COM and DCOM Security
A version of this page is also available for
4/8/2010
COM provides an infrastructure to expose functional objects to applications. Distributed COM (DCOM) enables programmatic calls from an application to COM objects on remote devices. This technology has potential security risks when deployed to run over a public network, such as the Internet. If the security of the technology is compromised, it could expose the device or local network to the public network.
There are two levels of security to consider when you implement a distributed application:
- Network security helps control who can access a computer. At this security level, Distributed Component Object Model (DCOM) security on Windows Mobile is equivalent to that of the Windows NT 4.0, SP5, implementation, which uses the Windows NT LAN Manager system security package (NTLM SSP). For more information, see COM Authentication.
- Local security helps control what a user is permitted to do on a computer after gaining access. This security level is defined by the operating system on the target computer. Windows Mobile helps regulate access to critical parts of the system as a whole, instead of on a resource-by-resource basis as is done on Windows NT. For more information, see COM Access Control.
Best practices for use authentication
DCOM security on Windows Mobile is equivalent to that of the Windows NT 4.0, SP5, implementation, which uses the NTLM Security Support Provider (NTLM SSP). DCOM uses the NTLM protocol to help establish user credentials if the flag RPC_C_AUTH_WINNT is selected. For more information, see COM Authentication.
Best practices for use access control
You can setup a list of users and permission levels in the registry. For more information, see COM Access Control.
Not all of the security guidelines in this section may be relevant for Windows Mobile devices. For information about differences between the COM implementation available for Windows Mobile devices and that available for Windows Embedded CE devices, see COM and DCOM in Windows Mobile Devices.
Best practices for use of DCOM in a private network
Limit deployment of DCOM to a secure network that is physically isolated or protected by a firewall from the public network, such as the Internet. By default, the remoting capability of DCOM is disabled to help provide a more secure environment for the device. This enables the DCOM's local server capabilities and still allows the device to be connected to the Internet. To enable the remoting capability, set the Sysgen variable, SYSGEN_DCOM_REMOTEACCESS, to 1.