Word Is Out, Big News Monday!

Score One Inc.
SREA
$0.20 UP 33.3%

This week's news has already been pushing SREA up. Word is out a BIG
news release is expected Monday! Keep your eyes open and get on SREA
Monday!

Are these trade-offs worth it for your system?

Get the sample code for this article. This solution reduces the
privilege level of the gateway process significantly; you no longer have
to run your gateway as SYSTEM.

Factoring Out High PrivilegeThis dilemma can be solved by factoring the
gateway process in half. When the domain administrator enables protocol
transition for your Web application's identity, she's entrusting you
with the job that the domain controller normally does-authenticating
users.
But if an attacker compromises a gateway that's trusted for protocol
transition, there are no passwords to find there. This is where my
readers started running into trouble.

Note the call to throwIfUserIsAdmin. It's a great feature when you're
looking to wire up some alternate form of authentication on the front
end but would like to reap the benefits of using Kerberos on the back
end.

It's important to note that when you construct a WindowsIdentity from a
token handle, the WindowsIdentity constructor duplicates the incoming
handle. NET wrappers like WindowsIdentity to manipulate the token
handle. Factoring Out High PrivilegeThis dilemma can be solved by
factoring the gateway process in half.
First, the process that hosts this logon service must run with the TCB
privilege, and the best way to do that is to run as SYSTEM.

The Delegation tab will only show up for security principals that have
at least one SPN assigned, which is why you normally only see it on
computer accounts. Factoring Out High PrivilegeThis dilemma can be
solved by factoring the gateway process in half. Running the gateway
under lower privilege provides defense-in-depth against these sorts of
attacks.

All rights reserved; reproduction in part or in whole without permission
is prohibited.

Any time you have a process that accepts input from remote users, runs
all the time, and runs with high privilege, you've got a dangerous
situation.
They wanted to use protocol transition, but quickly found that unless
their gateway processes were running as SYSTEM, any logons they
established via this feature were useless.

NET Framework doesn't yet have a class that allows you to manipulate
tokens directly.
Are these trade-offs worth it for your system? This is worth
reiterating: do not just copy and paste my gateway sample into your own
app, as you'll be leaving yourself wide open to attack!

First, the process that hosts this logon service must run with the TCB
privilege, and the best way to do that is to run as SYSTEM.

As you can see, MyWebIdentity is configured for protocol transition
because I've selected the option "Trust this user for delegation to
specified services only" and "Use any authentication protocol.