SlideShare ist ein Scribd-Unternehmen logo

Layer 7 Technologies: What Is An Xml Firewall

CA API Management
CA API Management

Adam Vincent, Layer 7 Federal Technical Director XML Firewall presentation to IEEE DC.

Technologie
1 von 33
What are XML Firewalls Adam Vincent, Layer 7 Technologies Federal Technical Director Prepared for Institute of Electrical and Electronics Engineers (IEEE) Given at IEEE Chapter Meeting on April 17th, 2008 in Mclean, VA
Firewalls Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],What is an XML Firewall?
What is an XML Firewall? What is a Firewall? Firewall Policies Definition: Limits access between networks in accordance with local security policies .
Firewall Implements a Policy ,[object Object],[object Object],[object Object],[object Object],[object Object],What is an XML Firewall?
Two Categories of Firewalls ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],What is an XML Firewall?
Two Categories of Firewalls What is an XML Firewall? Check IP/port Network firewalls Check message content Application firewalls Note: many routers already do this checking
What is an XML Firewall? What is an XML Firewall? XML Firewall What should I do with this XML document/message? Policies Definition: An XML firewall is a tool that takes as input an XML document/message and enforces security policies XML
Example Deployment What is an XML Firewall?
XML Firewalls can do IP/Port checking and content checking What is an XML Firewall? Stateful Inspection: Analysis of data within the lowest levels of the protocol stack in order to compare the current session with previous ones for detection of suspicious activity Deep Packet Inspection: Analysis of content of a thru-passing packet, searching for illegal statements to decide if the packet can pass. Check IP/port Packet firewalls Check message content Application firewalls XML Firewalls Note: many routers already do this checking Stateful Inspection Deep Packet Inspection
What Factors Enter into an XML Firewall's Decision? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],What is an XML Firewall?
What Actions can an XML Firewall Take? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],What is an XML Firewall?
What is an XML Firewall? Example of a Check that an XML Firewall may Perform "Does the XML conform to the data business rules, i.e., does it validate against a XML Schema defining the business rules?” “ Does the XML contain malicious code” “ Does the Message Level Security component of the message comply with the DoD/IC requirements” “ Authentication/Authorization of the sender/message creator”
Policy Enforcement Point (PEP) ,[object Object],[object Object],What is an XML Firewall? This is analogous to the PEP.
Policy Decision Point (PDP) ,[object Object],[object Object],What is an XML Firewall? PEP PDP
Attribute Services (AS) ,[object Object],[object Object],What is an XML Firewall? PDP AS PEP
What is an XML Firewall? Firewalls and PEP/PDP/AS ,[object Object],[object Object],[object Object],PDP Traffic inputs Firewall Firewall AS
What is an XML Firewall? Firewall acting as a PEP only Firewall (acting as a PEP only) PDP service "Do this" ” Bob wants to Send a message To Service A" Attribute service ” Tell me about Bob” ” Bob is in the Army” Threat Protection, Verify Message Security, Audit, and Call out to PDP Policies doc Policies
What is an XML Firewall? More Realistic use of an XML Firewall XML Firewall PDP service Attribute service Threat Protection, Verify Message Security, Audit, Authenticate/Authorize via ABAC Attribute Repository (LDAP) PEP Policies doc
XML Acceleration (1 of 2) ,[object Object],[object Object],[object Object],[object Object],What is an XML Firewall? XML Firewall Policies Back-end applications are relieved from doing all of this XML processing Policy Verified Policy Un-verified Back-end applications XML New XML
XML Acceleration (2 of 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],What is an XML Firewall?
Threat Detection ,[object Object],What is an XML Firewall? XML Firewall Malicious Code Policy Malicious code is not allowed to pass Entity A Entity B XML Purchase Order (with Malicious Code)
Access Control ,[object Object],What is an XML Firewall? XML Firewall Access Control Policy ,[object Object],Entity A Entity B XML Purchase Order
Complex Access Control What is an XML Firewall? Organization Green Michelle Dimitri Program X Organization Blue Policy Enforcement Point Secure Token Server (STS) for Federation Policy Application Point WS-MetadataExchange of WS-Policy Documents WS-Trust Token Requests WSS secure SOAP messages with bound SAML tokens Policy Administration
XML Schema Validation ,[object Object],What is an XML Firewall? XML Firewall XML Schema Entity A Entity B XML Document XML Document
XSL Transformation ,[object Object],What is an XML Firewall? XML Firewall XML Schema Entity A Entity B XML Document New XML Document
XML Filtering ,[object Object],What is an XML Firewall? XML Firewall Policies Message Size Limit Exceeded Entity A Entity B LARGE XML Document
Dynamic Routing ,[object Object],What is an XML Firewall? Firewall Where should I route this document? Policies Busy Not busy. Document is routed here. Entity A $1,000,000 Purchase Order
Service Virtualization/Abstraction ,[object Object],What is an XML Firewall? XML Firewall Policies “ I’m Service (A)” This is the actual service (A) The XML Firewall shields the actual service from external attacks by acting as a virtual stand-in to the service. Message to Service (A)
Quality of Service (QoS) ,[object Object],[object Object],What is an XML Firewall? Firewall On arrival, priority goes to $1,000,000 Purchase Order Policies $1,000,000 Purchase Order $2.00 Purchase Order
Auditing ,[object Object],[object Object],[object Object],[object Object],What is an XML Firewall? Firewall Audit Data Service 2 Service 1
Virus Detection (1 of 2) ,[object Object],[object Object],[object Object],What is an XML Firewall? Firewall Virus Detected! Virus
Virus Detection (2 of 2) ,[object Object],What is an XML Firewall? Firewall External Virus Engine Symantec/Other Scanner Virus Def Update
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],What is an XML Firewall?

