| ||
Do use a strong initial authentication mechanism.
Do perform ongoing message authentication for all network traffic your application produces.
Do encrypt all data for which privacy is a concern. Err on the side of privacy.
Do use SSL/TLS for all your on-the-wire crypto needs, if at all possible. It works!
Do not hesitate to encrypt data for efficiency reasons. Ongoing encryption is cheap.
Do not hardcode keys, and dont think that XORing with a fixed string is an encryption mechanism.
Do not ignore the security of your data on the wire.
Consider using network-level technologies to further reduce exposure whenever it makes sense, such as firewalls, VPNs, and load balancers.