SOAP leaves some things unchanged. Your firewall will permit access to public Web servers that provide Web services and block access to internal servers. And internal clients will still be permitted to visit Web servers and read e-mail. But the paradigm changes here, as the emphasis changes from execution of remote methods on remote servers to include the execution of remote code on local clients. Execution of remote code on IE is already well known as a successful attack vector. Will the security features of .NET or Java mitigate this threat?
Tuesday, February 11, 2003
Rik Farrow on Firewalls
Rik Farrow wrote another interesting column for Network Magazine. It's A Farewell to Firewalls? and talks about the security implications of web services. From the article: