The Barracuda Web Application Firewall: XML Firewall

Download PDF

Introduction

SOAP/XML or web services based applications are industry standards by which organizations streamline business processes, enhance information sharing efficiency and reduce application integration costs. Available in Barracuda Web Application Firewall Models 660 and above, the integrated XML Firewall enables a strong new layer of defense for data center security teams to deploy SOAP applications across the perimeter. Web services based applications are vulnerable to attacks such as Denial of Service, malicious code injection, and parameter manipulation. Data center security teams need a firewall capable of protecting all layers of protocols and content (HTTP, SOAP and XML) to properly protect web services applications as they deploy them on to the web.

Addressing web services security requirements separately from existing application security implementations would create undesired DMZ complexity and unnecessary administrative burdens. To optimally deploy, operate and secure SOAP based applications, organizations clearly require the integration of web application and web services security into a single comprehensive application controller.

Key Benefits

  • The most comprehensive set of XML web services security capabilities plus all the benefits of the award-winning Barracuda Web Application Firewall
  • Single appliance protects both web applications and web services
  • Single control point to manage security for web applications and web services
  • Single integrated audit trail for web applications and web services
  • Prevents both malicious and accidental web services threats
  • Makes it easy to secure web services at the perimeter without having to learn all the details of XML

Threat Protection

  • Positive Security Model
  • Schema Validation
  • XML Parameter Tampering Protection
  • XML Level Data Theft Protection
  • XDoS Prevention
  • WS-I Profile Validation
  • Coercive Parsing Protection
  • Recursive Element Protection

Trust Services

  • Access Control for SOAP
  • Authentication of Web Services
  • WSDL Address Translation
  • LDAP and RADIUS
  • SUPPORTED STANDARDS
  • All underlying TCP and HTTP standards
  • XML Schema 1.0
  • WSDL 1.1
  • SOAP 1.1/1.2
  • WSI Basic Profile
  • X.509 certificates

A Single Solution for Web Applications and Web Services

The Barracuda Web Application Firewall delivers a comprehensive solution that provides enterprise-class security solution for both traditional HTML web applications and web services applications. This single appliance equips security administrators with market leading SSL, FTP, HTTP, HTML, SOAP and XML firewall protection and control with the convenience of a single and consistent management interface. The system additionally provides a real-time console for comprehensive application monitoring as well as comprehensive logging and audit information.

XML Threat Protection

  • Methods-based approach stops the underlying methods used to compromise XML enabled applications, preventing even unknown or “accidental” XML threats
  • Web Services Cloaking masks the true internal URL of mission-critical web services, making them more difficult for hackers to target
  • Automatically validates XML schemas to ensure full compliance to the protocols and specifications governing their use
  • Inspects and validates SOAP envelopes, headers and message content to ensure that all web services are correctly formed
  • Conducts full XML content inspection, looking for policy violations such as oversized messages, unexpected field values and inappropriate external references
  • Ensures that all web services transactions conform to extensive WS-I Basic Profile requirements for security and interoperability
  • Protects against XML Denial of Service (XDoS) threats such as coercive parsing, external entity attacks, jumbo payloads, and recursive elements attacks

Web Services Deployment and Controls

  • Lets security administrators set limits on web services usage without having to learn all the details of XML
  • Gives security managers a single consistent interface for managing web application and web services security
  • Allows application developers to safely extend new web services to partners without compromising perimeter security policies
  • Allows developers to roll out secure web services in hours instead of months
  • Leverages existing access control infrastructure to allow rapid deployment of new web services with no risk
  • Provides detailed, integrated logging and audit information for all web application and web services events
  • Helps IT operations avoid costly unscheduled patching of application servers to cover new exploits

Comprehensive Solution for HTTP and XML Web Services Applications

The Barracuda Web Application Firewall addresses the complex requirements presented to data center security teams faced with externalizing SOAP interfaces and applications on to the web. The solution delivers state-of the-art security for all application protocols found in modern web data centers. Data center security teams now have a single point of control for deploying, securing and managing all applications, no matter what protocols they are built upon, externalized on to the web.

For questions about the Barracuda Web Application Firewall, please visit http://www.barracuda.com/waf or call Barracuda Networks for a free 30-day evaluation at 1-888-ANTI-SPAM or +1 408-342-5400. For more information on our other security and productivity solutions, please visit http://www.barracuda.com/ products.