Firewalls may not offer adequate protection for Web services


Firewalls may not offer adequate protection for Web services

Cliff Saran
Security firm Internet Security Systems (ISS) has warned users considering introducing Web services based on Microsoft's .net that their exisiting firewalls may not offer sufficient protection as they move to Web services based on Microsoft's .net.

The .net technology communicates over the Web using firewall Port 80, the port most frequently targeted by hackers looking for a way to break into a network. In the last three months of 2002, 57% of firewall attacks tracked by ISS targeted Port 80.

ISS warned that many firewalls today do not process Web (HTTP) traffic at a sufficient level of detail to recognise malicious activity, adding that Port 80 could provide a gateway for attackers to communicate with .net application servers.

Applications need to be engineered for security to avoid businesses opening their networks to unnecessary risks, according to Ovum analyst Gary Barnett. "It is essential to validate data being passed to a Web service before processing it, otherwise the application will crash or cause the server to lock up."

If data is not checked, applications or Web service may experience a buffer overflow, which can cause systems to crash and compromise security, allowing a hacker to take control of an affected server.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy