Microsoft Office Tutorials and References
In Depth Information
Protecting Against Attacks
One of the ways an attacker can try to get access to private information is to listen on the communication
over the network between the various components of the server, or between the WFE and the client.
The way to mitigate this threat is the same as you learned in the “Tampering with Data” section: using a
secure protocol such as HTTPS or IPSec between all the relevant components.
You can set Connection Encryption to Required to ensure that the communications between the WFE
and the client are encrypted using HTTPS.
Limiting Access to the WFE Machines
In extranet and Internet scenarios, a firewall before the WFE machines limits the types of access that
users from outside the domain have. In addition, you should lock down the IIS on the WFE machines
to limit the attack surface and expose only the required functionality.
Limiting Access to the Excel Calculation Server
A significant advantage of separating the WFE and the ECS is the ability to further protect the ECS.
One way to do this is to insert a firewall between the WFE and the ECS, which protects the ECS from
unauthorized access. This configuration is especially useful in extranet and intranet scenarios, when the
users from outside the organization are less trusted.
The information that exists on the WFE is significantly reduced compared to the information on the
ECS. The WFE never opens the workbook, and contains only one range of calculated results at a time.
This is equivalent to the distinction between Open permissions and View Only permissions. The ECS
has Open permissions, but the WFE has only View permissions. If the WFE is compromised, the
important information that exists on the WFE is still safe.
Limiting Access to the File Cache
The ECS maintains a cache of workbooks and other calculated objects on the disk. If attackers gain
access to the folder that contains the cache, they can read workbooks and other information that
otherwise they do not have permissions to.
This cache is located by default under the temporary directory of the ECS machine. As an administrator,
you should ensure that the permissions to the cache directory are limited to the ECS process account. In
addition, you should consider using Windows Encrypted File System (EFS) to provide encryption to this
Workbook Reading from Database
A potential threat is that of a malicious user building a workbook containing commands to read
information from a database that the attacker does not have permissions to. The workbook can then write the
information to another location that the attacker does have Write permission to. That attacker could trick
another user into viewing the workbook, which would trigger reading the information from the
database with the second user’s credentials.