Chapter 4: Networking Defenses

Previous page
Table of content
Next page

Overview

Windows Vista has so many improvements and new features in the networking area, we’d really need a whole book to properly cover the topic in any real depth. While there are improvements in nearly every area, and because any time you say “network” the phrase “security implications” naturally follows, we’re going to focus on the areas most likely to have a strong security impact on ordinary applications. The following areas include a great deal of new functionality:

  • Background Intelligent Transfer Service (BITS)–This includes peer-to-peer functionality, the ability to use IPv6 and HTTPS, and many other features.

  • Network List Manager–This is a new interface available only on Windows Vista that allows you to determine programmatically what type of network you’re connected to. We’ll be discussing this interface later in the chapter.

  • Peer-to-Peer–Although peer-to-peer functionality has been available in Windows since Windows XP SP1, Windows Vista introduces the peer-to-peer collaboration API. Some of the key scenarios enabled by the collaboration API set are multiplayer games, conferencing, and many other growing areas. Peer-to-peer requires a lot of infrastructure and builds from the ground up, and some of the implementations we’ve seen haven’t had any real focus on security. If you build on the infrastructure provided here, you’ll have more time to build a great application and spend less time worrying about the security of the infrastructure. Unfortunately, peer-to-peer is too broad an area for us to cover here.

  • Network Diagnostics Framework–There isn’t much connection between this framework and security, but we thought it was cool enough to mention. If your application depends heavily on the network being operational, this new set of APIs can help you figure out what’s wrong with your user’s connectivity to your server, which in turn allows you to present the user with better and more actionable information.

  • IPv6–It’s here, it’s on by default, and you ought to start supporting it in your networked applications. IPv6 still has a way to go before you’ll see many purely IPv6 networks, mostly because of older operating systems and some infrastructure issues, but you’ll need it to do peer-to-peer. Go learn more about it, and get ready to use it!

  • IP Helper API–The IP helper APIs have been updated to give a lot more support for IPv6, and there’s too many helpful new functions to list here. If you do a lot of low-level sockets programming, check these out.

  • Windows RSS (Really Simple Syndication) Platform–We’ll cover this later in this chapter.

  • Windows Sockets–There are a lot of changes here, primarily around IPv6 support. There’s also a really nice new API that allows you to connect to a remote server using a list of addresses. Another major change is that support has been dropped for obsolete protocols; only IPv4 and IPv6 are supported.

  • Windows Filtering Platform–If you build firewall applications for use on Windows, you need to check out the Windows SDK. If you just want your application to work well with the Windows Advanced Firewall, read on–we’ll cover that in detail. Hidden away in the WFP documentation are some great new extensions to Winsock that allow you to enforce security in your application and make it easy to impersonate socket clients.

  • Windows Firewall with Advanced Security–Windows is getting a much more robust and versatile firewall. The version available in Windows Vista can block outbound connections as well as inbound connections, can be applied to services, supports IPv6, and much more. For a great user experience, you’ll want your application to register firewall rules on set up.

  • Teredo–This is a transitional technology to allow IPv6 applications to work while transiting IPv4 networks, especially NAT (network address translation) devices. Teredo is needed to enable peer-to-peer networking when running over the Internet.


Previous page
Table of content
Next page
Writing Secure Code for Windows Vista
Writing Secure Code for Windows Vista (Best Practices (Microsoft))
ISBN: 0735623937
EAN: 2147483647
Year: 2004
Pages: 122
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
VBScript Programmers Reference
Systematic Software Testing (Artech House Computer Library)
802.11 Wireless Networks: The Definitive Guide, Second Edition
MPLS Configuration on Cisco IOS Software
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy