The top threats that you must address when building serviced components are:
Network eavesdropping
Unauthorized access
Unconstrained delegation
Disclosure of configuration data
Repudiation
Figure 11.2 highlights these top threats together with common serviced component vulnerabilities.
Enterprise Services applications often run on middle- tier application servers, remote from the Web server. As a result, sensitive application data must be protected from network eavesdroppers. You can use an Internet Protocol Security (IPSec) encrypted channel between Web and application server. This solution is commonly used in Internet data centers. Serviced components also support remote procedure call (RPC) packet level authentication, which provides packet-based encryption. This is most typically used to secure communication to and from desktop-based clients .
By enabling COM+ role-based authorization (it is disabled by default on Microsoft Windows 2000), you can prevent anonymous access and provide role-based authorization to control access to the restricted operations exposed by your serviced components.
If you enable delegation on Windows 2000 to allow a remote server to access network resources using the client's impersonated token, the delegation is unconstrained. This means that there is no limit to the number of network hops that can be made. Microsoft Windows Server 2003 introduces constrained delegation.
Many applications store sensitive data such as database connection strings in the COM+ catalog using object constructor strings. These strings are retrieved and passed to an object by COM+ when the object is created. Sensitive configuration data should be encrypted prior to storage in the catalog.
The repudiation threat arises when a user denies performing an operation or transaction, and you have insufficient evidence to counter the claim. Auditing should be performed across all application tiers. Serviced components should log user activity in the middle tier. Serviced components usually have access to the original caller's identity because front-end Web applications usually enable impersonation in Enterprise Services scenarios.