Web Proxy Security (Windows Embedded CE 6.0)
1/6/2010
Web Proxy has a potential security risk because it supports the transfer of unencrypted, clear-text data over a network. Running a Web proxy service on a public network may expose the device to the typical security concerns associated with networking.
Best Practices
.gif "Ee500916.collapse(en-US,WinEmbedded.60).gif")
Be sure that the firewall is enabled on your device
The firewall is added to your OS design automatically when you add the Web Proxy Catalog item. It is enabled by default on your target device. Do not disable the firewall on your device.
Windows CE 5.0 supports the IP firewall for both IPv4 and IPv6. You can configure this firewall by using APIs and registry settings. For more information about the IP firewall, see IP Firewall OS Design Development.
Use Web proxy authentication
The Web proxy supports both NTLM and Basic authentication by default. If supported by the client browser, NTLM authentication is always preferred over Basic authentication. Basic authentication is supported for compatibility with old browsers. If you do not want to preserve this compatibility, you should disable Basic authentication through the registry. For more information, see Web Proxy Registry Settings.
For more information about NTLM, see NTLM Security Support Provider and Authentication Services Registry Settings.
Do not use the Web Proxy on a public network, such as the Internet
The Web Proxy is designed to be used on private networks only, such as home office locale area networks (LANs).
Default Registry Settings
You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.
For Web Proxy registry information, see Web Proxy Registry Settings.
Ports
The Web proxy keeps a steady listener port open. The default port number assigned to the Web proxy is 8080.