TechTarget

Firewalls may not offer adequate protection for Web services

Security firm Internet Security Systems (ISS) has warned users considering introducing Web services based on Microsoft's .net...

Security firm Internet Security Systems (ISS) has warned users considering introducing Web services based on Microsoft's .net that their exisiting firewalls may not offer sufficient protection as they move to Web services based on Microsoft's .net.

The .net technology communicates over the Web using firewall Port 80, the port most frequently targeted by hackers looking for a way to break into a network. In the last three months of 2002, 57% of firewall attacks tracked by ISS targeted Port 80.

ISS warned that many firewalls today do not process Web (HTTP) traffic at a sufficient level of detail to recognise malicious activity, adding that Port 80 could provide a gateway for attackers to communicate with .net application servers.

Applications need to be engineered for security to avoid businesses opening their networks to unnecessary risks, according to Ovum analyst Gary Barnett. "It is essential to validate data being passed to a Web service before processing it, otherwise the application will crash or cause the server to lock up."

If data is not checked, applications or Web service may experience a buffer overflow, which can cause systems to crash and compromise security, allowing a hacker to take control of an affected server.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close