6

The Service Bus is software that can be installed on Windows or rented on Azure and allows someone to relay SOAP/WCF information over the internet in the form of a XML over HTTPS payload.

One risk that I see is that it essentially allows a user with only outbound HTTP/S access to accept "inbound" WCF calls though the external proxy.

Although this can be helpful to make an application "just work", I would see this as a bad thing from a security perspective. My understanding is that this solution operates by polling an external Microsoft host for incoming data.

Considering that there may be legitmate business reasons for this technology, how will you secure your network from unapproved or malicious use of this relay?

makerofthings7
  • 50,090
  • 54
  • 250
  • 536

2 Answers2

4

When you expose a web service via the "Azure AppFabric Service Bus", you have multiple ways to protect that endpoint:

First of all, you can configure the service bus itself [1], so that only authenticated callers can send messages to your endpoint. In this case, you let Microsoft enforce your authorization policy for you.

Second, you can secure your service in an end-to-end fashion, i.e. in addition to the basic lower-level (transport) enforcement done by Microsoft for you, you can roll your own security model on top, say message-based security (WS-Security) in the case of SOAP.

Used in conjunction, Microsoft enforces that only authenticated callers dispatch messages towards your service, and inside your service you run your own security model.

With respect to confidentiality (encryption), you also have multiple layers here: The transport layer protects messages between your client and Microsoft, and between Microsoft and your service. The message layer provides end-to-end security between your client and your service, so that Microsoft only sees an encrypted SOAP body.

[1] Securing and Authenticating an AppFabric Service Bus Connection http://msdn.microsoft.com/en-us/library/dd582773.aspx

[2] Securing The .NET Service Bus http://msdn.microsoft.com/en-us/magazine/dd942847.aspx

chgeuer
  • 79
  • 1
4

My understanding of the service bus is that it works over specific ports in the 800 range -- I think. If you disable outbound connections over those ports, then you can't get out to the service bus to get the messages. Also, each service bus has it's own unique endpoint specific to the service in question so you could lock down access to only known endpoints.

Steve
  • 15,155
  • 3
  • 37
  • 66
  • What class of tools would you use to lock down? A XML firewall? – makerofthings7 Nov 22 '10 at 21:40
  • In regards to what ports the SB uses, the following document seems to call port 80 "HTTP" and implies that a server may listen over two ports. http://msdn.microsoft.com/en-us/library/ee732535.aspx – makerofthings7 Nov 22 '10 at 21:43