DCOM Explained
by Rosemary Rock-Evans Digital Press ISBN: 1555582168 Pub Date: 09/01/98 |
Previous | Table of Contents | Next |
Authenticode-We saw in the section on authentication that a sender can encrypt a message using its private key, which the receiver then decrypts using the senders public key, as a means of checking the authentication of the sender. Authenticode is a specialized application of this approach used to authenticate that executable code sent from a sender to a recipient does indeed come from that sender.
The approach used is identical to the approach we described in the earlier section. The sender encrypts the executable code using its private key and then sends it to the recipient. The recipient may already have the public key of the sender. If it doesnt, it requests the key from the Digital Certificate Authority (perhaps running under Microsoft Certificate Server), which then sends the key.
If the public key successfully decrypts the executable code in the message, the user knows the code came from the sender. If it doesnt, the down loaded component should be discardedas it is a rogue component or a component from an unrecognized third party (and, as such, potentially harmful).
Authenticode can be used internally by companies needing to distribute software to their end users. But this approach has particular importance in the application of Microsofts Web technology.
We saw in the introduction that Microsoft can support the downloading of ActiveX components to its own Internet Explorer Web Browser. The downloading of ActiveX components over the Internet, however, does raise the potential of security problems.
As we saw in an earlier chapter, the approach taken by Suns JavaSoft division with Java applets is simply to restrict the applet. They call the approach the Java Sandbox (where it can play!), and the sandbox defines the set of disk files, network addresses, and system properties that applets are permitted to access from a browser. The restrictions imposed at the moment are fairly severe. Java applets are restricted by the JVM from modifying any sort of file by any means and can only access the network address from which they came.
Microsofts strategy, as we saw earlier, revolves around the idea that down-loaded ActiveX controls can do far more than simply communicate with the original Web server. In their strategy, the controls can:
A user could inadvertently download a page from a browser with an ActiveX control embedded within it, which subsequently wreaked havoc with their machine. The potential for destruction is appalling.
Thousands, hundreds of thousands of userscomputer developers and end usersbrowse the Web. They often innocently access sites out of sheer curiosityinteresting name, or something which looks interesting. With ActiveX technology, the user could download a page with an ActiveX control in it, and he or she would be completely unaware that he had even down-loaded it. The ActiveX component could be a virus, malicious bug, or spy componentit could roam about the machine unhindered; it could use the clients machine to gain access all over the network.
It is a prime cause of one of our risksunauthorized addition of an application on a machine.
Does Authenticode help? Even if Authenticode is used, the approach is not without its limitations.
In fact, Microsofts Internet Explorer Web Browser has been enabled so that it can be made to perform these checks. Furthermore, the checks can also be applied to Java applets and Navigator plug-ins. Microsoft provides a software development kit called the Internet Explorer Administration Kit, which can be used to set the options for acceptance or rejection of components. The settings are:
The last setting can be further refined, for example, to accept only trusted components from a specific distribution list. Code signing tools are provided in the ActiveX SDK and are used with the WinVerifyTrustAPI.
Previous | Table of Contents | Next |