I am wondering if i need to add any other kind of security on this asp.net application - web forms (available only on network domain and through VPN connection)?
我想知道我是否需要在这个asp.net应用程序中添加任何其他类型的安全性—web表单(仅在网络域和VPN连接上可用)?
Application Environment: Asp.net 4.0, Vb.net, Oracle 10g, Web Services, Window server 2003 or 2008, Hosted on domain
应用环境:Asp.net 4.0, Vb.net, Oracle 10g, Web服务,windows server 2003或2008,托管在域上
User Authentication Mode: Window (Not using asp.net membership)
用户身份验证模式:窗口(不使用asp.net成员)
Authentication Scenario:
Application is accessible via intranet site and system authenticates user with his system user name. On the default page system will first get the current user name (HttpContext.Current.User.Identity.Name) and then match it in the user table (oracle DB), if it is matched then store procedure will return all the access permissions (menu details) relevant to this user group. There is a user group and permission table in the oracle DB. In the store procedure, system will also check the user permissions before any DML transaction.
身份验证场景:通过内部网站点访问应用程序,系统使用系统用户名对用户进行身份验证。在默认的页面系统上,首先获取当前的用户名(HttpContext.Current.User.Identity.Name),然后在用户表(oracle DB)中匹配该用户名,如果匹配,存储过程将返回与该用户组相关的所有访问权限(菜单详细信息)。oracle DB中有一个用户组和权限表。在存储过程中,系统还将在任何DML事务之前检查用户权限。
Main security concern
主要安全问题
Major: restrict people to access the information depends on their permissions. Normal user shouldn’t get access to other’s data.
专业:限制人们访问信息取决于他们的权限。普通用户不应该访问其他人的数据。
Minor: We don’t want anyone to get into our system outside office network.
未成年人:我们不希望任何人进入我们的系统以外的办公室网络。
2 个解决方案
#1
1
As Joachim says, this arrangement only supports Windows systems running on the local network. Shifting to basic authentication will allow more clients to connect but exposes the passwords on the network (effectively in clear text) without HTTPS. Forms authentication is similar.
正如Joachim所言,这种安排只支持在本地网络上运行的Windows系统。转移到基本身份验证将允许更多的客户端连接,但不使用HTTPS公开网络上的密码(有效地使用明文)。表单验证是相似的。
Without server authentication, users could be redirected to a similar server without their knowledge or suffer a main-in-the-middle attack. HTTPS gives you this with the server certificate. This may not be a concern on a local network but users' hosts (in c:\windows\system32\drivers\etc) files are often vulnerable.
如果没有服务器身份验证,用户可能会在不知情的情况下被重定向到类似的服务器,或者遭受中主攻。HTTPS提供服务器证书。这可能不是本地网络所关心的问题,但是用户的主机(c:\windows\system32\driver \等等)文件通常是脆弱的。
Without encryption, any user can sniff the information sent back and forward over the network assuming they are on the same subnet. This may be an acceptable risk for most applications but not if the information is sensitive, e.g. contains sensitive or personal information.
如果没有加密,任何用户都可以在网络上嗅出发送的信息,并假设它们在同一子网中。对于大多数应用程序来说,这可能是一个可接受的风险,但如果信息是敏感的,例如包含敏感信息或个人信息,则不可能。
Consider replay attacks (see How do I prevent replay attacks? for an example) if people are performing important operations like approvals.
考虑重播攻击(参见如何防止重播攻击?例如)如果人们正在执行重要的操作,如批准。
Consider auditing access to the database, particularly the user group and permission tables. Someone could add themselves or move them into a group, perform an operation then remove themselves. Check your pages for SQL injection and similar attacks which could accomplish this.
考虑审计对数据库的访问,特别是用户组和权限表。有人可以添加自己或将他们移动到一个组中,执行一个操作,然后删除自己。检查您的页面,看看是否有SQL注入和类似的攻击可以实现这一点。
In summary, how likely are people to compromise or interfere with the system and how much are you willing to invest to protect it? Assuming the server can handle the load, HTTPS is a hard to go past as a first step.
