搜索IIS WAS相关绑定问题,遇到这本书,翻译其中两端,给大家参考,关于IIS侦听协议的描述,会给在IIS7+内托管非http绑定的WCF服务的开发一些参考和提示吧。原书:《WINDOWS VISTA™ SECURITY: Securing Vista Against Malicious Attacks 》by Roger A. Grimes; Jesper M. Johansson 。中文名称应该是《WINDOWS VISTA安全:保护Vista不受恶意攻击》。有兴趣的朋友,可以在线阅读:
http://my.safaribooksonline.com/9780470101551。有不妥之处,请批评指正。谢谢。
【1】英文原文:
9.6. IIS Protocol Listeners
A
protocol listener is a software routine that listens on a predefined communication channel (and port), and passes transmitted data (called
messages) to and from the participating server service and communicating client. IIS 7 includes five default protocol listeners: Http.sys, Net.tcp, Net.pipe, Net.p2p and Net.msmq; and additional custom listeners can be created and used. IIS 6 had only one — Http.sys. The other new protocol listeners support Microsoft's new Windows Communication Foundation web services. With the exception of Http.sys, the other listeners require
.NET Framework installation and the
Windows Process Activation Service (WAS), which runs in the same Svchost process as the WWW service. However, protocol listeners can be implemented using WAS and not require IIS.
Each listener runs in kernel mode, directly interacting with the operating system. Microsoft has thoroughly tested each protocol listener for security vulnerabilities, trying their best to ensure they are not susceptible to buffer overflows and other common security mistakes. Although finding every security vulnerability is almost impossible, Microsoft successfully defended IIS 6's Http.sys against every attacker for over 4 years, so they have a leading example to follow. Protocol listeners can be activated in an XML configuration file called ApplicationHost.config. To minimize possible attack vectors, only the protocol listeners needed should be activated. The follow sections summarize each protocol listener.
【2】中文翻译:
9.6 IIS 协议侦听器:
协议侦听器是一个可以侦听预定义通信通道(端口),传递数据(请求的数据)和参与服务和客户端通信的程序。IIS7包含5个默认的协议侦听器:Http.sys, Net.tcp, Net.pipe, Net.p2p 和 Net.msmq; 此外,也可以穿件和使用自定义侦听器。IIS6只有一个:Http.sys。其它的新的侦听器用来支持微软新的Windows Communication Foundation服务。除了Http.sys,其它侦听器需要安装.NET Framework和Windows激活服务(Windows Process Activation Service ,简称WAS),它们和WWW服务一样运行在相同的服务宿主进程。但是,协议侦听器可以通过WAS托管而不需要使用IIS。
每个侦听器,运行在内核模式,直接与操作系统交互。微软为了安全隐患考虑已经充分测试过每个侦听器,尽全力保证他们不会缓存溢出和出现其它安全问题。尽管微软知道发生安全问题的可能性很小,但是还是在过去的4年里一直防御II6的Http.sys抵御每次攻击,所以他们树立了良好的榜样。协议侦听器可以在一个叫做ApplicationHost.config的XML 配置文件里激活。为了减少可能的攻击,只有需要的侦听器才会被激活。下面几段总结了各个协议侦听器。
【3】作者简介英文原文:
Roger A. Grimes, CPA, CISSP, four-time MVP, is a 20-year industry veteran and author of seven books and over 200 articles on Windows security. Currently working for Microsoft as an ACE Team senior security consultant, Roger previously taught Windows and Linux security for Foundstone and is a highly requested industry speaker.
Jesper M. Johansson is currently working on application security and developer security training on large software projects. Prior to his current work he was a senior security strategist at Microsoft Corporation and is a well known authority on Windows operating system security. He holds a Ph.D. in Management Information Systems.
【4】作者简介中文翻译:
Roger A. Grimes, CPA, CISSP, 4届MVP,是一个有着20年行业经验的专家,并且出版关于Windows 安全的7本书和超过200篇文章。目前就职于微软ACE团队,作为高级安全顾问。Roger 以前教授Windows 和Linux安全,是广受欢迎的行业专家。
Jesper M. Johansson目前工作于安全和大型软件项目的安全培训上。此前他是微软高级策略专家并且是著名的Windows操作系统安全的权威。他拥有管理信息系统的博士学位。
本文转自 frankxulei 51CTO博客,原文链接:http://blog.51cto.com/frankxulei/320514,如需转载请自行联系原作者
