Firewalls may not offer adequate protection for Web services

Security firm Internet Security Systems (ISS) has warned users considering introducing Web services based on Microsoft's .net...

Security firm Internet Security Systems (ISS) has warned users considering introducing Web services based on Microsoft's .net that their exisiting firewalls may not offer sufficient protection as they move to Web services based on Microsoft's .net.

The .net technology communicates over the Web using firewall Port 80, the port most frequently targeted by hackers looking for a way to break into a network. In the last three months of 2002, 57% of firewall attacks tracked by ISS targeted Port 80.

ISS warned that many firewalls today do not process Web (HTTP) traffic at a sufficient level of detail to recognise malicious activity, adding that Port 80 could provide a gateway for attackers to communicate with .net application servers.

Applications need to be engineered for security to avoid businesses opening their networks to unnecessary risks, according to Ovum analyst Gary Barnett. "It is essential to validate data being passed to a Web service before processing it, otherwise the application will crash or cause the server to lock up."

If data is not checked, applications or Web service may experience a buffer overflow, which can cause systems to crash and compromise security, allowing a hacker to take control of an affected server.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close