Exchange Client Security (Windows Embedded CE 6.0)
1/6/2010
The Exchange Client Catalog item can be a potential security risk because it can transmit information over a public network like the Internet. If security is compromised, the Exchange Client can compromise sensitive data. To mitigate security risks, use the following best practices.
Best Practices
The following are best practices for mitigating security risks for the Exchange client.
Protect credentials using a Trusted Environment
Any device that uses the Exchange Client Catalog item should use the trusted environment functionality in Windows Embedded CE. When used correctly, a trusted environment enables only privileged code to access the credentials used by the Exchange Client.
The Exchange Client stores credentials in the IExchangeClient::SetCredentials implementation by calling the Credential Manager CredWrite function and passing CRED instances that contain the CRED_FLAG_TRUSTED flag. When used in a trusted environment, credentials that use this flag cannot be accessed by modules that are not trusted.
One way to implement a trusted environment is to store all your modules in ROM and build your device using the IMGTRUSTROMONLY flag (documented in IMG Environment Variables. Run-time images built with this flag trust only modules in ROM, and so only modules in ROM have access to the credentials used by the Exchange Client.
For more information about using trusted environments, see Trusted Environment Creation.
Use CRED_FLAG_TRUSTED when storing credentials
The Exchange Client library uses the default domain and default plaintext credentials stored using Credential Manager.
The IExchangeClient::SetCredentials method provides an easy way to set these credentials. Custom code can also set them without using this method by directly using the Credential Manager API, as explained in the IExchangeClient::SetCredentials documentation.
Any code that sets credentials for use by the Exchange Client library should use the CRED_FLAG_TRUSTED flag in the CRED instance it passes to CredWrite. When used in a trusted environment, credentials that use this flag cannot be accessed by modules that are not trusted.
Use Secure Sockets Layer (SSL)
If the Exchange Client cannot authenticate with the Exchange server using the default Credential Manager domain credentials, it attempts to authenticate using the default plaintext credentials.
If authentication using plaintext credentials is necessary, the credentials are transmitted in clear text. Therefore, only use this authentication method over SSL or other encrypted connections.
Be aware that data travelling over non-TLS connection is visible on the network
The Exchange Client can connect to an Exchange Outlook Web Access server using normal HTTP (http://) or HTTP over TLS (https://). If the connection is over normal HTTP, all data sent and received by the phone remains in plaintext and is visible to anyone on the network.
For more information about credentials used by the Exchange Client in both connection modes, see IExchangeClient::SetCredentials.
Default Registry Settings
You should be aware of the registry settings that impact security. The registry settings documentation contains a Security Note section for those values with security implications.
For Exchange Client registry information, see Exchange Client Registry Settings.