是NetNamedPipeBinding安全吗? [英] is NetNamedPipeBinding safe?
问题描述
我想知道,如果netNamedPipeBinding被认为是安全的:
I would like to know if netNamedPipeBinding is considered safe:
在一方面NetNamedPipeBinding只在传输层实现了安全性,它使用NTLM(的source )由微软(的source )
On one hand NetNamedPipeBinding implements security only on the transport Layer and it uses NTLM (source) that is no longer recommended by Microsoft (source)
在另一方面命名Pipie不是从远程计算机可访问的,并且没有办法窃听的特定开放管道实例被用来传送数据,或将数据写入到它,除非可以得到手柄向有关具体实例
On the other hand the Named Pipie is not accessible from a remote computer, and there is no way to eavesdrop on a particular open pipe instance being used to transfer data, or write data to it, unless one can obtain the handle to the specific instance concerned.
这就是为什么我不知道该怎么思考这个问题的解决方案的安全性的原因。
This is the reason why I don't know what to think about the security of this solution.
推荐答案
您是不是真的提出正确的问题:它是不可能给出一个布尔答案在所有情况下有效。你应该总是评估解决方案的整体安全性,识别威胁和建模相关的安全风险。
You are not really asking the right question: it is not possible to give a boolean answer valid in all circumstances. You should always assess security of a solution as a whole, identifying threats and modelling the associated security risks.
这就是说,它是真实的WCF NetNamedPipeBinding确实有安全特性这使得它有点从绑定基于网络协议的不同:
That said, it is true that the WCF NetNamedPipeBinding does have security characteristics which makes it somewhat different from bindings based on network protocols:
- 相比于任何网络协议,则NetNamedPipeBinding本质上是远远反对威胁更安全在传输连接的通信。而不是字节通过网络被发送,在命名管道的情况下,消息被交换对涉及传递数据的字节(经由操作系统API),以及从存储器由操作系统内核一台机器上管理的机制。消息流不可能除非谁已经在内核模式下运行的特权代码(攻击者窃听,如果你有这样的攻击者已经在你的操作系统的短裤内,他可以大概已经做任何事情,他喜欢与你申请流程)。因此WCF的运输安全的或多或少无关的信息流的安全性,应该可以说是经常被禁用在配置上避免不必要的运行时开销。
- 的命名管道绑定发布服务端点,以潜在客户使用的机制也是本质上比基于网络的协议更安全:它是基于一个名为共享内存对象,因此不可能从任何远程计算机访问。
- 用于信息交换的命名管道的名称与一个GUID从而改变每次服务器重启时间,并可以防止任何远程用户开放的ACL进一步保护它,即使他们能够以某种方式来发现管道名称的当前的GUID。
- Compared to any network protocol, the NetNamedPipeBinding is inherently far more secure against threats to the communication over the transport connection. Rather than bytes being transmitted over a network, in the case of named pipes the messages are exchanged over a mechanism involving passing bytes of data (via operating system APIs) to and from memory managed by the operating system kernel on a single machine. The message stream can't possibly be eavesdropped except by an attacker who already has privileged code running in kernel mode (and if you have such an attacker already inside the knickers of your operating system he can probably already do anything he likes with your application process). Consequently the WCF "Transport Security" is more or less irrelevant to the security of the message stream and should arguably often be disabled in configuration to avoid unnecessary runtime overhead.
- The mechanism used by the named pipe binding to publish service endpoints to prospective clients is also inherently more secure than network-based protocols: it is based on a named Shared Memory object and thus impossible to access from any remote computer.
- The named pipe used for message exchange is named with a GUID which changes every time the server restarts, and is further protected by an ACL which prevents any remote user opening it, even if they were able somehow to discover the current GUID of the pipe name.
在另一方面,是基于一个操作系统设施经由API访问,而不是对公开的标准进行网络通信,也有不发生基于网络的绑定一些特定的安全漏洞:
On the other hand, being based on an operating system facility accessed via an API, rather than on public standards for network communication, there are some specific security vulnerabilities which don't arise for network-based bindings:
- 服务器蹲的攻击,在这里比预期的WCF服务主机其他一些进程侦听的命名管道成功。命名管道结合在.NET 3.5和事先未固定针对此漏洞由于在通过结合创造以固定管ACL的一个错误。 .NET 4中大多纠正这个错误。
- 在Windows命名管道有一个内置的机制,以支持命名管道服务器,冒充他们的客户。将WCF NetNamedPipeBinding包含一个错误,这在某些情况下使配管服务器(即WCF服务)来使用这种模拟客户端的Windows凭证,即使客户端侧的WCF结合被配置为禁止模拟。
在总之,你需要评估哪些与您有关的威胁之光的应用/系统的整体安全性,同时考虑到的具体特点你可能会考虑各种绑定。该NetNamedPipeBinding往往会在同一台计算机的方案的最佳选择。
In summary, you need to evaluate the overall security of your application/system in the light of the threats which matter to you, taking into account the particular characteristics of the various bindings you might consider. The NetNamedPipeBinding will often be the best choice for same-machine scenarios.
这篇关于是NetNamedPipeBinding安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
