5.1 Security Considerations for Implementers

RAIW allows any user to establish a connection to the RPC server. The protocol uses the underlying RPC protocol to retrieve the identity of the method caller as specified in [MS-RPCE]. Clients create an authenticated RPC connection, and servers use this identity to perform specific access checks.

WINS server data and WINS server operations specified by this implementation are protected by access checks based on the identity of the RPC client.

Servers that implement this specification do not allow anonymous RPC connections and protect WINS access to all data and operations with access control checks based on client identity.

Clients or servers that implement this specification do not use RPC over named pipes because it is vulnerable to man-in-the-middle attacks. RPC over TCP/IP is used instead.

Servers that implement this protocol require clients to request RPC_C_AUTHN_WINNT, and servers enforce this requirement in order to protect the privacy of the communication with clients.