Security Basics mailing list archives
RE: XML Security
From: "amit kukreti" <avmit702 () hotmail com>
Date: Sat, 22 Oct 2005 14:08:02 +0000
hiif you are trying to implement the web services and having the microsoft as your application development environment then wse2.0 (web services enhancement 2.0) can enhance your web services
regards Amit ----Original Message Follows---- From: "John Smithson" <why1234 () hotmail com> To: security-basics () securityfocus com Subject: XML Security Date: Thu, 20 Oct 2005 13:55:56 -0700 MIME-Version: 1.0 X-Originating-IP: [204.52.242.50] X-Originating-Email: [why1234 () hotmail com] X-Sender: why1234 () hotmail comReceived: from outgoing.securityfocus.com ([205.206.231.27]) by mc2-f41.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 21 Oct 2005 17:17:09 -0700 Received: from outgoing.securityfocus.com by outgoing.securityfocus.com via smtpd (for mail.hotmail.com [65.54.190.7]) with ESMTP; Fri, 21 Oct 2005 17:17:08 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid D312A2381F0; Fri, 21 Oct 2005 11:58:01 -0600 (MDT)
Received: (qmail 24730 invoked from network); 20 Oct 2005 08:56:53 -0000 X-Message-Info: 6sSXyD95QpUXsFVaRxJQAuEQM3f32TLkgQgyOX5vUf4= Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus comX-OriginalArrivalTime: 20 Oct 2005 20:55:56.0971 (UTC) FILETIME=[AB02BFB0:01C5D5B8] Return-Path: security-basics-return-36382-avmit702=hotmail.com () securityfocus com
Gurus,I'm trying to find the best practices in implementing the XML security. Recently our development team is working in implementing the XML services. They are planning to send traffic to partner's site as well as they will be partner to some site.
I work in the IT security filed, however, I'm very newbie in the Application Security field. At this point all my research is been via Goggling. Option 1 - The web server provide SSL capabilities, so send the XML traffic over the SSL. Option 2 - Purchase reverse SSL Proxy (such as Juniper's Neoteris, Citrix's NetScaller--- have the partner perform SSL VPN to the proxy and have proxy connect to our webservers)
Is there any additional layer/barrier that I can provide to increase the security? How have you deployed such environment? Obvious function such as firewalls, IDS/IPS are already been implemented.
Again, since I'm in the early learning phase, I may be completely off in explaining the scenario. However, any help would be greatly appreciated.
Thanks, _________________________________________________________________On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
Current thread:
- XML Security John Smithson (Oct 21)
- RE: XML Security amit kukreti (Oct 24)