Chapter 8: WMI Security

Overview

Windows Management Instrumentation (WMI), like any power tool, is a doubleedged sword. To system administrators, WMI is an indispensable part of the system management arsenal that allows them to oversee and alter all aspects of the entire management domain from a single, centralized management console. However, if misconfigured, such a system may just as easily enable a malicious hacker not only to sniff out the valuable and sensitive system configuration and operational data, but also severely disrupt the operations of the entire enterprise, and even damage or destroy some of its components . The ability to rename and delete files, start and stop services, manage processes, and reboot computers from a centralized remote location is the dream of any system manager, and although WMI certainly turns this dream into a reality, there is a clear and present danger if all this power falls into the wrong hands.

Thus, it should be clear to anyone that for a system such as WMI, strong security capabilities are not just a luxury, but an essential measure of success. In fact, a few otherwise very powerful and flexible management systems have been receiving bad press for years , solely due to their lack of sufficient security protection. For instance, many industry professionals attribute the slow adaptation of the Simple Network Management Protocol (SNMP) to its less then robust security features; in fact, some organizations and individuals consider using the SNMP-based management tools a potential security risk.

Therefore, it will not surprise you to discover that extensive support for securing access to the enterprise is built into the very core of WMI. Unlike other management solutions, WMI is not equipped with a standalone security framework; instead it relies on the security features of the Windows operating system and the Distributed Component Object Model (DCOM) security mechanism. Such an approach to securing the management operations via tight integration with Windows and DCOM security frameworks is well justified. In addition to easing the configuration and management of the system's security attributes by sharing APIs and configuration utilities, both Windows and DCOM security models are well reputed and are considered to be among the most reliable security frameworks around.

Unfortunately, flexibility and robustness often come at a price—high complexity—which is definitely the case with Windows and DCOM security. DCOM, for instance, has more security features than any other system known to man; however, it is often misunderstood and even more often misconfigured, thus creating security holes that naturally defeat its very purpose. But lowering the complexity is not an acceptable option either, since ensuring the proper degree of protection in a distributed environment is, by definition, very complex and cannot be achieved by simple means. In fact, industry experience shows that simplistic distributed security systems are either far too restrictive and inflexible , or are plainly unreliable and risky. Hence Windows and DCOM security.

Ignoring the security implications that result from using WMI as an enterprise-wide management solution is not a smart choice. Also, attempting to configure the system blindfolded without understanding its security features is not really a choice at all—it simply will not work. Thus, any system administrator searching for a successful management solution must be somewhat familiar with Windows and DCOM security and WMI's integration with these security models.

The purpose of this chapter is to expose you to the most important security features of WMI and to help you build a foundation on which to develop secure management applications. Although I will provide a basic overview of the Windows and DCOM security topics relevant to WMI, it is not my intention to turn this chapter into a tutorial on distributed security. As I already mentioned, this subject is very complex and delving into its intricacies could easily add a thousand pages to this book. Remember, the primary focus of this chapter is building secure management clients with .NET, and therefore, some WMI security issues, especially those related to provider development, will not be addressed. Fortunately, WMI and Platform SDK documentation seem to contain enough information on the most obscure aspects of WMI security that you can dig into to satisfy your curiosity .