170 likes | 185 Views
Explore how ASP.NET Health Monitoring safeguards running applications, learn Best Practices, Email Layout, Custom Configuration, and more for a secure web environment.
E N D
.NET Health Monitoring Jonathan Franco ITD Application Services
What is .NET? • ASP.NET is a web application framework developed by Microsoft to allow programmers to build dynamic web sites, web application and web services. • It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to Microsoft’s Active Server Pages (ASP) technology. • ASP.NET is built on the Common Language Runtime (CLR), allowing programmers to write ASP.NET code using any supported .NET language.
What is .NET Health Monitoring? • The ASP.NET Health Monitoring system is designed to monitor the health of a running ASP.NET application in a production environment. • The Health Monitoring system works by recording event information to a specified log source. • Log Sources • Email • Event Log • SQL • WMI • Trace
Event Occurrence • The chart below shows Event occurrences for an outside facing server.
Error Handling • When an error occurs for the web application the error page should not give away any details. • An error handler redirects to this error page.
Improper Error Handling • Lack of error handling can lead to an attacker gaining additional information about the web server or application. • There are ways to force the web application to reveal information without proper error handling.
Best Practices • Error Page • Add an error page to avoid giving information away to attackers. • Publish web sites to server • Don’t copy code to the servers. Copying code to the servers will cause a fair amount of Health Monitoring Events to occur and is insecure. • Don’t debug on the server • Debugging on the server will cause various Health Monitoring Events. Generating the wrong kinds of events can cause your IP to be blocked if done on the server.
Email Layout • Provider that sent the Event. • Application Name, Event Code and Event Detail Code for the Event. • Stack trace for the Event.
Email Layout • Event Message, time and ID. Event ID can be traced back to the Event Log if additional information is desired. • IP Address, regardless of proxy, that caused the Event.
Custom Configuration • Developer Override for Email • Subject Prefix • Email List • Header and Footer for Body • Reply To • AppendEmail • Sample Subject line • HM [servername] Event Code: 3003 Event Message: A validation error has occurred. Event type: WebRequestErrorEvent
Settings • Buffer modes configured whether events are buffered or not. • Providers lists the providers that are configured along with information of where to send the event. • Profiles state any limits on sending the events. • Rules link the Event Mapping to the Provider. • Event Mappings tell what events to report.
Migration/Deployment Notes • Review settings of any existing web applications that use Health Monitoring. Make sure there are no conflicts. • Deploy during working hours where everyone is available. • Periodically check occurrence of events and determine which providers should report these events.
Non-ITD Provider Use • The Health Monitoring assemblies can be configured/used on your server. • Develop Provider • Develop HTTP Handler to get the Request information. • Sum up the compilation Events when web sites are Published. • Obfuscate the offending content from a Validation Error, shown in the Custom Event Details section.
Future Enhancements • Heartbeat, make a web service to receive heartbeats from various applications and only send an email if there is trouble. • Detect and report HTTP POST with SQL Injection. • Send an email for multiple start and stops of an application based on a configured threshold.