Summary

This chapter has demonstrated several new features of code groups and policies. Now that you’ve completed this chapter, you should have a better idea of how both .NET security features work at a low level. More important, you know how to manage these security features so that you can prevent most security problems and detect those that do get past your defenses. The goal of this chapter is to help you understand how policies and code groups work together to create a cohesive .NET security strategy.

Now that you have a better idea of how policies work, you should define a default security policy for your system at all three levels: enterprise, machine, and user. Make sure you use the tips found in the chapter to refine your security strategy. Remember that it’s important to have a written policy that works with the software policies you create.

Chapter 6 discusses the process of validation and verification. Validation is the process of checking that code, data, and resources are intact. You use validation to detect any changes that a cracker makes to your system. It’s also useful for ensuring your code doesn’t contain any changes before you run it. Verification is the process of determining identity. In this case, identity includes both the caller and recipient. It’s important to verify the identity of both servers and workstations in a world where crackers use both ends of the communication channel to overcome and overwhelm security measures.