Microsoft Office Tutorials and References
In Depth Information
Protecting Against Attacks
Client to WFE Communications
An attacker could interfere with the communications that are returned from the WFE to the client and
replace the transmitted data with different data. For example, the attacker could change certain financial
information, tricking an end user into certain actions such as buying or selling large amounts of stocks
based on incorrect price assumptions.
The way to mitigate this threat is by securing the connection between the client machine and the WFE.
IPSec and HTTPS are the most common ways to secure the connection within the intranet. For extranet
or Internet scenarios (which has the highest risk for this threat), the main way is HTTPS. Enabling
HTTPS is done when configuring the IIS on the WFE.
Excel Services has a setting called Connection Encryption. When you set this to Required, the request to
the ECS fails if the WFE is not configured to require HTTPS connections.
Server Components Communications
The threat of an attacker tampering with the data sent over the network exists for the communications
between any two server components that reside on different machines. Following are examples of such
communications between components:
The data returned from the ECS to the WFE could be altered so that the workbook information
is different, in a similar way that the data sent from the WFE to the client can be changed.
The data returned from a database to the ECS can be tampered with.
The workbook returned from the SharePoint content database might be fuzzed.
To avoid these problems, you can secure the communications by using protocols such as IPSec
Tampering with a Database
A malicious user might build a workbook that contains commands that change the content of a database,
by adding, updating, or removing rows, or by changing the structure of a database. That attacker could
trick another user into viewing the workbook, which will trigger the attack with the second user’s
Excel Services offers a number of ways to mitigate this threat.
The feature set that exists in this version of Excel Services does not allow execution of random
commands. However, features such as query tables might be added in future releases, so the following
mitigations are still relevant to offer several layers of defense.
Limit which users have permissions to author workbooks. Only trusted users should be allowed
to author workbooks that connect to external data sources. You can achieve this by having
several trusted locations: some that don’t allow external data and are accessible by more users, and
those that do allow external data are accessible by a small number of trusted authors. You could
also add a middle layer to allow only data from trusted data connection libraries, and to limit
them to a small list of DCLs that only a small number of users are allowed to publish to.