Security

Each day, more and more computers are being connected together, and the benefits are outstanding. Now, computers (and people) can communicate with one another, combining pieces of information from different sources to produce results that were not imaginable just a few years ago. I'm sure that everyone reading this book believes that sharing information is a good thing for all humankind.

But I'm just as sure we all have some information about ourselves that we'd like to keep private. And we live in a world where some people perform malicious acts such as deleting important pieces of information from disk drives or databases. Even when malice isn't the intent, someone can delete or change some important piece of information by accident. To address security issues, the servers we implement must verify the client making the information request and must ensure that the client is restricted from performing unauthorized operations. If the server software does not handle the security validations correctly, the results are disastrous. Unfortunately, we hear stories about this every day.

Although the need for security has grown over the years, many developers still have the luxury of all but ignoring security. Today, operating systems such as Microsoft Windows 2000 offer a tremendous number of built-in security features, freeing application developers from dealing directly with security issues in their code. The built-in features give the individual user the ability to secure files in ways that were previously available only in server operating environments. Application code needs only to deal gracefully with an "Access Denied" result when attempting to open a secured file.

Whereas this built-in security makes the application developer's life simpler, it does not afford the service developer the same luxury. Your server is a doorway that opens your system to the outside world. If you do not place capable guards at this doorway, you will be making your server software and its data vulnerable to attack. In the worst-case scenario, you might reveal your entire system or local network to the outside world. To guard against attacks, your server software must contain security-conscious code. Fortunately, Windows 2000 offers a sound security architecture and functions that can greatly simplify the work of a server developer.

Windows offers mechanisms that allow your software to detect who is connecting to your server. It also allows your software to set access permissions for data controlled by your service. Once you know which client desires access to what data, Windows can perform an access check to validate this client's request. Using the system's built-in mechanisms makes your development easier, but you still have to intentionally consider security issues when designing your service. In addition to deciding who has access to what, Windows provides features that allow the encryption and decryption of data as it transfers from one machine to another.

Part IV of this book is dedicated to Windows security features. The information in these chapters will explain the Windows security architecture and give you the tools necessary to develop a server that is secure from attacks and human errors.

NOTE

---

To be eligible for Microsoft's "Certified for Windows 2000 Server" logo and BackOffice Logo programs, your service must support Single Sign-On (SSO). Single Sign-On means that the user enters his password just once when he first approaches the machine; the user is never asked for his password again. Once authenticated, all services just use the user's authenticated information. Windows' built-in security mechanisms (in particular, impersonation) make it easy for your service to support unified logon. The following Web sites have additional information on Microsoft certification and logo programs:

http://msdn.microsoft.com/certification/
http://msdn.microsoft.com/winlogo/
http://www.microsoft.com/backoffice/designed/