5.1 Security Considerations for Implementers
The LREC protocol allows a user to establish a connection to an RPC server. The LREC protocol uses the underlying RPC protocol to retrieve the identity of the caller that made the method call as specified in [MS-RPCE] section 220.127.116.11.3. Clients are required to create an authenticated RPC connection and servers are required to use this identity to perform method-specific access checks.
The client can request data channel encryption by specifying the RPC_C_AUTHN_LEVEL_PKT_PRIVACY RPC authentication level. When it is possible for events to contain confidential information, it is important for clients to either access the server over a secure network or use data channel encryption.