Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

Checklist: Securing Remoting

 

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

patterns & practices Developer Center

Improving Web Application Security: Threats and Countermeasures

J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Microsoft Corporation

Published: June 2003

Applies to:

  • Remoting (.NET Framework version 1.1)

See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.

See the Landing Page for the starting point and a complete overview of Improving Web Application Security: Threats and Countermeasures.

Contents

How to Use This Checklist Design Considerations Input Validation Authentication Authorization Configuration Management Sensitive Data Exception Management Auditing and Logging

How to Use This Checklist

This checklist is a companion to Chapter 13, "Building Secure Remoted Components." Use it to help you build secure components that use the Microsoft ® .NET remoting technology and as a snapshot of the corresponding chapter.

Design Considerations

CheckDescription
Ff648326.z02bthcm01(en-us,PandP.10).gifRemote components are not exposed to the Internet.
Ff648326.z02bthcm01(en-us,PandP.10).gifThe ASP.NET host and HttpChannel are used to take advantage of Internet Information Services (IIS) and ASP.NET security features.
Ff648326.z02bthcm01(en-us,PandP.10).gifTcpChannel (if used) is only used in trusted server scenarios.
Ff648326.z02bthcm01(en-us,PandP.10).gifTcpChannel (if used) is used in conjunction with custom authentication and authorization solutions.

Input Validation

CheckDescription
Ff648326.z02bthcm01(en-us,PandP.10).gifMarshalByRefObj objects from clients are not accepted without validating the source of the object.
Ff648326.z02bthcm01(en-us,PandP.10).gifThe risk of serialization attacks are mitigated by setting the typeFilterLevel attribute programmatically or in the application's Web.config file.
Ff648326.z02bthcm01(en-us,PandP.10).gifAll field items that are retrieved from serialized data streams are validated as they are created on the server side.

Authentication

CheckDescription
Ff648326.z02bthcm01(en-us,PandP.10).gifAnonymous authentication is disabled in IIS.
Ff648326.z02bthcm01(en-us,PandP.10).gifASP.NET is configured for Windows authentication.
Ff648326.z02bthcm01(en-us,PandP.10).gifClient credentials are configured at the client through the proxy object.
Ff648326.z02bthcm01(en-us,PandP.10).gifAuthentication connection sharing is used to improve performance.
Ff648326.z02bthcm01(en-us,PandP.10).gifClients are forced to authenticate on each call (unsafeAuthenticatedConnectionSharing is set to "false").
Ff648326.z02bthcm01(en-us,PandP.10).gifconnectionGroupName is specified to prevent unwanted reuse of authentication connections.
Ff648326.z02bthcm01(en-us,PandP.10).gifPlain text credentials are not passed over the network.
Ff648326.z02bthcm01(en-us,PandP.10).gifIPrincipal objects passed from the client are not trusted.

Authorization

CheckDescription
Ff648326.z02bthcm01(en-us,PandP.10).gifIPSec is used for machine-level access control.
Ff648326.z02bthcm01(en-us,PandP.10).gifFile authorization is enabled for user access control.
Ff648326.z02bthcm01(en-us,PandP.10).gifUsers are authorized with principal-based role checks.
Ff648326.z02bthcm01(en-us,PandP.10).gifWhere appropriate, access to remote resources is restricted by setting rejectRemoteRequest attribute to "true".

Configuration Management

CheckDescription
Ff648326.z02bthcm01(en-us,PandP.10).gifConfiguration files are locked down and secured for both the client and the server.
Ff648326.z02bthcm01(en-us,PandP.10).gifGeneric error messages are sent to the client by setting the mode attribute of the <customErrors> element to "On".

Sensitive Data

CheckDescription
Ff648326.z02bthcm01(en-us,PandP.10).gifExchange of sensitive application data is secured by using SSL, IPSec, or a custom encryption sink.

Exception Management

CheckDescription
Ff648326.z02bthcm01(en-us,PandP.10).gifStructured exception handling is used.
Ff648326.z02bthcm01(en-us,PandP.10).gifException details are logged (not including private data, such as passwords).
Ff648326.z02bthcm01(en-us,PandP.10).gifGeneric error pages with standard, user friendly messages are returned to the client.

Auditing and Logging

CheckDescription
Ff648326.z02bthcm01(en-us,PandP.10).gifIf ASP.NET is used as the host, IIS auditing features are enabled.
Ff648326.z02bthcm01(en-us,PandP.10).gifIf required, a custom channel sink is used to perform logging on the client and the server.

patterns & practices Developer Center

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.