Empfohlen

Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And PreventionNicholas Davis
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif KullanımıKurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif KullanımıBGA Cyber Security
 
Virtualization security
Virtualization securityVirtualization security
Virtualization securityAhmed Nour
 
FortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxFortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxNajahIdrissiMoulayRa
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 

Empfohlen

Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And PreventionNicholas Davis
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif KullanımıKurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif Kullanımı
Kurumsal Ağlarda Saldırı Tespiti Amaçlı Honeypot Sistemlerin Efektif KullanımıBGA Cyber Security
 
Virtualization security
Virtualization securityVirtualization security
Virtualization securityAhmed Nour
 
FortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxFortiGate_Sec_02_Security Fabric (1).pptx
FortiGate_Sec_02_Security Fabric (1).pptxNajahIdrissiMoulayRa
 
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
Datto RMM Datasheet
Datto RMM DatasheetDatto RMM Datasheet
Datto RMM DatasheetThomas Dodds
 
What is SASE
What is SASEWhat is SASE
What is SASEAdi Ruppin
 
Firewall
FirewallFirewall
FirewallApo
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
Prtg Network Monitor
Prtg Network MonitorPrtg Network Monitor
Prtg Network MonitorKavi International
 
Fortinet security fabric
Fortinet security fabricFortinet security fabric
Fortinet security fabricANSItunCERT
 
Introduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las Vegas
Introduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las VegasIntroduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las Vegas
Introduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las VegasBruno Teixeira
 
Bilgi Güvenliğinde Sızma Testleri
Bilgi Güvenliğinde Sızma TestleriBilgi Güvenliğinde Sızma Testleri
Bilgi Güvenliğinde Sızma TestleriBGA Cyber Security
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...Amazon Web Services
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Cloudflare
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshChristian Posta
 
Web Application Firewall Tercih Rehberi
Web Application Firewall Tercih RehberiWeb Application Firewall Tercih Rehberi
Web Application Firewall Tercih RehberiBGA Cyber Security
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
Patterns of resilience
Patterns of resiliencePatterns of resilience
Patterns of resilienceUwe Friedrichsen
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall BharathiKrishna6
 
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Amazon Web Services
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptAkshitRana31
 
Parsing of xml file to make secure transaction in mobile commerce
Parsing of xml file to make secure transaction in mobile commerceParsing of xml file to make secure transaction in mobile commerce
Parsing of xml file to make secure transaction in mobile commerceijcsa
 

Weitere ähnliche Inhalte

Was ist angesagt?

Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
Datto RMM Datasheet
Datto RMM DatasheetDatto RMM Datasheet
Datto RMM DatasheetThomas Dodds
 
Firewall
FirewallFirewall
FirewallApo
 
Fortinet security fabric
Fortinet security fabricFortinet security fabric
Fortinet security fabricANSItunCERT
 
Introduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las Vegas
Introduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las VegasIntroduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las Vegas
Introduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las VegasBruno Teixeira
 
Bilgi Güvenliğinde Sızma Testleri
Bilgi Güvenliğinde Sızma TestleriBilgi Güvenliğinde Sızma Testleri
Bilgi Güvenliğinde Sızma TestleriBGA Cyber Security
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...Amazon Web Services
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Cloudflare
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshChristian Posta
 
Web Application Firewall Tercih Rehberi
Web Application Firewall Tercih RehberiWeb Application Firewall Tercih Rehberi
Web Application Firewall Tercih RehberiBGA Cyber Security
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall BharathiKrishna6
 
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Amazon Web Services
 

Was ist angesagt? (20)

Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
Datto RMM Datasheet
Datto RMM DatasheetDatto RMM Datasheet
Datto RMM Datasheet
 
What is SASE
What is SASEWhat is SASE
What is SASE
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Prtg Network Monitor
Prtg Network MonitorPrtg Network Monitor
Prtg Network Monitor
 
Fortinet security fabric
Fortinet security fabricFortinet security fabric
Fortinet security fabric
 
Introduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las Vegas
Introduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las VegasIntroduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las Vegas
Introduction to SDN and Network Programmability - BRKRST-1014 | 2017/Las Vegas
 
Bilgi Güvenliğinde Sızma Testleri
Bilgi Güvenliğinde Sızma TestleriBilgi Güvenliğinde Sızma Testleri
Bilgi Güvenliğinde Sızma Testleri
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS r...
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
 
Web Application Firewall Tercih Rehberi
Web Application Firewall Tercih RehberiWeb Application Firewall Tercih Rehberi
Web Application Firewall Tercih Rehberi
 
Firewall
FirewallFirewall
Firewall
 
Patterns of resilience
Patterns of resiliencePatterns of resilience
Patterns of resilience
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
 
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
 

Ähnlich wie Layer 7 Technologies: What Is An Xml Firewall

Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptAkshitRana31
 
Parsing of xml file to make secure transaction in mobile commerce
Parsing of xml file to make secure transaction in mobile commerceParsing of xml file to make secure transaction in mobile commerce
Parsing of xml file to make secure transaction in mobile commerceijcsa
 
Layer 7: Managing SOA Security and Operations with SecureSpan
Layer 7: Managing SOA Security and Operations with SecureSpanLayer 7: Managing SOA Security and Operations with SecureSpan
Layer 7: Managing SOA Security and Operations with SecureSpanCA API Management
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM DatapowerSigortam.net
 
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)chhoup
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management nullowaspmumbai
 
Email Security Appliance from IBM
Email Security Appliance from IBMEmail Security Appliance from IBM
Email Security Appliance from IBMChris Sparshott
 
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 SecurityExchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 SecurityHarold Wong
 
Evaluating Network and Security Devices
Evaluating Network and Security DevicesEvaluating Network and Security Devices
Evaluating Network and Security Devicesponealmickelson
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
Layer 7: Enterprise SOA with SecureSpan and JavaCaps
Layer 7: Enterprise SOA with SecureSpan and JavaCapsLayer 7: Enterprise SOA with SecureSpan and JavaCaps
Layer 7: Enterprise SOA with SecureSpan and JavaCapsCA API Management
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding FirewallsLikan Patra
 
Firewall ,Its types and Working.pptx
Firewall ,Its types and Working.pptxFirewall ,Its types and Working.pptx
Firewall ,Its types and Working.pptxShrayamManandhar
 

Ähnlich wie Layer 7 Technologies: What Is An Xml Firewall (20)

Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.ppt
 
Parsing of xml file to make secure transaction in mobile commerce
Parsing of xml file to make secure transaction in mobile commerceParsing of xml file to make secure transaction in mobile commerce
Parsing of xml file to make secure transaction in mobile commerce
 
Layer 7: Managing SOA Security and Operations with SecureSpan
Layer 7: Managing SOA Security and Operations with SecureSpanLayer 7: Managing SOA Security and Operations with SecureSpan
Layer 7: Managing SOA Security and Operations with SecureSpan
 