综上所述,人们妥协或干预系统的可能性有多大,你愿意投资多少来保护它?假设服务器能够处理负载,HTTPS作为第一步是很难通过的。
#2
0
Unsure what kind of ASP.Net technology you are using (MVC/Razor/Web Forms).
不知道什么样的ASP。网络技术使用(MVC /剃须刀/ Web表单)。
If you are using Web Forms, then you can immediately take advantage of ASP.NET Login Controls like LoginView Control. They work with ASP.Net Forms Authentication (with or without using ASP.net Membership). You can also take advantage of Roles.
如果您正在使用Web表单,那么您可以立即利用ASP。NET登录控件,如LoginView控件。他们使用ASP。Net表单身份验证(是否使用ASP.net成员关系)。您还可以利用角色。
Your intranet server should be "protected" if it's not exposed in your network publicly (in any way). Of course that's a bold statement that depends entirely on your network implementation - e.g. subnetting, internal net/no nat/route/no port forwarding, no dns, etc. This makes VPN as your only point of exposure from the outside, then you must enforce proper security policies for your VPN infrastructure - e.g. one-time passwords, client inspection, etc.
如果您的内部网服务器没有在您的网络中公开(以任何方式),那么它应该受到“保护”。当然这是一个大胆的声明,完全取决于您的网络实现——例如子网划分,内部net/no nat /线路/没有端口转发,没有dns,等等。这使得VPN作为你唯一的点从外面的接触,那么你必须执行适当的安全策略为您的VPN的基础设施——如一次性密码,客户检查等。
Update:
更新:
If you are using Active Directory, you can create users/groups in AD to provide access accordingly (e.g. Finance AD group can only access "finance" folder). I haven't kept abreast with browser support for NTLM outside of Internet Explorer however.
如果您正在使用活动目录,您可以在AD中创建用户/组来提供相应的访问(例如,财务广告组只能访问“财务”文件夹)。但是,我还没有跟上浏览器对Internet Explorer之外的NTLM的支持。
You did mention user data is in an Oracle db however(?). I'm not familiar with solutions that allow no login screen access (to network resources) using a db/Oracle.....
你提到的用户数据在Oracle数据库(?)。我不熟悉的解决方案,允许没有登录屏幕访问(网络资源)使用db / Oracle .....
Also, that would mean one-time passwords for VPN access may not be available. Look into token based VPNs so users can still use their AD credentials but need a new token each time - this will help mitigate the "passwords in yellow sticky notes" (because you can have tighter control over tokens).
此外,这意味着VPN访问的一次性密码可能不可用。查看基于令牌的VPNs,这样用户仍然可以使用他们的广告凭证,但每次都需要一个新的令牌——这将有助于减轻“黄色便签中的密码”(因为您可以对令牌进行更严格的控制)。
#1
1
As Joachim says, this arrangement only supports Windows systems running on the local network. Shifting to basic authentication will allow more clients to connect but exposes the passwords on the network (effectively in clear text) without HTTPS. Forms authentication is similar.
正如Joachim所言,这种安排只支持在本地网络上运行的Windows系统。转移到基本身份验证将允许更多的客户端连接,但不使用HTTPS公开网络上的密码(有效地使用明文)。表单验证是相似的。
Without server authentication, users could be redirected to a similar server without their knowledge or suffer a main-in-the-middle attack. HTTPS gives you this with the server certificate. This may not be a concern on a local network but users' hosts (in c:\windows\system32\drivers\etc) files are often vulnerable.
如果没有服务器身份验证,用户可能会在不知情的情况下被重定向到类似的服务器,或者遭受中主攻。HTTPS提供服务器证书。这可能不是本地网络所关心的问题,但是用户的主机(c:\windows\system32\driver \等等)文件通常是脆弱的。
Without encryption, any user can sniff the information sent back and forward over the network assuming they are on the same subnet. This may be an acceptable risk for most applications but not if the information is sensitive, e.g. contains sensitive or personal information.
