Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Checklist: Securing Enterprise Services

 

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

patterns & practices Developer Center

Improving Web Application Security: Threats and Countermeasures

J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Microsoft Corporation

Published: June 2003

Applies to:

  • Enterprise Services (.NET Framework version 1.1)

See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.

See the Landing Page for the starting point and a complete overview of Improving Web Application Security: Threats and Countermeasures.

Contents

How to Use This Checklist Developer Checks Administrator Checklist

How to Use This Checklist

This checklist is a companion to Chapter 11, "Building Secure Serviced Components" and Chapter 17, "Securing Your Application Server." Use it to help you secure Enterprise Services and the server it runs on, or as a quick evaluation snapshot of the corresponding chapters.

This checklist should evolve with steps that you discover to secure Enterprise Services.

Developer Checks

Use the following checks if you build serviced components.

Authentication

CheckDescription
Ff648200.z02bthcm01(en-us,PandP.10).gifCall-level authentication is used at minimum to prevent anonymous access. Serviced component assemblies include:
[assembly: ApplicationAccessControl(
           Authentication = AuthenticationOption.Call)]

Authorization

CheckDescription
Ff648200.z02bthcm01(en-us,PandP.10).gifRole-based security is enabled. Serviced component assemblies include: [assembly: ApplicationAccessControl(true)]
Ff648200.z02bthcm01(en-us,PandP.10).gifComponent-level access checks are enabled to support component-level, interface-level, and method-level role checks. Serviced component assemblies include:
[assembly: ApplicationAccessControl(AccessChecksLevel=
                AccessChecksLevelOption.ApplicationComponent)]
Ff648200.z02bthcm01(en-us,PandP.10).gifComponent-level access checks are enforced for all serviced components. Classes are annotated with:
[ComponentAccessControl(true)]
Ff648200.z02bthcm01(en-us,PandP.10).gifTo support method-level security, the [SecurityMethod] attribute is used on classes or method implementations, or the [SecurityRole] attribute is used on method implementations.

Configuration Management

CheckDescription
Ff648200.z02bthcm01(en-us,PandP.10).gifServer applications are configured to run with least-privileged accounts.
Ff648200.z02bthcm01(en-us,PandP.10).gifServer applications only run using the interactive user account during development.
Ff648200.z02bthcm01(en-us,PandP.10).gifObject constructor strings do not contain plain text secrets.

Sensitive Data

CheckDescription
Ff648200.z02bthcm01(en-us,PandP.10).gifIn the absence of IPSec encryption, RPC encryption is used to secure sensitive data over the network in the absence of an IPSec infrastructure. Serviced component assemblies that use RPC encryption include:
[assembly: ApplicationAccessControl(
                Authentication = AuthenticationOption.Privacy)]

Auditing and Logging

CheckDescription
Ff648200.z02bthcm01(en-us,PandP.10).gifUser transactions are logged to an event log. The audit record includes original caller identity from SecurityCallContext.OriginalCaller.

Deployment Considerations

CheckDescription
Ff648200.z02bthcm01(en-us,PandP.10).gifPort ranges are defined if you use dynamic port range allocation OR static endpoint mapping is configured.
Ff648200.z02bthcm01(en-us,PandP.10).gifSecrets are not stored in object constructor strings. Secrets such as database connection strings are encrypted prior to storage.
Ff648200.z02bthcm01(en-us,PandP.10).gifThe server application run-as account is configured as a least-privileged account.

Impersonation

CheckDescription
Ff648200.z02bthcm01(en-us,PandP.10).gifThe impersonation level is configured correctly. For ASP.NET clients, the impersonation level is configured in Machine.config on the <processModel> element.

For Enterprise Services client applications, the level is configured in the COM+ catalog.

Ff648200.z02bthcm01(en-us,PandP.10).gifServiced component assemblies define the required impersonation level by using the ApplicationAccessControl attribute as shown below:
[assembly: ApplicationAccessControl(
     ImpersonationLevel=ImpersonationLevelOption.Identify)]

Administrator Checklist

CheckDescription
Ff648200.z02bthcm01(en-us,PandP.10).gifLatest COM+ updates and patches are installed.
Ff648200.z02bthcm01(en-us,PandP.10).gifObject constructor strings do not contain plain text secrets.
Ff648200.z02bthcm01(en-us,PandP.10).gifCOM+ administration components are restricted.
Ff648200.z02bthcm01(en-us,PandP.10).gifImpersonation level that is set for the application is correct.
Ff648200.z02bthcm01(en-us,PandP.10).gifServer applications are configured to run with a least-privileged account.

Server applications do not run using the identity of the interactively logged on user.

Ff648200.z02bthcm01(en-us,PandP.10).gifDTC service is disabled if it is not required.

patterns & practices Developer Center

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.