Microsoft Office Tutorials and References
In Depth Information
Protecting Against Attacks
This attack is similar to the one described earlier in the “Tampering with Data” section, and the
mitigations are similar. The main one is having only a limited number of trusted locations that allow querying
external data, and limiting the Write permissions in these to a small number of trusted authors. In
addition, you can use fewer trusted DCLs.
A possible cross-site scripting attack is one in which the attacker reads data displayed in the workbook
of another user. An attacker can build a web page that contains an EWA connected to a certain
workbook, and a script running on the page that reads the data displayed in the workbook and stores it in
some location that the attacker has access to. The attacker then invites a user to view this page. The
workbook is displayed in the page under the credentials of that user. The script steals the information
from the displayed range and sends it to the attacker.
Excel Services has a setting that allows or disables having EWA on a different domain than the
workbook. By default, this setting is disabled. The Allow Cross Domain Access setting is available only from
the following command-line administration:
stsadm.exe -o set-ecssecurity -AllowCrossDomainAccess True|False
To mitigate cross-site scripting attacks, use the following guidelines:
Do not turn on the Allow Cross Domain Access setting, or if you need to allow access between
domains and turn this setting on, ensure that the users on the other domains can be trusted.
Limit the users who are allowed to upload script to web pages.
Denial of Service
Denial of service means reducing the availability of a server, usually by overloading it or causing it to
crash. Following are examples related to Excel Services:
Sending a lot of requests to the server trying to overload it.
Loading a huge workbook that uses a lot of memory on ECS.
Loading a complex workbook that causes it to use a lot of CPU on the ECS.
Performing a large number of external data requests that cause denial of service on the database
server or consume a lot of network resources to transfer the data.
The main types of mitigations are related to limiting the requests sent to the server and limiting the
workbooks that are opened on the server. You can use the settings that limit the requests and workbooks
to protect against denial-of-service attacks as well as to prevent a naïve user from overloading the server
Web Front End
The first line of defense against denial-of-service attacks is at the WFE level. These types of defenses are
generic to any type of web application, including Excel Services. In extranet and intranet scenarios, you
should use a firewall to limit the protocols, ports, and the types of requests that can be sent to the WFE.