMOS Technologies GmbH,      Tel: +49 (0)30 5304 1720
Ostendstr. 25                  Fax: +49 (0)30 5304 1729
D-12459 Berlin, Germany     Mobile: +49 (0)175 6015 009
http://www.xelmos.com        email: theo@xelmos.com

• Next message: Gadi Evron: "Re: USB delivered attacks"
• Previous message: Kurt Seifried: "Re: USB delivered attacks"
• Maybe in reply to: Erwin van der Zwan: "XML firewall/gateway needed"
• Next in thread: Larry Vezz: "Re: XML firewall/gateway needed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:55 EDT