Abstract:
The lack of a proper audit trail after a security incident can hamper forensic efforts.
Explanation:
Windows Communication Foundation (WCF) offers the ability to log successful and/or failed authentication attempts. Logging failed authentication attempts can warn administrators of potential brute-force attacks. Similarly, logging successful authentication events can provide a useful audit trail when a legitimate account is compromised.
In this case, PDLCWcfService.dll.config does not contain a <serviceSecurityAudit> tag with serviceAuthorizationAuditLevel and messageAuthenticationAuditLevel attributes.
Recommendations:
Enable WCF's service security audit feature.
The following is an example configuration with auditing enabled:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="NewBehavior">
<serviceSecurityAudit auditLogLocation="Default"
suppressAuditFailure="false"
serviceAuthorizationAuditLevel="SuccessAndFailure"
messageAuthenticationAuditLevel="SuccessAndFailure" />
...
</system.serviceModel>
0 comments:
Post a Comment