Threat protection for XML Applications

Vordel XML Firewall protects XML applications from malicious attack and unauthorized access. By blocking a wide range of attacks on XML applications, it shields XML applications and allows them to be deployed in safety and confidence.

The XML Firewall forms an integral component of any enterprise's SOA security infrastructure and can be deployed as part of a strategic architecture of XML firewalls, gateways and run time governance products. Vordel XML Firewall complements other application security and network security products by providing the XML data screening which other products do not provide.

Deployment Architecture

FEATURES

Threat Awareness
Vordel XML Firewall provides full threat protection posture against XML attacks. Untrusted service invocations are denied by default.

Vordel XML Firewall filters applications which use SOAP, applications using "plain XML", and applications which are invoked using HTTP GET invocations (including AJAX and "Web 2.0" applications).

The firewall protects XML applications using a comprehensive set of pre-built content-filtering and traffic-analysis rules. It protects against XML Denial of Service, SOAP attachment viruses, buffer-overflow attempts, malformed or invalid XML, unexpected MIME-Types in SOAP attachments, application-level attacks including SQL Injection, service scanning, and brute-force 'flooding' denial of-service attacks.

• Block "clogging" attacks
• Block Service Scanning.
• Block covert channel attacks
• Block XML Denial of Service
• Block data-harvesting attacks
• Block XML threats such as SQL Injection and XML Denial of Service
• Protect against vulnerabilities associated with XML parsers

Client Authentication
Vordel XML Firewall performs authentication on clients using industry standard HTTP Authentication and X.509 Certificates with SSL. This is in compliance with the WS-I Basic Security Profile (2007).

Alerting on XML security events
Alert against attackers attempting to gain unauthorized access to an XML application, email alerts are sent to security administrators notifying them of any attempted attacks.

Blacklisting with Network firewalls
Blacklisting sources of malicious XML by alerting upstream network firewalls of the offending IP addresses. XML messages coming from an untrustworthy IP address will be detected, blocked, and may optionally also be logged.

Data Integrity control checks
Validate incoming XML and SOAP messages for conformance with XML Schemas, WS-I Basic Profile data integrity.

Rapid Deployment
Vordel provides pre-built policies which allow Vordel's customers to get up and running quickly with XML firewalling.

Security for all flavors of XML applications
Vordel XML Firewall provides protection for all three classes of XML applications: SOAP-based Web Services, "plain XML" applications which do not use SOAP, and "REST style" applications which are invoked using HTTP GET. The device supports many XML dialects, including ACORD and FIXML.

Audit trail
Essential to any corporate governance framework is the ability to comply with industry regulations by maintaining an audit trail of external XML-based communications. Vordel XML Firewall can track usage, disruptions, and create an audit trail of all these activities. In conjunction with VordelReporter an interface to generate reports on all Web Services-based transaction archives is available.

Real Time Monitoring
Vordel XML Firewall ships with a real-time Monitoring Console that provides color-coded message filtering status on message throughput. Administrators can search events on a per message or event type (e.g. Schema validation).

Vordel XML Firewall datasheet