NetDDE
From SCADApedia
Contents |
Overview
Developed by Wonderware in the early 1990s, NetDDE extends the functionality of the Windows DDE protocol over a network. It is used to communicate real-time data and usually runs over NetBIOS (port 139). NetDDE has largely been replaced with other protocols such as OPC. It is still widely used in a variety of control system applications, however, because of its extended history and the long life cycle of the types of systems in which it is found.
History
1987: DDE introduced in Windows 2.0
1990: Wonderware develops NetDDE
1992: NetDDE introduced in Windows 3.1
1992-2004: NetDDE enabled in all Windows systems
2004: NetDDE services disabled in Windows XP SP2
2007: NetDDE services eliminated in Windows Vista
Use
NetDDE servers are available from a variety of vendors that allow communication with various field devices and disparate control system applications. For example, a small piece of server software may translate serial communications and make the data available to a remote machine using NetDDE. Most of the large control system vendors provide a NetDDE communication interface. A list of these applications is available on the Digital Bond subscriber site: Control System Applications with a NetDDE Interface One of the primary uses of the protocol is to share control system data with Microsoft Office applications. The protocol is also used to exchange data between applications from various software vendors.
Protocol
DDE uses a three level hierarchy to exchange data. The top level is the Application and defines the specific executable that will be used (e.g. Excel.exe). The application can be any executable that supports the DDE protocol. The next level is known as the Topic. This further narrows the scope of the data to be exchanged. In the Excel example, this would be the name of the spreadsheet. The bottom level is the Item, and defines the exact piece of data. For Excel, it would be a field value such as R1C1. (See Figure 1) To configure NetDDE shares, Microsoft bundles a tool called DDEshare.exe. Software vendors will often bundle their own tool for configuring and managing NetDDE shares. Three shares are found on a default Windows installation. (See Figure 2)
Figure 1
Figure 2
Security
The Windows NetDDE services should only be enabled if necessary and certain precautions should be taken if NetDDE is used. NetDDE shares can be configured according to the principle of least privilege by specifying the Application, Topic, and Item names rather than using the wild card options. The DDEShare tool also allows granular permissions to be set for Windows groups and users. This gives the administrator the ability to restrict which user accounts will be able to interact with the NetDDE shares over the network.
Figure 3
NetDDE, like most network services, has a history of vulnerabilities such as buffer overflows that have been patched by Microsoft. Neutralbit, a security firm based out of Barcelona, discovered another problem related to a vendor’s NetDDE configuration that had serious security implications. The details of the vulnerability can be found in this article: Invensys Wonderware InTouch creates insecure NetDDE share. The Neutralbit team created an exploit tool for this vulnerability that is available to Digital Bond site subscribers. The tool also provides the ability to enumerate and test the security of NetDDE shares.
External Links
Dynamic Data Exchange (DDE) and NetDDE FAQ
Using the Windows NT NetDDE Share Manager
How To Create a NetDDE Client and Server in Visual Basic
Control System Applications with a NetDDE Interface (Digital Bond Site Subscribers Only)
Download the nbDDE Tool (Digital Bond Site Subscribers Only)
