Introduction
Building on the global adoption of Transmission Control Protocol/Internet Protocol (TCP/IP) and Hypertext Transfer Protocol (HTTP), a new class of mission critical applications, called Web Services, are emerging in enterprises and governments world wide. Web Services are based on the eXtensible Markup Language (XML). They rely on existing web protocols such as HTTP and portable XML messages (called Simple Object Access Protocol) to enable application-to-application communication for a wide range of mission critical enterprise applications.

However, security has become a main concern of enterprises looking to reap the integration benefits of XML. This is due in part to the open nature of Web Services as well as to their use of port 80 in current network infrastructures. New security technologies have surfaced at the application and network layers to address XML Web Services security requirements. Among them are network based security systems such as Firewalls, NIDS (Intrusion Detection System), and recently NIPS (Intrusion Prevention System). Enterprises are deploying these solutions to protect against XML threats, both known and unknown, and to improve network uptime. Specific application protection technologies such as Web Application Proxy Firewalls have emerged in a network appliance form factor. Increasingly, other network devices such as switches and routers are including security as an integral component as part of layered defense against attacks and vulnerabilities.

Yet these traditional network protection systems fail to provide comprehensive coverage for the new Web Services based threats as indicated in figure 1.1 Unlike the earlier Web enabled applications, which use HTTP on top of IP as the primary source of communication, Web Services use an additional application layer of XML. This additional XML application layer, with its corresponding standards such as Simple Object Access Protocol (SOAP) and Web Services Description Language (WSDL), allows application logic from proprietary applications to easily communicate in a standard fashion. Web services traffic can be used readily by business systems running critical applications, making this problem especially acute for an enterprise, regardless of the traffic volume.

Like its TCP/IP and HTTP predecessors, XML has become an important communication standard for the enterprise2. However, there are some key differences that make protecting XML Web Services flows especially challenging.

• Real-time threats for XML and Web Services are more complex than those of network protocols, making XML threats much more difficult to investigate. XML can be considered executable rather than static and carries with it a unique combination of semantic and structural threats. Also, the variation in file sizes (up to hundreds of megabytes), the lack of a single Figure 2. Web Services Architecture XML Threat Exposure “standard�? RFC to check against, and the unique message layer XML encryption and digital signatures all add to the complexity of XML security.

To read more, click link below to subscribe to Intel® Software Dispatch and begin receiving Intel® Software Insight, a quarterly e-zine focused on the topics software-industry leaders care about. Once you fill out the brief subscription form, you will be able to download the pdf and continue reading Defining Network XML Threat Protection: Next-Generation XML Network Intrusion Protection System . To read complete article, click download below.