Ch20
Ch20Ch20
Ch20
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
 
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to Datapower
 
Firewall
FirewallFirewall
Firewall
 
XTM moving security forward
XTM moving security forwardXTM moving security forward
XTM moving security forward
 
Product Overview Nov 2010 V1
Product Overview Nov 2010 V1Product Overview Nov 2010 V1
Product Overview Nov 2010 V1
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
Email Security Appliance from IBM
Email Security Appliance from IBMEmail Security Appliance from IBM
Email Security Appliance from IBM
 
Firewall
FirewallFirewall
Firewall
 
Exchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 SecurityExchange Conference (Philadelphia) - Exchange 2007 Security
Exchange Conference (Philadelphia) - Exchange 2007 Security
 
Evaluating Network and Security Devices
Evaluating Network and Security DevicesEvaluating Network and Security Devices
Evaluating Network and Security Devices
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptx
 
Layer 7: Enterprise SOA with SecureSpan and JavaCaps
Layer 7: Enterprise SOA with SecureSpan and JavaCapsLayer 7: Enterprise SOA with SecureSpan and JavaCaps
Layer 7: Enterprise SOA with SecureSpan and JavaCaps
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall ,Its types and Working.pptx
Firewall ,Its types and Working.pptxFirewall ,Its types and Working.pptx
Firewall ,Its types and Working.pptx
 

Mehr von CA API Management

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...CA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataCA API Management
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...CA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...CA API Management
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...CA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer appsCA API Management
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...CA API Management
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceCA API Management
 

Mehr von CA API Management (20)

Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIs
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your Data
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & Win
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
 

Kürzlich hochgeladen

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Layer 7 Technologies: What Is An Xml Firewall

  • 1. What are XML Firewalls Adam Vincent, Layer 7 Technologies Federal Technical Director Prepared for Institute of Electrical and Electronics Engineers (IEEE) Given at IEEE Chapter Meeting on April 17th, 2008 in Mclean, VA
  • 2.
  • 3. What is an XML Firewall? What is a Firewall? Firewall Policies Definition: Limits access between networks in accordance with local security policies .
  • 4.
  • 5.
  • 6. Two Categories of Firewalls What is an XML Firewall? Check IP/port Network firewalls Check message content Application firewalls Note: many routers already do this checking
  • 7. What is an XML Firewall? What is an XML Firewall? XML Firewall What should I do with this XML document/message? Policies Definition: An XML firewall is a tool that takes as input an XML document/message and enforces security policies XML
  • 8. Example Deployment What is an XML Firewall?
  • 9. XML Firewalls can do IP/Port checking and content checking What is an XML Firewall? Stateful Inspection: Analysis of data within the lowest levels of the protocol stack in order to compare the current session with previous ones for detection of suspicious activity Deep Packet Inspection: Analysis of content of a thru-passing packet, searching for illegal statements to decide if the packet can pass. Check IP/port Packet firewalls Check message content Application firewalls XML Firewalls Note: many routers already do this checking Stateful Inspection Deep Packet Inspection
  • 10.
  • 11.
  • 12. What is an XML Firewall? Example of a Check that an XML Firewall may Perform "Does the XML conform to the data business rules, i.e., does it validate against a XML Schema defining the business rules?” “ Does the XML contain malicious code” “ Does the Message Level Security component of the message comply with the DoD/IC requirements” “ Authentication/Authorization of the sender/message creator”
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. What is an XML Firewall? Firewall acting as a PEP only Firewall (acting as a PEP only) PDP service "Do this" ” Bob wants to Send a message To Service A" Attribute service ” Tell me about Bob” ” Bob is in the Army” Threat Protection, Verify Message Security, Audit, and Call out to PDP Policies doc Policies
  • 18. What is an XML Firewall? More Realistic use of an XML Firewall XML Firewall PDP service Attribute service Threat Protection, Verify Message Security, Audit, Authenticate/Authorize via ABAC Attribute Repository (LDAP) PEP Policies doc
  • 19.
  • 20.
  • 21.
  • 22.
  • 23. Complex Access Control What is an XML Firewall? Organization Green Michelle Dimitri Program X Organization Blue Policy Enforcement Point Secure Token Server (STS) for Federation Policy Application Point WS-MetadataExchange of WS-Policy Documents WS-Trust Token Requests WSS secure SOAP messages with bound SAML tokens Policy Administration
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.