Forum XWall extends Microsoft ISA Server 2004

Late last year, I wrote about Forum Systems’ Forum Sentry XML security appliance. Since then, Forum hasn’t been resting on its laurels and this month sees the release of Forum XWall for Microsoft Internet Security and Acceleration Server 2004, Microsoft’s application-layer firewall, VPN and Web caching system. The purpose of Forum XWall is to extend the functionality of the ISA server to address the security issues of Web services deployment.

Forum breaks down the main Web service vulnerabilities into five categories with accompanying analogies:

1. Vulnerability discovery: Similar to a thief searching for an open window or unlocked door, revealing internal weaknesses and exposures, e.g., Web Services Description Language (WSDL) scanning.

2. Probing attacks: Similar to a thief jumping over the fence and then running back out, stealing bits and pieces of information, e.g., parameter tampering and replay attacks.

3. Coercive parsing: Similar to a thief cutting the wires to a core system of a house – the XML parser – in order to gain access, e.g., recursive payloads, oversize payloads and denial-of-Web-service attacks.

4. External reference attack: Similar to letting a stranger, whom you think is your friend, into your house, e.g., external Uniform Resource Identifier (URI) reference.

5. Malicious content: Similar to a thief delivering a misleading package that results in stolen identities, information leaks and fraudulent transactions, e.g., schema poisoning and SQL injections.

Forum XWall is an add-on for ISA Server 2004 that checks to detect and block all of the vulnerabilities above. Forum XWall supports:

* Central management of WSDL documents.

* Automated XML Schema validation.

* Simple Web services registration with Universal Description, Discovery, and Integration (UDDI) directories.

* Enforcement of design-time and run-time WS-I Basic Profile testing.

* Fine-grained access control for WSDL operations and Simple Object Application Protocol (SOAP) messages.

* Detection and blocking of attacks based on knowledge of Web services operations, users, and messages.

* Protection from vulnerabilities in XML parsers, .Net and J2EE frameworks.

* Configuration of intrusion prevention rules for SOAP 1.1/1.2 and WSDL 1.1.

* Protection from unsecured namespaces, URIs and external references.

* Prevention of attacks against WSDL ports, operations and messages.

This is an ambitious product, which aims to provide security in-depth for one of the more popular Web infrastructure products often found in large service environments. In these situations, Forum XWall’s centralized management facility is a particularly powerful feature.

Forum XWall for ISA Server 2004 is priced at $2,500 and a free 60-day trial version is available.