StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Web Services Security - Essay Example

Cite this document
Summary
This paper will examine the technology that has evolved over the years to keep the system secure. Web services allow accessing information on the global internet. The value of the web services are well recognized not just by the managers and executives. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.7% of users find it useful
Web Services Security
Read Text Preview

Extract of sample "Web Services Security"

Web services allow accessing information on the global internet. The value of the web services are well recognized not just by the managers and executives. It has also not escaped the attention of hackers and cyber-criminals who attempt to damage the system and the organization. Threats to an organization can be both from internal sources and external. Even customers and business partners pose a threat. While the motives may vary, the system is vulnerable to several risks. This paper will examine the technology that has evolved over the years to keep the system secure. Ratnasingam (2002) points out the advantages of web services over the traditional business-to-business applications. He also highlights the security concerns, how the risks occur, the barriers to security, and the role technology plays in combating these concerns. He discusses encryption, HTTP, reliable and conditional messaging, and the use of open standards like XML, SOAP, UDDI and WSDL for security but he does not address the shortcomings of each of these methods although he has used the latest technology adopted. Bussler (2003) points out that web services help distinguish two different types of integration because it provides a higher layer of abstraction that hides implementation details from applications (Gao, Hayes & Cai, 2005). They point out that it integrates existing system with existing business logic and also integrates existing system to define new business logic through the integration but do not provide a clear picture as to how this is done. Security measures like digital signatures, encryption mechanisms, which enforce quality and standards even according to Gao et al. Geuer-Pollmann & Claessens (2005) state that core security mechanisms like XML signature and XML encryption are directly integrated into the XML which provide integrity protection, data origin authentication and service field confidentiality to all applications that use XML for data storage and exchange. They too do not highlight its impact on business applications. Ardagna, Damiani, Capitiani di Vimercati & Samarati (2004) state that of the four standards that web services are based on, XML poses the greatest security concerns. HTTPS (i.e., HTTP over the Secure Sockets Layer protocol) can restrict access to authorized users while protecting the confidentiality and integrity of XML messages by encrypting private information but it cannot provide authorization or interfere in what the user is trying to do. HTTPS is a good solution for strong encryption and server identity authentication to the client and vice versa. They point out the advantages and shortcomings but do not specifically give examples of companies using HTTPS. Banks and other organizations where funds are transacted, or use of debit/credit card takes place, use HTTPS to protect customer security but this has not been highlighted by the authors. This has been pointed out by BBB (2006) that businesses can secure online data and transactions through SSL (Secure Sockets Layer), a technology that applies encryption. Sensitive information traveling on the internet like the debit and credit card numbers are secure through this and a number of companies offer this service. Firewall is another critical component of the web services security architecture. Rowan (2005) says the traditional walls can provide user authentication and can control to services but they cannot scan the information inside the data pockets. While the author aims to provide the real security requirement, he concedes that it is not possible to find a single person who understands all the three areas – security, network and applications. Being the principal security consultant, his opinion carries weight. MacPhee & O’Neill (2005) assert that at times companies have to trade off higher security for ease of administration and implementation. Extranet is a private network using web services to share business information or operations with the vendors, customers, or partners. It is the intranet extended to users outside the company. An extranet uses firewall, digital certificates, encryption and VPNs (virtual private networks) for its security and privacy. The security architecture consists of Policy Enforcement Points (PEPs) and Policy Decision Points (PDPs). If the password is authenticated over an SSL link, then it cannot be “sniffed” or replayed. As the user fills out the web forms, PEP filter in the web server communicates with the PDP server and decides if the user has access. This system is perfect for relatively low volumes of traffic per user but to send large volumes of data, re-keying into the web form in a browser is not an attractive option. To send data at 1 am every night, it is not feasible for the user to start the browser every night and fill out forms. For such cases XML-based interface is a better option. BBB (2006) strongly feels that firewalls and encryption are not enough to prevent criminals from extracting customer information. They do advise that data security plan has to be in order and the process or steps that firm should initiate. According to them, software alone cannot prevent employee error. The employees have to be trained properly in working with the software while Siponen (2006) contends that organizing training sessions are not enough. Companies are concerned that the security processes are in place but do not lay stress on how it is actually implemented. He also points out the security management standards do not provide advice on how to achieve the desired results. Siponen’s contention is realistic because most organizations invest on security standards without fully knowing its potential and putting it to effective use. Even if it is put to effective use, Singh (2006) while discussing Maruti Udyog, India points out that the lifecycle of the equipments is very low and to keep them ongoing at the same time is a big challenge. A company may invest heavily in the network platform but after six months the support is not available because technology has advanced. If this is upgraded, other platforms bought two years ago would not be compatible with this. Securing XML has a variety of problems and is vulnerable to a variety of attacks. There are too many web services security vendors but they have to advertise their messages in the right manner (Rowan). In the web services world all the vendors have to agree to a standard but different groups have emerged. Back lashing and copious reports about each other can be found although all are working towards ratifying the standards. Machine to machine communication poses a threat. Web services security can verify the origin of the messages but this necessitates that all members of the group have to be known to each other. This ensures participation only by invitation and restricting it to known sources. Most business systems have a built in security system. Every business wants to use web services and extend it beyond the boundaries of their organization. This requires new security demands and solutions. Research of the literature available suggests that technology is being upgraded regularly. It is possible to keep the web services secure although for small organizations it may be costly. Most importantly, the web security vendors have to agree to a standard. Most web services have the security packages in-built while Microsoft also allows free downloads. Nevertheless, as technology develops so does the efforts and technology of the hackers and cyber criminals. Data breach resulting from weak security practices can result in facing lawsuits from the federal and state agencies. This can in turn erode business equity, consumer trust and ultimately the business reputation. References: Ardagna, C. A. Damiani, A. Capitiani di Vimercati, S. & Samarati, P. (2004), A Web Service Architecture for Enforcing Access Control Policies, Electronic Notes in Theoretical Computer Science, Volume 142, 3 January 2006, Pages 47-62 BBB (2006), Security & Privacy —Made Simpler, 13 Oct 2006 Bussler, C. (2003), Semantic Web Services: reflection on Web Service mediation and composition, Proceedings of the Fourth International Conference on Web Information Systems Engineering (WISE’03), Computer Society. Gao, H. T. Hayes, J. H. & Cai, H. (2005), Integrating Biological Research through Web Services, IEEE Computer Society. Geuer-Pollmann, C. & Claessens, J. (2005), Web services and web service security standards, Information Security Technical Report, Volume 10, Issue 1, 2005, Pages 15-24 IBM-Microsoft (2002), Security in a Web Services World: A Proposed Architecture and Roadmap, 30 Sep 2006 MacPhee, A. & O’Neill, M. (2005), Notes from the field: Implementing a security solution for Web Services, Information Security Technical Report, Volume 10, Issue 1, 2005, Pages 25-32 Moses, T. (2004), Security in a Web Services World, 30 Sep 2006 Ratnasingam, P. (2002), The importance of technology trust in web services security, Information Management & Computer Security, Vol. 10 Np. 5 2002 pp. 255-260 Rowan, L. (2005), Security in a Web services world, Network Security, Volume 2005, Issue 6, June 2005, Pages 7-10 Singh, A (2006), CIO/CTO SPEAK MARUTI UDYOG, 13 Oct 2006 Siponen, M. (2006), Information Security Standards Focus on the Existence of Process, Not Its Content, Communications of the ACM, Vol. 49 No. 8 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Web Services Security Essay Example | Topics and Well Written Essays - 1000 words”, n.d.)
Web Services Security Essay Example | Topics and Well Written Essays - 1000 words. Retrieved from https://studentshare.org/logic-programming/1537756-web-services-security
(Web Services Security Essay Example | Topics and Well Written Essays - 1000 Words)
Web Services Security Essay Example | Topics and Well Written Essays - 1000 Words. https://studentshare.org/logic-programming/1537756-web-services-security.
“Web Services Security Essay Example | Topics and Well Written Essays - 1000 Words”, n.d. https://studentshare.org/logic-programming/1537756-web-services-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Web Services Security

