Microsoft Office Tutorials and References
In Depth Information
Protecting Against Attacks
In addition, you should configure the IIS on the WFE to further reduce the denial-of-service attacks.
Limit the attack surface by securing the web pages and web services that can be called. Use strong
authentication to ensure that only real system users can get past this layer. Using anonymous access
makes it more difficult to identify and track down such attacks.
IIS also has settings to limit the number of requests that can be made, and to log the requests to be able
to track issues.
IIS on Excel Calculation Server
The guidelines for protecting the ECS are similar to those related to protecting the WFE:
Set up a firewall between the WFE and the ECS, especially in extranet scenarios or when there
is very sensitive information in the workbooks.
Limit the attack surface on the ECS by opening only the required protocols and ports.
Configure IIS to authenticate all requests.
Set up IIS to limit the number of requests, the request timeout, and the memory size of the
Maximum Sessions per User
Usually, in a denial-of-service attack that goes beyond a brute-force attack on the WFE, it is difficult for
the attacker to use multiple users, because the attacker needs the credentials for all users who are
sending the malicious requests. The attacker might succeed in getting the passwords of only one or a few
Excel Services has a setting that limits the maximum number of sessions per authenticated user. The goal
of this setting is to limit the amount of damage one user can do, and, therefore, reduce denial-of-service
Trusted locations define which workbooks can be opened on the server. Excel Services fails to open a
workbook that is not from a trusted location. You should limit the trusted locations to folders over which
you have some level of control. You should be able to trust that the authors who have permissions to
write to these trusted locations will not attempt to take the server down. For a trusted location that has
the Children Trusted flag set, make sure that all the folders below it inherit the same security settings.
In addition, you can use several settings on each trusted location to further lock it down. The less you
trust the authors who are allowed to publish to a trusted location, the more you should limit the settings
of that trusted location. This way, you can reduce the probability of any random user taking down the
You should set the following on each trusted location:
Session Timeout and Short Session Timeout — These settings determine how long the workbook
remains in memory after there is no activity in the session. The longer these settings are, the
larger the impact on the memory footprint of the ECS. If you set these to large values and
assume that the caller will explicitly close the session, an attacker might open workbooks
without closing them, using all the memory of the ECS.