8

At work they want me to create a service account to run the app pool for my web application in iis under.

Why would this be useful and/or necessary?

Jason
  • 279
  • 2
  • 10

3 Answers3

11

It gives your application a particular account by which you can set security. Normally the process would run as the IIS user account, and therefor have all the privildges associated with that account. By creating an account just for that application, you can assign rights to that service account for only the resources it needs. It significantly reduces the chances of anyone exploiting your application, and reduces the chances of your application having an adverse effect on some part of the system it shouldn't access anyway.

Chris S
  • 77,337
  • 11
  • 120
  • 212
8

A service account is used for two things: Isolation and auditing.

Isolation allows you to grant the minimal rights necessary for the service to the service account, ensuring that even if an attacker were to exploit the service and gain local system access his ability to do further damage is limited. Even in a case where an attacker is not a concern isolation prevents a buggy service from effecting other services.

Auditing can be aided by service accounts because every action taken by a different service will be logged as coming from a different user, making differentiating one ill-behaving service from others that are working correctly easier.

Though these are the primary uses for service accounts there are others, such as performance tuning. Running each service as a different user allows you to use existing per-user resource allocation to control resources available to a service.

I consider per-service service accounts mandatory policy for any system that hopes to be secure.

Sorpigal
  • 326
  • 1
  • 5
4

Basically: If the application breaks, then the damage it can do is restricted only to files owned or writable by that user. Also, if the application is compromised, then the same restriction applies to the data that can be accessed through it.

In principal, every item of software should only be able to access to resources it needs and nothing else. Naturally, there are always simplifications and compromises, but running a web app under its own account is one of the primary measures of applying this.

SmallClanger
  • 8,947
  • 1
  • 31
  • 45