Assessment for Mark up Languages for the Web

Later on in 1990 Tim Berners Lee created the first web Server named as Hypertext Markup Language (HTML) that enabled the users to access the text in a nonsequential pattern based on the SGML fundamentals (Steven Holzner, 2005).... Thus XML was the improvised version of previous mark up languages that was used to enhance the web features....
6 Pages (1500 words) Essay

Trends and issues in the development of information technology for EBusiness

The paper presents web services information technology, which offers promising opportunities to e-business in organizations.... web services information technology is intended primarily for business-to-business Internet software applications, but also can be used in other areas of e-commerce. … web services technology allows a seamless interface to Web system between information provider and consumers.... The requirements to the information provided by the system are timeliness, reliability, security and flexibility of presentation. In this work web services architecture is described that can be adopted as a new service delivery model that incorporates implementation of user and functionality requirements, business processes, design patterns and existing technologies use defining an accomplished B2B e-commerce process solution....
19 Pages (4750 words) Essay

E-Businesss Marketing

security is one of the major issues that are being faced by any organization in the present world.... This can be done by formulating a security policy that provides the most secure transactions.... A good security policy not only builds trust within the consumers but also helps an organization build a reputable image.... Importance to systems privacy is given while formulating a security policy as it determines a user's freedom while using Internet to purchase from the organization's website....
3 Pages (750 words) Essay

The Importance of Technology Trust

This paper "The Importance of Technology Trust" sheds some light on the explosive growth of the internet and the open growth of the telecom markets that allow benefits for the sophisticated users but at the same time, the security problems hamper progress.... What becomes important then is the security of the data generated and the implementation of standards for data protection.... To reduce costs and improve products and services technology has advanced in every sector....
8 Pages (2000 words) Case Study

Current Federal Government Initiatives

Creating a health information network that is national should be centralized, available on the internet, be governed by both public and private organization and be patient centered, complying with all health information security protocols and standards.... A Regional Health Information Network can be defined as a group of stakeholders interested in improving quality, safety access, and… Creating an efficient system involves bringing together competitors and the number one obstacle in creating a regional health information network is the actual cost of the development, lack of organizational Three existing models are used to connect these communities of networked information; hybrid, co-op and federation....
3 Pages (750 words) Essay

Role of Network Security: How Does It Protect You

From the paper "Role of Network security: How Does It Protect You" it is clear that network security is a very challenging and difficult task.... hellip; Every organization needs its own proper security system in order to maintain the reputation of their company.... nbsp; Since security is absolutely a difficult topic, and everyone has their own ideas and approaches to it.... A network security system is a combination of many computer networks that can be either public or private....
6 Pages (1500 words) Essay

Solving the Household Food Insecurity Problem in Missouri

Different types of organizations in the EFAS including food pantries, emergency kitchens, food banks, food rescue organizations, and emergency food organizations assist the poor in achieving food security.... he World Health Organization (WHO) defines food security is, “when all people at all times have access to sufficient, safe, nutritious food to maintain a healthy and active life” (WHO n.... In 2012, the household food security in the United States was the eighty-five-percentage proportion of the total population (USDA n....
5 Pages (1250 words) Report

Advanced Web Technology and Web Services

… 30th September, 2011IntroductionThe emergence of web services has contributed a new set of technology to the enterprise.... This set of technology is both complex and also simple in nature, just as they complicate the traditional application management 30th September, 2011IntroductionThe emergence of web services has contributed a new set of technology to the enterprise.... It is this kind of decentralization, wide paradigm of information dissemination that on meeting the concept of service centric computing that has led to the genesis of the concept of web services (Laneve, 2010)....
11 Pages (2750 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us