XML Firewall Architecture and Best Practices for Configuration and Auditing

More and more organizations today are adopting Service Oriented Architectures (SOA) for mission critical business applications. By definition, SOA is not a technology, but rather the underlying framework made up of attributes such as dynamic service discovery, composition and interoperability.

This framework promises autonomous interactions between software agents and computer systems to support information exchange and facilitate web transactions. Web services is the principal SOA platform that businesses and enterprises are now using to seamlessly automate end-to-end business processes, offer E-government services across the Internet, and conduct transactions such as financial trading and e-commerce purchasing.

While providing advanced business functionality, Web services introduce significant security considerations and challenges that need to be effectively managed by the business to achieve tangible Return-On-Investment (ROI) by their use. For example, vulnerabilities can manifest in various layers of the architecture, such as the operating system, the network, the database, the XML parser, the firewall, or any other component in the Web services implementation.