Microsoft Office Tutorials and References
In Depth Information
Protecting Against Attacks
The Warn On Data Refresh setting on a trusted location prompts the user before doing the
operation. Although turning on this setting allows users to confirm that they really trust the
workbook author before refreshing the data, it is not a good user experience and most users just click
the Yes button to allow the refresh.
As much as possible, use credentials that have only read-only access to databases when setting
up the Unattended Account and the SSO accounts. With read-only access, it is not possible to
execute this attack.
Repudiation means that a user or a malicious attacker can perform an action or attempt an attack on a
system (regardless of whether or not the attack is successful), without of a way for the system to prove
that the action or attack have happened. Non-repudiation means that all relevant transactions are
tracked through logging or auditing.
SharePoint audits certain operations such as accessing or changing files in a document library. Auditing
is a feature added for certain compliance scenarios, and to track the operations done by users.
When Excel Services is used to open workbooks and auditing is turned on in SharePoint, all the open
workbook requests are audited, including those served from the workbook cache.
IIS, SharePoint, Excel Services, SSO, and databases all have their own logging to the event log, and some
of them have additional trace logs. Although these logs do not have the formal structure of the auditing
log, they can be used in the event of an attack to track the requests that have been sent.
Excel Services supports some level of anonymous access. One of the main disadvantages of anonymous
access is that there is no way to know which user is doing the operations. Anonymous access is not
recommended in most scenarios.
Information disclosure involves revealing private information to someone who is not supposed to have
access to it. In the context of Excel Services, information disclosure might be any of the following:
Listening to the network communications between the various components to get the data that
is passed on the wire.
Unauthorized reading of data from a database through a workbook.
Using cross-site scripting to read data from a workbook.
Spoofing usually allows for information disclosure, because one user sees a different user’s information.
In addition to the recommendations in the “Spoofing” section earlier in this chapter, the following
sections offer other ways to protect against information disclosure.