Can someone please tell me if it's possible to have a man-in-the middle attack or intercepting messages sent from a worker role configured with an internal endpoint?
I have 2 roles in my hosted service. My first role is a worker role running WCF service with 1 internal endpoint configured. The other role is a web role with http configured.
Since I will be passing highly confidential information between my worker role and web role, I want to make sure that the messages will be secure and no one can intercept them. Is there a better way besides using a TCP binding + configuring WAS?
2012年7月16日 21:09You would want to enable message and transport security for the particular endpoint that way it enforces transport encryption (SSL/TLS), message signing, and message encryption. In the event of a man in the middle the connection would fail because the endpoint could not be trusted.
Developer Security MVP | www.syfuhs.net
That is what I currently have, using wsHttpBinding with transport security enabled. However, with Azure Internal Endpoint, you don't have the choice of using HTTPS. Only available options are: http, tcp, udp or any. Also, looks like when using tcp, WAS must be configured and that complicates thing more. According to this article, you either have to use pass-through authentication (creating the same account on the computer hosting the service as the computers uses the service) or disable "Security" with wsHttpBinding.
My current workaround might be this
In most cases, you don't need to worry about internal endpoint security. Internal endpoints are only visible within the same service deployment. No one can use an internal endpoint from the internet. So in most cases, man-in-the-middle attack is impossible, unless someone somehow gains control over one of your role instance (for example, via remote desktop), and use that instance as the "middle" endpoint.
So instead of worrying about the internal endpoint security itself, protect your role instances. For example, do not enable remote desktop in production environment.
2012年7月17日 16:12Arwind, thanks for the info. If there is a malicious app in the Azure cloud, do you think it can capture traffic as the scenario described above?
2012年7月18日 1:22版主If the malicious app is installed on one of your instances, then yes. If it is installed on someone else's instance, then no. If it is installed on the load balancer, then everyone is at risk. But we will not let that happen. Otherwise it is a violation of SLA. So what you need to do is to protect your own instances. Do not install any malicious apps. Choose to let Windows Azure automatically install updates (the default configuration), be careful with anything uploaded from users, and do not enable remote desktop unless you need to trouble shoot a problem during testing period.
- 已标记为答案 Q-MO 2012年7月18日 23:19