Sin 8: Failing to Protect Network TrafficSummary

Previous page
Table of content
Next page

Sin 8: Failing to Protect Network Traffic Summary

  • Do perform ongoing message authentication for all network traffic your application produces.

  • Do use a strong initial authentication mechanism.

  • Do encrypt all data for which privacy is a concern. Err on the side of privacy.

  • Do use SSL/TLS for all your on-the-wire crypto needs, if at all possible. It works!

  • Do not ignore the security of your data on the wire.

  • Do not hardcode keys, and dont think that XORing with a fixed string is an encryption mechanism.

  • Do not hesitate to encrypt data for efficiency reasons. Ongoing encryption is cheap.

  • Consider using network-level technologies to further reduce exposure whenever it makes sense, such as firewalls, VPNs, and load balancers.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Postfix: The Definitive Guide
Programming Microsoft ASP.NET 3.5
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
Quantitative Methods in Project Management
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy