Internal endpoint and man-in-the-middle attacks

Question

Can someone please tell me if it's possible to have a man-in-the middle attack or intercepting messages sent from a worker role configured with an internal endpoint?

I have 2 roles in my hosted service.  My first role is a worker role running WCF service with 1 internal endpoint configured.  The other role is a web role with http configured.  

Since I will be passing highly confidential information between my worker role and web role, I want to make sure that the messages will be secure and no one can intercept them.  Is there a better way besides using a TCP binding + configuring WAS?

Thanks!!

Answer 1

You would want to enable message and transport security for the particular endpoint that way it enforces transport encryption (SSL/TLS), message signing, and message encryption. In the event of a man in the middle the connection would fail because the endpoint could not be trusted.

---

Developer Security MVP | www.syfuhs.net

Answer 2

Hi Steve,

That is what I currently have, using wsHttpBinding with transport security enabled.  However, with Azure Internal Endpoint, you don't have the choice of using HTTPS.  Only available options are: http, tcp, udp or any.   Also, looks like when using tcp, WAS must be configured and that complicates thing more.  According to this article, you either have to use pass-through authentication (creating the same account on the computer hosting the service as the computers uses the service) or disable "Security" with wsHttpBinding.  

My current workaround might be this

Thanks!

Answer 3

In most cases, you don't need to worry about internal endpoint security. Internal endpoints are only visible within the same service deployment. No one can use an internal endpoint from the internet. So in most cases, man-in-the-middle attack is impossible, unless someone somehow gains control over one of your role instance (for example, via remote desktop), and use that instance as the "middle" endpoint.

So instead of worrying about the internal endpoint security itself, protect your role instances. For example, do not enable remote desktop in production environment.

---

Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework

Answer 4

Arwind, thanks for the info.  If there is a malicious app in the Azure cloud, do you think it can capture traffic as the scenario described above?  

Answer 5

If the malicious app is installed on one of your instances, then yes. If it is installed on someone else's instance, then no. If it is installed on the load balancer, then everyone is at risk. But we will not let that happen. Otherwise it is a violation of SLA. So what you need to do is to protect your own instances. Do not install any malicious apps. Choose to let Windows Azure automatically install updates (the default configuration), be careful with anything uploaded from users, and do not enable remote desktop unless you need to trouble shoot a problem during testing period.

---

Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework