5.1 Security Considerations for Implementers

The LREC protocol allows a user to establish a connection to an RPC server. The LREC protocol uses the underlying RPC protocol to retrieve the identity of the caller that made the method call as specified in [MS-RPCE] section Clients are required to create an authenticated RPC connection and servers are required to use this identity to perform method-specific access checks.

The client can request data channel encryption by specifying the RPC_C_AUTHN_LEVEL_PKT_PRIVACY RPC authentication level.  When it is possible for events to contain confidential information, it is important for clients to either access the server over a secure network or use data channel encryption.