Trust Boundaries

Before choosing a security profile the administrator must consider the type of network Global will be deployed to and what trust boundaries will be crossed.

Other influencing factors can be:

• What security is applied already on connections?

• Licence Servers may still need access through Firewalls.

• Database access may still need access through Firewalls.

• There may be a trade off in security verses performance.

The Trust Boundaries section describes the different types of trust boundary that can be encountered in a networking environment and the theory behind how Windows Communication Foundation (WCF) can be implemented to secure communications as they pass through these boundaries.

Consider the following network layout:

In this layout Global daemons must communicate with each other while passing through varying layers of trust boundary. As a different layer of trust is encountered, the administrator must consider configuring all the Global daemons in the project to communicate using the (same) appropriate security policy that is robust enough to support the weakest level of trust boundary encountered within the project.

The different attributes of the trust boundaries illustrated in this diagram are examined below:

Full Trust Boundary

In a full trust boundary there is a reduced risk of security threats because communication is within the corporate network.

The network is an open system and therefore the administrator can consider configuring the WCF Transport Level Security Mode set to None.

In this environment no security is required so the administrator can set the Binding to unsecured method of communication such as basic Hypertext Transfer Protocol (HTTP) or Transmission Control Protocol (TCP). This will also allow for faster data transfer within this type of network.

Encryption can be set to none.

The administrator could consider using Encoding. Binary through TCP would provide the fastest solution.

Authentication None required.

Sample configuration files are supplied that demonstrate how to configure WCF Global to use no security in an open network environment; this is also covered more in detail later in section Configure Security.

Partial Trust Boundaries

In a zone where there is a partial level of trust the administrator can assume that some degree of security must be applied. This will in most cases depend on individual configurations.

WCF provides the flexibility to be able to apply varying levels of security. The administrator can select from pre-build sample configuration files supplied with the Global, refer to Configure Security for further details.

No Trust Boundaries

In a no trust zone there is a high risk of security threats.

The network is a closed system and therefore the administrator must consider configuring WCF with a high level of security.

The administrator must use Transport Level Security where connections are already protected through a VPN (Virtual Private Network) and Message Level Security where there is no VPN.

Note:
When a high level of security is applied there will be degradation in performance.

The administrator must consider one of the following secure Bindings:

The administrator must consider applying data Encryption.

No encryption is necessary for VPN connections because the VPN connection inherently uses an encryption algorithm. If the connection is not a VPN then at least a 128bit encryption algorithm should be used.

The administrator should use text Encoding which can be verified.

For Authentication use Windows Authentication if on the same domain and Certification if not.

There are sample configuration files for Windows authentication and SSL Certified settings. Sample configuration files are described later in section Configure Security.