Introduction

More than a decade ago I used to write keyboard hooks. Placed on any DOS-based computer, a keyboard hook recorded every single keystroke, which made easy work of cracking e-mail accounts, logging into applications, and reading everything typed at that keyboard. For a month or two I played a few harmless pranks no worse than Fred and George Weasley of Harry Potter fame. In addition to being very successful I never came close to getting caught. (I also avoided pestering businesses; only fellow students and coworkers were fair game.) I quickly realized that this kind of tomfoolery could lead to serious trouble and that if I were able to manipulate operating systems and software so easily, I might be able to make a good living and avoid an unnecessary trip to the Lompoc or Danbury Federal Penitentiaries. Unfortunately there are hundreds, perhaps thousands of very intelligent people who either haven't grown up or have accepted a missionary zeal for hacking and mischief.

That's right. Some hackers are smart. They may even be some of the cleverest programmers around. Being a firm believer in a limited number of conspiracies, I wouldn't be surprised if a few of these clever hackers work in places that produce antivirus software or opposing forces operating systems, as well as in government agencies. This is big business, and we know that occasionally even agencies at the highest echelon participate in conspiracies. Ask Gordon Liddy.

For this reason security requires a holistic approach. Security is not Microsoft's problem alone. It is everyone's problem, and although the press would like to heap the blame squarely on the shoulders of Microsoft because such stories sell papers, many of the best hacks came from and probably do still come from the UNIX world. Did you ever write while(1) fork(); and compile it with gcc , the UNIX command-line compiler? It will shut down an improperly configured UNIX network every time. If your company is relying on Microsoft to provide a foolproof, one-size-fits-all, whiz-bang security system, your company will suffer eventually, despite all the help Microsoft can provide.

Good security requires a combination of practices that include limited physical access to hardware; published and enforced policies relating to source code and data, especially if taken offsite; limited access to resources via VPNs, FTP, Telnet, and other dial-in connections; a separation of database servers and Web servers, placing a firewall between each physical server; careful management of Windows users and groups, especially administrative accounts; source code that checks for buffer overruns; application of the latest security patches and upgrades; and a hawkish diligence and proactive attitude toward security. In other words, if something must be protected, you need an expert ” specifically a pedantic, super- paranoid expert capable of recommending , implementing, and enforcing security practices to the annoyance of all reasonable developers. You need the kind of person most developers will, ironically, find to be a bit of a nuisance. Security personnel are the police officers for your data. (And who doesn't find a police officer occasionally annoying, especially when you get pulled over because you failed to signal within a hundred feet of a turn and your birthday happens to coincide with Fat Tuesday and it is midnight? Personally, I love the police ”but I digress.)

I don't profess to find security thrilling. I am one of those people who find the kind of security expert we need annoying because true security fanatics are zealots, and they often create speed bumps for productive programmers. Generally, I prefer a pragmatic approach to security, which is to apply what I believe to be a reasonable and sufficient amount of security tuning. As an architect I tend to rationalize trade-offs between cost of development and overkill, whereas a true security fanatic will likely find insufficiencies in any amount of security.

For our purposes here we will refine our discussion to some of the new features in .NET security, specifically code access security . Due to a limited amount of space I will assume that you have some knowledge of role-based security and management of Windows user accounts and groups. If you need a comprehensive presentation on security practices as a whole, I recommend .NET Framework Security by Brian LaMacchia et al. [2002].