經典技術文章翻譯(3):IIS7協議偵聽器(IntroducingIIS7>IISProtocolListeners)

技術小胖子發表於2017-11-07
    搜尋IIS WAS相關繫結問題,遇到這本書,翻譯其中兩端,給大家參考,關於IIS偵聽協議的描述,會給在IIS7+內託管非http繫結的WCF服務的開發一些參考和提示吧。原書:《WINDOWS VISTA™ SECURITY: Securing Vista Against Malicious Attacks 》by Roger A. Grimes; Jesper M. Johansson 。中文名稱應該是《WINDOWS VISTA安全:保護Vista不受惡意攻擊》。有興趣的朋友,可以線上閱讀:http://my.safaribooksonline.com/9780470101551。有不妥之處,請批評指正。謝謝。
【1】英文原文:
9.6. IIS Protocol Listeners
protocol listener is a software routine that listens on a predefined communication channel (and port), and passes transmitted data (called messages) to and from the participating server service and communicating client. IIS 7 includes five default protocol listeners: Http.sys, Net.tcp, Net.pipe, Net.p2p and Net.msmq; and additional custom listeners can be created and used. IIS 6 had only one — Http.sys. The other new protocol listeners support Microsoft`s new Windows Communication Foundation web services. With the exception of Http.sys, the other listeners require .NET Framework installation and the Windows Process Activation Service (WAS), which runs in the same Svchost process as the WWW service. However, protocol listeners can be implemented using WAS and not require IIS.
    Each listener runs in kernel mode, directly interacting with the operating system. Microsoft has thoroughly tested each protocol listener for security vulnerabilities, trying their best to ensure they are not susceptible to buffer overflows and other common security mistakes. Although finding every security vulnerability is almost impossible, Microsoft successfully defended IIS 6`s Http.sys against every attacker for over 4 years, so they have a leading example to follow. Protocol listeners can be activated in an XML configuration file called ApplicationHost.config. To minimize possible attack vectors, only the protocol listeners needed should be activated. The follow sections summarize each protocol listener.
【2】中文翻譯:
   9.6 IIS 協議偵聽器:
    協議偵聽器是一個可以偵聽預定義通訊通道(埠),傳遞資料(請求的資料)和參與服務和客戶端通訊的程式。IIS7包含5個預設的協議偵聽器:Http.sys, Net.tcp, Net.pipe, Net.p2p 和 Net.msmq; 此外,也可以穿件和使用自定義偵聽器。IIS6只有一個:Http.sys。其它的新的偵聽器用來支援微軟新的Windows Communication Foundation服務。除了Http.sys,其它偵聽器需要安裝.NET Framework和Windows啟用服務(Windows Process Activation Service ,簡稱WAS),它們和WWW服務一樣執行在相同的服務宿主程式。但是,協議偵聽器可以通過WAS託管而不需要使用IIS。
    每個偵聽器,執行在核心模式,直接與作業系統互動。微軟為了安全隱患考慮已經充分測試過每個偵聽器,盡全力保證他們不會快取溢位和出現其它安全問題。儘管微軟知道發生安全問題的可能性很小,但是還是在過去的4年裡一直防禦II6的Http.sys抵禦每次攻擊,所以他們樹立了良好的榜樣。協議偵聽器可以在一個叫做ApplicationHost.config的XML 配置檔案裡啟用。為了減少可能的攻擊,只有需要的偵聽器才會被啟用。下面幾段總結了各個協議偵聽器。
【3】作者簡介英文原文:
Roger A. Grimes, CPA, CISSP, four-time MVP, is a 20-year industry veteran and author of seven books and over 200 articles on Windows security. Currently working for Microsoft as an ACE Team senior security consultant, Roger previously taught Windows and Linux security for Foundstone and is a highly requested industry speaker.
Jesper M. Johansson is currently working on application security and developer security training on large software projects. Prior to his current work he was a senior security strategist at Microsoft Corporation and is a well known authority on Windows operating system security. He holds a Ph.D. in Management Information Systems.
【4】作者簡介中文翻譯:
Roger A. Grimes, CPA, CISSP, 4屆MVP,是一個有著20年行業經驗的專家,並且出版關於Windows 安全的7本書和超過200篇文章。目前就職於微軟ACE團隊,作為高階安全顧問。Roger 以前教授Windows 和Linux安全,是廣受歡迎的行業專家。
Jesper M. Johansson目前工作於安全和大型軟體專案的安全培訓上。此前他是微軟高階策略專家並且是著名的Windows作業系統安全的權威。他擁有管理資訊系統的博士學位。
 本文轉自 frankxulei 51CTO部落格,原文連結:http://blog.51cto.com/frankxulei/320514,如需轉載請自行聯絡原作者


相關文章