Chapter 1. Common Security Problems on the Internet

By Matthew Lyons

IN THIS CHAPTER

• Problems with Securing Mobile Code

• Writing Secure Applications

Viruses, worms, Trojan horses, script kiddies, hackers. Late night calls to let you know that your Web site has been defaced . Is this what security means to you? Are we all doomed to follow the will of malicious teenage hackers with too much free time and not enough supervision?

It is a fact that we now live and work in a highly complex, interconnected world. There is so much complexity that it is mind boggling to attempt to fully comprehend the results that networked computing has had on our lives. While the times have changed, software practices largely have not kept up. System administrators have to worry about threats from inside their companies in addition to those from the Internet. There is a perception, though, that "security" only means installing a firewall on the network and an antivirus package on every machine. Software applications cannot be written with the assumption that they will only be run in trusted contexts. Viruses, worms, and other malicious code have shown that the same applications we rely on for day-to-day work can just as easily be the means for crippling an organization's network.

Before we can delve into the details of security in the .NET Framework, it is important to look at the key problems that need to be solved . Of all the current security problems with networked computing, there are a couple that are particularly thorny:

• How can we create and run rich, mobile applications without allowing them to access all resources on the machine?

• How can we prevent or mitigate common, yet pervasive software security problems like buffer overflows?