Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Impersonation/Delegation security considerations

Reply
Thread Tools

Impersonation/Delegation security considerations

 
 
Rich
Guest
Posts: n/a
 
      08-25-2003
I'm having trouble finding specific documentation
regarding the negative impact of using delegation in a
Windows 2000 environment. I've read through numerous
articles on using it, but if I do find anything that
cautions the use of it, it reads like the following:

Importantelegation is a very powerful feature and is
unconstrained on Windows 2000. It should be used with
caution. Computers that are configured to support
delegation should be under controlled access to prevent
misuse of this feature.

Our Network/Server side of the house does not want to
implement delegation without knowing the immediate and
potential security risks, and how to guard against them.
 
Reply With Quote
 
 
 
 
Alek Davis
Guest
Posts: n/a
 
      08-26-2003
Hi Rich,

Our AD/network guys illustrated a potential security issue using the
following example. By the way, I assume that by delegation you mean passing
user's credential from one machine to the other, which would allow a Web
application running on machine A to connect to a SQL server running on
machine B using integrated Windows authentication with credentials
(actually, authentication token or Kerberos ticket) of a remote user
accessing the site from machine C. Without delegation, a Web application can
only pass user's credentials to a SQL Server running on the same machine.
So, let's say that I am an internal hacker and I would like to connect to
some secure database using credentials of the company's CEO (CIO, or
whatever). If delegation is enabled on my network, what I can do is:

(1) Create a fake internal Web site.
(2) Send an HTML e-mail (or regular e-mail with a link) pointing to my fake
Web site to the CEO (CIO, or whatever).
(3) In the code-behind logic, use caller's credentials (Kerberos ticket) to
connect to the database and do whatever I want on behalf of the user.

The main danger in this scenario is that the user will never know what have
happened. Without delegation, this risk is eliminated because my fake Web
site would not be able to propagate user's credentials to the remote SQL
Server unless I use basic authentication for the Web site, which is also a
risk, but at least it will be visible to the user that some security-related
operation is happening.

Alek

"Rich" <(E-Mail Removed)> wrote in message
news:008601c36b20$50fc8dc0$(E-Mail Removed)...
> I'm having trouble finding specific documentation
> regarding the negative impact of using delegation in a
> Windows 2000 environment. I've read through numerous
> articles on using it, but if I do find anything that
> cautions the use of it, it reads like the following:
>
> Importantelegation is a very powerful feature and is
> unconstrained on Windows 2000. It should be used with
> caution. Computers that are configured to support
> delegation should be under controlled access to prevent
> misuse of this feature.
>
> Our Network/Server side of the house does not want to
> implement delegation without knowing the immediate and
> potential security risks, and how to guard against them.



 
Reply With Quote
 
 
 
 
Rich
Guest
Posts: n/a
 
      08-27-2003
Hi Alek,

Your assumption and illustration of machines A, B, and C
was 100% correct. Thank you very much for the internal
security risk example. I will forward this info on to our
network folks.

>-----Original Message-----
>Hi Rich,
>
>Our AD/network guys illustrated a potential security

issue using the
>following example. By the way, I assume that by

delegation you mean passing
>user's credential from one machine to the other, which

would allow a Web
>application running on machine A to connect to a SQL

server running on
>machine B using integrated Windows authentication with

credentials
>(actually, authentication token or Kerberos ticket) of a

remote user
>accessing the site from machine C. Without delegation, a

Web application can
>only pass user's credentials to a SQL Server running on

the same machine.
>So, let's say that I am an internal hacker and I would

like to connect to
>some secure database using credentials of the company's

CEO (CIO, or
>whatever). If delegation is enabled on my network, what I

can do is:
>
>(1) Create a fake internal Web site.
>(2) Send an HTML e-mail (or regular e-mail with a link)

pointing to my fake
>Web site to the CEO (CIO, or whatever).
>(3) In the code-behind logic, use caller's credentials

(Kerberos ticket) to
>connect to the database and do whatever I want on behalf

of the user.
>
>The main danger in this scenario is that the user will

never know what have
>happened. Without delegation, this risk is eliminated

because my fake Web
>site would not be able to propagate user's credentials to

the remote SQL
>Server unless I use basic authentication for the Web

site, which is also a
>risk, but at least it will be visible to the user that

some security-related
>operation is happening.
>
>Alek
>
>"Rich" <(E-Mail Removed)> wrote in message
>news:008601c36b20$50fc8dc0$(E-Mail Removed)...
>> I'm having trouble finding specific documentation
>> regarding the negative impact of using delegation in a
>> Windows 2000 environment. I've read through numerous
>> articles on using it, but if I do find anything that
>> cautions the use of it, it reads like the following:
>>
>> Importantelegation is a very powerful feature and is
>> unconstrained on Windows 2000. It should be used with
>> caution. Computers that are configured to support
>> delegation should be under controlled access to prevent
>> misuse of this feature.
>>
>> Our Network/Server side of the house does not want to
>> implement delegation without knowing the immediate and
>> potential security risks, and how to guard against them.

>
>
>.
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security considerations with REST calls Sj Tib Ruby 3 09-16-2009 02:00 PM
Security Considerations Mantorok ASP .Net 0 04-13-2006 01:13 PM
I/O and Security Considerations Jerry ASP .Net 1 12-22-2004 11:59 PM
Future Considerations Mr. Garrett Hord Microsoft Certification 1 01-09-2004 06:43 PM
Re: Performance considerations of compiling in debug mode, then NOT deploying the PDB file Steve C. Orr, MCSD ASP .Net 3 08-21-2003 01:29 PM



Advertisments