Network List Manager


As programmers, we’ve never had an easy time trying to figure out whether the computer was connected to a network and what sort of network it was connected to; in some extreme cases in the really bad old days, we were reduced to redirecting the output of console applications and parsing the text! Over the years, things have gotten better: Windows XP and Windows Server 2003 gave us the Network Location Awareness Winsock extensions. The IP helper API set, found in Windows 2000 and later, was a huge step in the right direction as well. With Windows Vista, we now have the Network List Manager (NLM) APIs, that bring most of what we need into a common set of functions.

You may also be wondering why we’re covering the NLM in a book about security. You might rightly accuse us of being network programming geeks, but networks and security go hand-in-hand. If you don’t understand what the network is doing, you can’t hope to effectively secure an application that interacts with the network, and there isn’t much these days that doesn’t deal with the network directly or indirectly. Some of the concepts and properties of networks discovered through the NLM will play an important role later in this chapter when we discuss the new firewalling API sets.

We’re not going to attempt to cover the material presented in the Windows SDK here; this is just a quick overview so you’ll know what’s available. The highest level interface you might want to deal with is the INetworkListManager, which allows you to determine whether:

  • The system is connected to any network, via the get_IsConnected property.

  • The system is connected to the Internet, using the get_IsConnectedToInternet property.

  • The system as a whole has connectivity to a local subnet, a local network, or the Internet. All of these parameters can be found for both IPv4 and IPv6. This information is obtained using the GetConnectivity method.

  • An enumerator for the list of network connections on this system can be obtained. You can find only connected, only disconnected, or all networks using the GetNetworks method. You can also find all the connections using the GetNetworkConnections method.

A related interface is the INetworkListManagerEvents, which exposes one sink method, ConnectivityChanged. The ConnectivityChanged method allows your application to be notified if any of the properties INetworkListManager::GetConnectivity returns have changed. At a more granular level, you can also register sinks exposed by the INetworkEvents interface to determine if a network has been added or dropped. Unless you’re writing a network monitoring or management tool, it’s rare for an application to need to drop to this level.

Although most of the properties for individual networks aren’t especially interesting from a security perspective, the INetwork::GetDomainType method tell us whether a domain controller is present on your network and, if one is present, whether your connection has authenticated to the domain controller. Some applications should change functionality when domain status changes.

For example, Outlook 2007 knows to connect to the internal Exchange server when my laptop is connected to the Microsoft corporate network, but it isn’t confused by my home domain controller when connected to my home network and instead connects to Outlook Web Access.

Another interesting property of a network is obtained from INetwork::GetCategory, and this tells you if you’re on a domain, public, or private network. The firewall included with Windows Vista determines which policy to use on the basis of the return value for this method. If your application changes firewall rules depending on which network category your customer’s system is connected to–and please note that this is a property of a network, which means that you could have different rules in effect for different networks–then you may want to monitor the system for changes so that your application can gracefully handle changes instead of presenting unintelligible errors to the user. Additionally, you may want your application to behave more conservatively and expose less attack surface when running on a public network.



Writing Secure Code for Windows Vista
Writing Secure Code for Windows Vista (Best Practices (Microsoft))
ISBN: 0735623937
EAN: 2147483647
Year: 2004
Pages: 122

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net