如果没有加密,任何用户都可以在网络上嗅出发送的信息,并假设它们在同一子网中。对于大多数应用程序来说,这可能是一个可接受的风险,但如果信息是敏感的,例如包含敏感信息或个人信息,则不可能。
Consider replay attacks (see How do I prevent replay attacks? for an example) if people are performing important operations like approvals.
考虑重播攻击(参见如何防止重播攻击?例如)如果人们正在执行重要的操作,如批准。
Consider auditing access to the database, particularly the user group and permission tables. Someone could add themselves or move them into a group, perform an operation then remove themselves. Check your pages for SQL injection and similar attacks which could accomplish this.
考虑审计对数据库的访问,特别是用户组和权限表。有人可以添加自己或将他们移动到一个组中,执行一个操作,然后删除自己。检查您的页面,看看是否有SQL注入和类似的攻击可以实现这一点。
In summary, how likely are people to compromise or interfere with the system and how much are you willing to invest to protect it? Assuming the server can handle the load, HTTPS is a hard to go past as a first step.
综上所述,人们妥协或干预系统的可能性有多大,你愿意投资多少来保护它?假设服务器能够处理负载,HTTPS作为第一步是很难通过的。
#2
0
Unsure what kind of ASP.Net technology you are using (MVC/Razor/Web Forms).
不知道什么样的ASP。网络技术使用(MVC /剃须刀/ Web表单)。
If you are using Web Forms, then you can immediately take advantage of ASP.NET Login Controls like LoginView Control. They work with ASP.Net Forms Authentication (with or without using ASP.net Membership). You can also take advantage of Roles.
如果您正在使用Web表单,那么您可以立即利用ASP。NET登录控件,如LoginView控件。他们使用ASP。Net表单身份验证(是否使用ASP.net成员关系)。您还可以利用角色。
Your intranet server should be "protected" if it's not exposed in your network publicly (in any way). Of course that's a bold statement that depends entirely on your network implementation - e.g. subnetting, internal net/no nat/route/no port forwarding, no dns, etc. This makes VPN as your only point of exposure from the outside, then you must enforce proper security policies for your VPN infrastructure - e.g. one-time passwords, client inspection, etc.
如果您的内部网服务器没有在您的网络中公开(以任何方式),那么它应该受到“保护”。当然这是一个大胆的声明,完全取决于您的网络实现——例如子网划分,内部net/no nat /线路/没有端口转发,没有dns,等等。这使得VPN作为你唯一的点从外面的接触,那么你必须执行适当的安全策略为您的VPN的基础设施——如一次性密码,客户检查等。
Update:
更新:
If you are using Active Directory, you can create users/groups in AD to provide access accordingly (e.g. Finance AD group can only access "finance" folder). I haven't kept abreast with browser support for NTLM outside of Internet Explorer however.
如果您正在使用活动目录,您可以在AD中创建用户/组来提供相应的访问(例如,财务广告组只能访问“财务”文件夹)。但是,我还没有跟上浏览器对Internet Explorer之外的NTLM的支持。
You did mention user data is in an Oracle db however(?). I'm not familiar with solutions that allow no login screen access (to network resources) using a db/Oracle.....
你提到的用户数据在Oracle数据库(?)。我不熟悉的解决方案,允许没有登录屏幕访问(网络资源)使用db / Oracle .....
Also, that would mean one-time passwords for VPN access may not be available. Look into token based VPNs so users can still use their AD credentials but need a new token each time - this will help mitigate the "passwords in yellow sticky notes" (because you can have tighter control over tokens).
此外,这意味着VPN访问的一次性密码可能不可用。查看基于令牌的VPNs,这样用户仍然可以使用他们的广告凭证,但每次都需要一个新的令牌——这将有助于减轻“黄色便签中的密码”(因为您可以对令牌进行更严格的控制)。