Microsoft Offers Sample XML Filter For ISA Server


Also confirms security product development unit


Microsoft this week rolled out a sample XML filter for its Internet Security and Acceleration Server that aims to secure Web services.

Company executives at the software giant also confirmed that the company has established a security business unit that will look at developing additional security software besides the ISA Server.

At the RSA Conference held here, Microsoft said the XML filter is available as free download sample code on the ISA Server Web site. Released a year ago, the ISA Server provides firewall protection and Web caching.

The new sample tool filters Web services traffic at the application level to protect networks against intruders and denial-of-service attacks, said Zachary Gutt, technical product manager for Microsoft's ISA Server.

The XML filter looks ahead to where future threats will come from as businesses adopt Web services, said Lucian Lui, ISA Server product manager.

Integrators and developers can use the filter as a blueprint to develop tailored solutions for customers, Gutt said.

"The purpose [of the filter is thought leadership and getting developers thinking about how to secure Web services," he said.

The filter inspects XML requests to verify if a user is allowed to access the Web service and validates the structure of the XML document, he said.

Microsoft will continue to develop ISA Server and boost its interoperability with the company's other products, Lui said. He confirmed a published report that Microsoft has formed a business unit to focus on security products, starting with ISA Server. Mike Nash will head the unit, he said.

The security business unit won't focus on securing the operating system, but rather on "developing products to help secure the environment the operating system is running in," Lui said.

Security is a complex issue requiring multiple products and services, he said. The unit was recently formed and has no solid plans yet for what products it may develop beyond ISA Server, he said.

"We're in research mode," he said. "We'll work with customers and analysts" to determine what is needed.