Authenticity, at least at the lowest level, is built in by using the Object Exporter IDentifier (OXID). Higher layer authentication and encryption might be found here: (watch for wrap) http://www.microsoft.com/ntserver/techresources/appserv/com/dcom_architecture.as p?bprint=true
And maybe a helpful link, since you're more familiar with CORBA: http://www.research.microsoft.com/~ymwang/papers/HTML/DCOMnCORBA/S.html Hope this helps, John Allhiser -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, April 15, 2002 11:06 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: risks and threats with DCOM ? Thanks a lot! So it is possible to restrict the communication to a single TCP or UDP port. The white paper says nothing about authentication and encryption features. Is there a way to have confidentiality and authenticity of the data? The remaining issue is: in "normal" protocols like http, smtp, DNS etc there is a transmission of *data* DCOM is transmitting data *and* function calls on application layer. So common firewalls are not able to control what the end points of the DCOM communication are doing. Aren't they? Is there a kind of plug in or proxy to control the content like the Checkpoint is doing for ftp per example with inspection code? I know a product which is doing this for IIOP but not for DCOM. There is also a proxy functionality available. Erik > -----Original Message----- > From: John Allhiser [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 15, 2002 4:27 PM > To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] > Subject: RE: risks and threats with DCOM ? > > > Erik, > > Try this link. This MS' whitepaper on the subject. > > http://www.microsoft.com/com/wpaper/dcomfw.asp > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 15, 2002 4:27 AM > To: [EMAIL PROTECTED] > Subject: risks and threats with DCOM ? > > > Dear all, > > What are the risks and threats of the DCOM protocol when > using it across > firewall boundaries? > > I just know that it is similar to the "CORBA" communication > model (M$ version). > (?) > > CORBA IIOP is a communication model at layer 7 - within an > application. > Two systems using CORBA may run a distributed software where > pieces of the > software on each system uses CORBA communication to send data > *AND* function > calls across the network. > This represents a kind of virtual computer. > Putting a Firewall between pieces of a network distributed > virtual computer > makes no sense, right? Exept concerning filtering of IP adresses... > > Is anybody familar with the security issues and features of > the DCOM protocol? > Any hints for further documentation? > What are your opinions about this? > > thanks in advance > regards > > Erik > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
