Mitigate the risk of broken authentication

The IIS web server can be configured to authenticate each HTTP request or the TCP connection with a Kerberos ticket. With Airlock Gateway, HTTP requests from different users are sent over the same TCP connection to the back-end server. Under these circumstances, it is important that the IIS web server re-authenticates each request.

Chapter-related warnings

HIGH – Mitigate the risk of broken authentication

Implement one of the actions listed below to mitigate the risk: