Overview Of Nedgty, The Web Services Firewall

3580 Words 15 Pages
Register to read the introduction… Testing Network Every subcomponent of the Nedgty prototype was tested separately using customized test cases during the development phase to ensure that it functions properly. After the integration of all the subcomponents of our system, the system as a whole was tested on the testing network in Figure 2. The testing network is composed of a client application, a web server and a PC hosting Nedgty, interconnected by a direct connection. The client hosted applications were used to invoke the web service hosted by the web server. Client applications were implemented using ASP.Net and Java. Nedgty was hosted on a Linux OS that had the IPtables stored firewall installed on it, and used static route to redirect the traffic from the client to the server. The web services hosted on the web server were implemented using C# and hosted on an IIS server and java hosted on an Apache Axis server [8]. The testing network traffic was monitored using a special SOAP proxy, to monitor the SOAP traffic coming from the client. XDoS and Buffer Overflow attacks were simulated by intercepting and editing the client’s valid SOAP requests to include invalid content. In our test cases Nedgty was successful in intercepting and dropping the invalid requests. IP authorization was tested by allowing certain IP’s to use the hosted web services and sending requests from clients with a range of authorized and unauthorized IP’s. Nedgty was successful in intercepting the unauthorized IP’s and allowing the authorized ones. DoS was tested by setting a threshold in Nedgty and sending requests at a rate exceeding that threshold. Only requests within the allowed threshold reached the server. In all the above test cases Nedgty logged all the transactions in its logging sub system. The logs were checked for the valid and invalid cases and were consistent with the used test …show more content…
Web Services are now being increasingly employed, as their standards enable the integration of loosely-coupled applications over networks. However due to the newly introduced attacks that accompanied the use of web services, the need for web services firewalls has arisen. Nedgty comes in as free open source solution for the protection of web services, against several of the currently persisting attacks. The main target of Nedgty was to experiment a solution to the new threats introduced by the introduction of web services. It is also aimed at providing the open source

[6] “XS40 XML Security Gateway,” DataPower; http://www.datapower.com/products/xs40.html [7] “OASIS eXtensible Access Control Markup Language (XACML) TC,” OASIS; http://www.oasisopen.org/committees/tc_home.php?wg_abbrev=xacml [8] “WebServices http://ws.apache.org/axis/ – Axis,” Apache;

[9] M. S. Mimoso. “XML complexity introduces security risks,” SearchSecurity, 23 Nov. 2004; http://searchsecurity.techtarget.com/originalContent/ 0,289142,sid14_gci1028001,00.htm

Proceedings of the IEEE International Conference on Web Services (ICWS’05)
0-7695-2409-5/05 $20.00

Related Documents