Gone are the days when it was enough to scan your computer and e-mail attachments for malicious files. As XML traffic over the Internet increases, the threat of viruses, worms and malware is crossing over into the world of Web services.
On Monday, Layer 7 Technologies Inc. added Cupertino, Calif.-based Symantec Corp.'s AntiVirus Scan Engine to its SecureSpan Gateway product. Under the partnership, SecureSpan, which enforces security policies for Web services, can now forward any malicious SOAP attachments to the AntiVirus Scan Engine, which in turn rejects or quarantines any infected files before they can penetrate an application.
In a related announcement, Forum Systems Inc. and Islandia, N.Y.-based Computer Associates (CA) Inc. teamed up to integrate CA's eTrust EZ antivirus software with the Forum XWall Web Services Firewall. XWall will add a new XML Antivirus module that will apply security policies and antivirus signatures to SOAP messages, SOAP attachments and raw XML.
"The ability to attach files to SOAP messages is a powerful integration tool for enterprise applications, but it also provides a potentially dangerous vector for threats and attacks," Scott Morrison, director of architecture for Vancouver, B.C.-based Layer 7 Technologies, said in a statement.
The need for virus protection against XML documents and attachments demonstrates that many companies are still vulnerable to XML traffic, even those that aren't using Web services.
XML traffic has increased because common formats like MP3 files and Microsoft Word documents can now be sent as XML. Additionally, the fact that SOAP envelopes and WSDL files can carry embedded macros and files increases the risk of exchanging Web services messages.
"XML and Web services cut through existing firewalls and email-based spam and virus filters like a hot knife through butter," said Ron Schmelzer, senior analyst at Waltham, Mass.-based ZapThink LLC. "Existing routers don't inspect the actual content at the level necessary to deal with XML-based virus and content-based attacks."
The Layer 7 and Forum Systems announcements emphasize the need for companies to think about the potentially new threats in Web services and how they can protect themselves, Schmelzer said.
While viruses embedded inside SOAP attachments are the easiest way to strike, a sophisticated parser can find sensitive information inside XML documents like credit card numbers or "dirty words", according to Wes Swenson, CEO of Salt Lake City-based Forum Systems.
"Anything that's XML-ified needs to be parsed," Swenson said. "Most network layer technologies do not parse, they only deal with packets, envelopes and messages."
Parsing attacks and XML schema poisoning are the next types of Web services security threats we can expect to see, Swenson said. Malicious macros or circular references can poison schemas and cause a parser to consume all of its resources and shut down.