Web Services Protection: What Can Be Done

Most Web services attacks would not be caught by typical security tools. Web services protection involves extra layers of security. As is the case with most applications, Web Services requires standard security functionality to provide protection. These requirements often include:

Authentication Verifying the identity of the requestor
Access Control Ensuring that the Web service consumer has appropriate access to the resource
Signing Ensuring message integrity. Support for XML Signature
Schema Validation Ensuring data integrity: structure and content of message
Support for security standards Supporting standards based security functions such as WS-Security for interoperability and future security protection
Malicious attack protection Supporting protection against the latest Web Services and XML-based attacks
Data collection Audit data is crucial for identifying and diagnosing attack as well as proving compliance
Service virtualization Hiding details on back end resources and sensitive services from view
Automated threat response Having the ability to respond to Web services threats, no matter the source, in an automated manner and to alert the right people as necessary
Fail negatively Only allowing named traffic to pass and in the event of a system failure, failing negatively
Integration with existing security environment Allowing policy and functionality from existing security infrastructure, such as identity management solutions, PKI infrastructure and network management and monitoring tools to be leveraged

Web services protection is required across all Web Services traffic and must be applied in a consistent manner regardless of the different types of technologies being connected in the Web Service network.

Many companies are turning to dedicated technologies that specifically deal with these threats in order to provide for Web services protection that will not ruin their projects. Technologies such as XML Firewalls provide protection that spans across all Web Services regardless of the underlying technology. Some Web Service security vendors provide Web Service endpoint technology to provide protection at the actual Web Service. Others offer hardware solutions and others provide software solutions. A few vendors provide all of these options which enable the broadest range of security protection and cover the variety of implementation requirements necessary for most IT environments.

Assessing the Risk

Gaining knowledge of the assets being protected as well as the nature of attacks against Web Services will help you assess the risk of introducing new technologies. Most analysts and companies agree that Web Services traffic is not a large amount of their traffic today but predict that it will be significant very rapidly. Because security is the top of mind for any Web Service project, many companies rightfully are architecting a scalable security infrastructure as their first step. Web services security issues are at the top of the list for any company today due to heightened levels of security and the increasing specter of costly regulatory fines and imprisonment. Ensuring the security of your Web Service project is a critical element to ensuring the success of your projects.

For More Information

Learn how Actional can protect your Web services network: download the free webinar, SOA Runtime Governance

Find Out How to Secure the Web Services Network

Download the free white paper, "Web Services Risks — Understanding The Web Services Security Threat," now.

Note: The items in BOLD are required fields. You must supply a valid email address to complete the registration.


First Name
Last Name
Company
Title
Job Category
Industry
Email
Telephone
Address 1
Address 2
City
Country
State/Prov
Postal Code