Known risks and vulnerabilities
This topic describes the risks and vulnerabilities that may exist when you use Microsoft Dynamics CRM. Mitigations and workarounds are also described when applicable.
Risks when users connect to Microsoft Dynamics CRM over an unsecured network
Issues that can occur when you run Microsoft Dynamics CRM without using Secure Sockets Layer (SSL) (HTTPS) are as follows:
- Visual chart definitions can be altered over an unsecured HTTP connection by using "man in the middle" type attacks. To mitigate this vulnerability, configure Microsoft Dynamics CRM to only use SSL. For information about how to configure Microsoft Dynamics CRM Server 2011 to use SSL, see Make Microsoft Dynamics CRM client-to-server network communications more secure in the Microsoft Dynamics CRM Installing Guide.
Security recommendations on server role deployments
The following recommendations can help make your Microsoft Dynamics CRM deployment more reliable and secure.
Server role |
Recommendation |
---|---|
Sandbox Processing Service |
Install this role to a dedicated server on a separate virtual LAN (VLAN) from other computers that are running Microsoft Dynamics CRM roles. Then, if there is a malicious plug-in running in the sandbox that exploits the computer, the network isolation from a separate VLAN can help protect other Microsoft Dynamics CRM resources from being compromised. |
Help Server |
Install this role on a separate computer if you implement an Internet-facing deployment (IFD). For more information, see Isolate the Help Server role for Internet-facing deployments in this guide. |