Known risks and vulnerabilities

This topic describes the risks and vulnerabilities that may exist when you use Microsoft Dynamics CRM. Mitigations and workarounds are also described when applicable.

Risks when users connect to Microsoft Dynamics CRM over an unsecured network

Issues that can occur when you run Microsoft Dynamics CRM without using Secure Sockets Layer (SSL) (HTTPS) are as follows:

• Visual chart definitions can be altered over an unsecured HTTP connection by using "man in the middle" type attacks. To mitigate this vulnerability, configure Microsoft Dynamics CRM to only use SSL. For information about how to configure Microsoft Dynamics CRM Server 2011 to use SSL, see Make Microsoft Dynamics CRM client-to-server network communications more secure in the Microsoft Dynamics CRM Installing Guide.

Security recommendations on server role deployments

The following recommendations can help make your Microsoft Dynamics CRM deployment more reliable and secure.

Server role	Recommendation
Sandbox Processing Service	Install this role to a dedicated server on a separate virtual LAN (VLAN) from other computers that are running Microsoft Dynamics CRM roles. Then, if there is a malicious plug-in running in the sandbox that exploits the computer, the network isolation from a separate VLAN can help protect other Microsoft Dynamics CRM resources from being compromised.
Help Server	Install this role on a separate computer if you implement an Internet-facing deployment (IFD). For more information, see Isolate the Help Server role for Internet-facing deployments in this guide.