Microsoft Office Tools on the Web Security Scenarios
The following discussion presents several security problems that users might encounter when they use Office Tools on the Web, including tampering, system error, or interception by a hostile Web site. After each scenario is presented, the protection scheme devised by Microsoft is revealed, providing you the assurance that security issues have been addressed.
Taking users to a wrong Office Tools on the Web portal
Scenario: Users are taken to another Office Tools on the Web portal when they try to access Office Tools on the Web.
This scenario is usually caused by a virus that changes the registry or the contents of an executable on users' computers. The bogus Office Tools on the Web portal then begins causing problems to users' computers.
Protection scheme: There are several design elements to protect against the above scenario.
- The URL each application executes to go to the Office Tools on the Web portal is hard-coded into the executable of each application. Any attempt by hackers to change the registry entries on users' computers is useless.
- An administrator in a corporate environment can shut off the Office Tools on the Web feature for users.
In this case, the administrator cannot point to another destination, which means administrators cannot develop their own intranet-based Office Tools on the Web portal.
- All Microsoft Office executables are specially encoded to protect against someone trying to patch the EXE and thereby alter the Office Tools on the Web URL.
In this case, if someone tries to change the EXE, that EXE becomes non-functional. As a result, patching of an Office executable will not allow someone to hijack the Office Tools on the Web destination. If the executable is determined by Office to have been changed, the automatic repair feature of Office will replace it with a new copy.
Privacy of data exchange
Scenario: A hacker could possibly intercept Internet traffic and view the data a user is exchanging with the Microsoft Office Web site server while using Office Tools on the Web.
Protection scheme: Microsoft requires all Office Tools on the Web pages on the Microsoft Office Web site server to be secured by Secure Socket Layer (SSL) encryption. The resulting data stream appears as random characters, protecting the data exchange between a user and the Microsoft Office Web site server from eavesdroppers.
Abuse of object model by Office Tools on the Web providers
Scenario: The Web pages of an Office Tools on the Web provider could use the object model of an application to gather or alter more information than is necessary, thereby violating privacy of users.
Protection scheme: Office does not allow any Office Tools on the Web provider to connect directly to a user's live application. Only the pages hosted by the Microsoft Office Web site can connect directly to a user's live application. If the Microsoft Office Web site needs data or work from a third-party Office Tools on the Web provider, then the Microsoft Office Web site servers talk to those systems and then send the answers back to the user's computer.
Denial of Service attacks on the Microsoft Office Web site
Scenario: A hacker discovers the URL of the Office Tools on the Web portal and then bombards it with fake requests so that servers hosting the Microsoft Office Web site are overwhelmed and unable to respond to genuine user requests.
Protection scheme: This scenario presents a Microsoft Office Web site security issue. Microsoft relies on continuous monitoring of the site by the Web site administrators to detect and defend against such attacks.
Microsoft Office Web site domain name hijacked
Scenario: A hacker using an Internet Service Provider (ISP) hacks a Domain Name Server (DNS) so the hacked DNS points the user to a fake Office Tools on the Web portal instead of the real one. As a result, all the users who get DNS services from the hacked server end up connected to the fake Office Tools on the Web portal.
Protection scheme: This is a Microsoft Office Web site security issue. Microsoft relies on continuous monitoring by the Microsoft Office Web site Operations Team to detect and defend against such attacks.
Office Tools on the Web site has bad code
Scenario: Accidental or intentional Office Tools on the Web implementation code or Web pages are posted to the site. The code contains bad content or intentionally written to harm users' computers.
Protection scheme: This is a Microsoft Office Web site development and management issue. Prior to making any Office Tools on the Web page live, the Office Tools on the Web team will check content and code for the site so that:
- All code is thoroughly tested.
- All changes to code can be traced back to the author of the changes; that is, a system of code check-in is in place before code goes live.
- Office Tools on the Web code can be quickly rolled back to the last-known good state if any problems in a service are detected.
Bad frame on a page
Scenario: An Office Tools on the Web page is implemented using frames. One of the frames displays content or services available from a third-party source that uses access to the object model to accomplish its work.
Protection scheme: Access to the object model is managed in two ways:
- In the operations policy, any third-party code that works with Office Tools on the Web is double-checked for malicious content.
- In the design and implementation of Office Tools on the Web code, the currently active Office application knows which URL is being requested.
The shared Office Tools on the Web code detects this, whether the request is coming from a page or a frame, and is able to refuse execution of the request. This prevents exposure of the user to unauthorized URLs that might originate from a frame.
|