.net - What are the specific security risks of this web services architecture? -
I need ammunition to try to promote the set of available web services that directly support our production Chat with customer service application. My approach is to implement the IPassword provider and authenticate it from our Edi Store. The architecture recommendation that came from high is SSL, which has an IP filter on the router, allowing only some IP addresses to call web services. Entry will be given with a GUID key, no login or password is required.
Each key authorized to use our web services will be given a key, it will be generated by us and will probably be emailed to them. There is no end policy about which I know.
It seems wrong to me, but they are not buying the logic that there is no real certification in the game. What are the specific safety risks with this architecture? What is really the attack scenario, and how easy would it be to compromise our system? I should be able to expand the risks, probably even even they should be displayed in our architecture team.
Good .. There is a lot that can be wrong ...
For one, the SSL server certificate only saves you to hide the general and if the server is identified correctly, it ensures that who is the customer (I think you have the right security on the server certificate on your client Are investigating).
But it does not tell the server anything about the client. To do this, you need to assign a client certificate and validate it on the server and still the solution is still weak if not done correctly.
Going back to your configuration if your server has not been authenticated correctly, then a person can not only hide it but can modify / modify the information on your communication channel. (Because you are not signing a confirmation to confirm that message itself).
> The IP filter is very weak, because most institutions have configuration for some or the outside use. Therefore, the PC with external access outside the same node will show the same IP. I do not need "spoofing" ... You need to compromise any internal machine ... such as a secretary's machine (giggles) .. .. and request from there.IP Spoaming IM is not sure that there will be a legitimate attack, in this case an attacking client will deny the service on the machine and then the server will try to install packets and take advantage of the spoof client cable connection The answer to the packet to finish and RTT
This package estimates the sequence number, which is now difficult, but not impossible from there, with an attacker's eye without any message But in this case, when the connection is not a plain HTML, but an SSL stream that contains information such as keys etc, and seeing that the attacker can see the language, because the injection is done from the darkness (At least not in the same subnet and can smell the packets) ... I have doubts about it.
Anyway ... recommendation configuration.
1 - Server SSL certificate with verification on client - Client SSL certificate with verification on server. - In addition to a GUID token, checksum of some types of messages that advises each session-client to be generated every time. (Do not forget to distribute this certificate securely on encrypted stores pkcs12 etc. Otherwise this approach can be seen in the Middle Assaults Is susceptible to the person)
2 - Increase the web service soap message with WS-Security and use the client and server Clients and server certificates To sign up / encryption, and use Taimstamping services.
You can still force the connection ... but it will not need ... and its still weak.
On one side note that IP spoofing was used by Kevin Mitnick against Shimmora ... so it is possible and not very difficult. I am sure that your device is based on OS version such devices Those who already automate most of the process.
IDs It's nice to hear what others think, hope it helps.
Comments
Post a Comment