The third quarter of 2022 saw a 70 percent surge in data breaches, with over 108.9 million accounts being affected. This trend is what has informed the current push by organizations and developers to make data security a top priority in today’s ecosystem, where most enterprises are undertaking massive digital transformation.
In line with this transformation, XML is increasingly becoming a popular standard, making it an essential part of many businesses. However, XML is also a highly flexible format, which can make it difficult to secure. An XML firewall can help to address this issue by providing a layer of protection between your network and any external sources of XML data.
Let's understand what XML firewalls are all about and why they are useful.
What is an XML firewall?
XML firewall is a network security system that protects against attacks that exploit vulnerabilities in XML-based applications. XML-based applications are widespread, and many organizations use them to exchange data between systems. Unfortunately, XML-based applications can be vulnerable to attack, and malicious actors can exploit these vulnerabilities to gain access to sensitive data. XML firewalls, therefore, act as a barrier between XML-based applications and the rest of the network, inspecting incoming traffic for signs of attack and blocking suspicious traffic.
Traditional firewalls are ineffective in mitigating XML vulnerabilities. An XML firewall, on the other hand, has the advantage of being a specialized application layer firewall that protects applications using XML-based interfaces.
How does an XML firewall work?
XML firewalls work by inspecting incoming XML traffic and blocking any malicious content. This ensures that only safe, well-formed XML documents are allowed into the network. They use a set of security protocols that inspects XML messages according to their elements and features. Reviewing messages allows an XML firewall to control the interaction between genuine sources and potentially malicious ones.
The security policy specifies the factors that all traffic must adhere to while the firewall implements the policy.
A typical XML firewall performs stateful inspection and deep packet inspection.
- Stateful inspection involves analyzing data by comparing the current session with previous ones to detect any abnormal or suspicious activity.
- Deep packet inspection analyzes the content of thru-passing packets for any illegal statement and determines whether it can pass.
The decision to allow a document or message to pass depends on package-based and content-based factors. Package-based factors include the message’s origin, destination, the time it was sent, and the time it arrived. Content-based factors include whether the content is acceptable, whether the content is high-value or low-value, whether it’s structured correctly, and whether the XML security header is correct.
For instance, an XML firewall may check the following:
- Does the XML document or message adhere to the data rule? That is, can it be validated against the XML schema?
- Does it contain malicious code?
- Does Message Level Security adhere to DoD/IC requirements?
- The authenticity or authorization of the message sender.
If the firewall decides that the message or document is unacceptable, it may log, return, or discard it. If it is acceptable, it will forward it or route it to a unique path.
Benefits of XML firewalls
These are the top benefits of XML firewalls:
1. No need for security codes
XML firewalls eliminate the need for security codes that can often be highly duplicated and lead to poor application performance.
2. Traffic filtering
XML firewalls perform wire-speed filtering on all incoming SOAP and XML documents or messages. It filters the documents and messages at several protocol stack layers, including:
- IP address,
- Port number,
- Host name,
- SOAP envelop,
- XML field-level message content, and
- Payload size.
3. Data validation and verification
XML firewalls ensure document structure legitimacy by providing a validation schema for incoming and outgoing messages and documents. It also enables user-configurable policies that protect against buffer runs, DoS attacks, SQL injection, cross-site scripting (XSS and other vulnerabilities.
Additionally, XML firewalls offer robust and standard-based digital signatures as well as signature verification capabilities.
4. Web services access control
XML firewalls support multiple web services authorization and authentication techniques. Access controls are vital to the security of any IT infrastructure. They allow businesses to authorize and restrict access to specific computing resources. The four main types of access controls include:
- Rule-based access control,
- Role-based access control,
- Discretionary access control, and
- Mandatory access control.
5. Message and field-level encryption
An organization can use an XML firewall to apply encryption at both the XML field level and message level. You can choose to either encrypt and decrypt the entire XML document at the message level or encrypt and decrypt only the sensitive data at the field level.
Field-level encryption allows users to upload sensitive information to web servers without compromising security. It encrypts the information at the edge, near the user, and the data remains encrypted. Message-level encryption allows businesses to transmit and store information while preventing intruders from understanding it.
6. Service virtualization and abstraction
XML firewalls support service virtualization through SOAP and XML-based routing, XSL transformations, and URL rewriting policies. Service virtualizations direct XML documents and messages to protected remote resources.
How to implement XML firewall
Businesses can implement an XML firewall via a server-side application on the web server or as an appliance. It is essential to assess both methods and determine which best serves your organization’s needs.
Appliances are optimized for a single purpose, thus offering better throughput. They may provide better reliability and wire-speed processing than server-side software. Further, appliances support multiple deployment methods, including the non-intrusive inline mode. This mode allows the appliance to play the role of a network bridge with TCP/IT packet forwarding.
Though a server-side application has low initial costs, it becomes challenging to maintain security consistency as the web server grows.
A good example of an XML firewall is the IBM DataPower Gateway. This XML firewall controls XML-based requests and responses passing over HTTP or HTTPS, and can process any type of XML document.
As organizations increasingly rely on web services to conduct business, it is imperative to take steps to secure these services from potential threats. One key element of a robust security infrastructure for the many organizations that use XML, is an XML firewall. The right XML firewall will help to protect sensitive data by filtering incoming and outgoing XML traffic.