Checklist: Securing Remoting
Retired Content |
---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
Improving Web Application Security: Threats and Countermeasures
J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan
Microsoft Corporation
Published: June 2003
Applies to:
- Remoting (.NET Framework version 1.1)
See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.
See the Landing Page for the starting point and a complete overview of Improving Web Application Security: Threats and Countermeasures.
Contents
How to Use This Checklist Design Considerations Input Validation Authentication Authorization Configuration Management Sensitive Data Exception Management Auditing and Logging
How to Use This Checklist
This checklist is a companion to Chapter 13, "Building Secure Remoted Components." Use it to help you build secure components that use the Microsoft ® .NET remoting technology and as a snapshot of the corresponding chapter.
Design Considerations
Check | Description |
---|---|
Remote components are not exposed to the Internet. | |
The ASP.NET host and HttpChannel are used to take advantage of Internet Information Services (IIS) and ASP.NET security features. | |
TcpChannel (if used) is only used in trusted server scenarios. | |
TcpChannel (if used) is used in conjunction with custom authentication and authorization solutions. |
Input Validation
Check | Description |
---|---|
MarshalByRefObj objects from clients are not accepted without validating the source of the object. | |
The risk of serialization attacks are mitigated by setting the typeFilterLevel attribute programmatically or in the application's Web.config file. | |
All field items that are retrieved from serialized data streams are validated as they are created on the server side. |
Authentication
Check | Description |
---|---|
Anonymous authentication is disabled in IIS. | |
ASP.NET is configured for Windows authentication. | |
Client credentials are configured at the client through the proxy object. | |
Authentication connection sharing is used to improve performance. | |
Clients are forced to authenticate on each call (unsafeAuthenticatedConnectionSharing is set to "false"). | |
connectionGroupName is specified to prevent unwanted reuse of authentication connections. | |
Plain text credentials are not passed over the network. | |
IPrincipal objects passed from the client are not trusted. |
Authorization
Check | Description |
---|---|
IPSec is used for machine-level access control. | |
File authorization is enabled for user access control. | |
Users are authorized with principal-based role checks. | |
Where appropriate, access to remote resources is restricted by setting rejectRemoteRequest attribute to "true". |
Configuration Management
Check | Description |
---|---|
Configuration files are locked down and secured for both the client and the server. | |
Generic error messages are sent to the client by setting the mode attribute of the <customErrors> element to "On". |
Sensitive Data
Check | Description |
---|---|
Exchange of sensitive application data is secured by using SSL, IPSec, or a custom encryption sink. |
Exception Management
Check | Description |
---|---|
Structured exception handling is used. | |
Exception details are logged (not including private data, such as passwords). | |
Generic error pages with standard, user friendly messages are returned to the client. |
Auditing and Logging
Check | Description |
---|---|
If ASP.NET is used as the host, IIS auditing features are enabled. | |
If required, a custom channel sink is used to perform logging on the client and the server. |
Retired Content |
---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |