CAS can be applied to running socket applications. This is important because a socket application potentially can talk with any network application on the Internet. Fortunately, CAS allows you to control how applications use sockets and Domain Name System (DNS) on your computer.
As we have seen, the .NET Framework provides CAS for the Socket class. Running a server requires having the Socket Access Accept permission in order to create a listening socket that can receive connections from a network. Running a client application requires the Socket Access Connect permission to connect a remote socket. These permissions apply to all instances of the Socket class, including Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Having CAS on sockets helps prevent random applications from using network sockets.
In version 1.1 of the .NET Framework, both the Socket Access Accept and Connect permissions are granted only to applications run in the My Computer zone. Code executed from other zones will result in a System.Security.SecurityException being thrown.
Most socket applications require DNS service to resolve names to network addresses when setting up network communication. Since DNS is designed to communicate over a network, CAS permissions are also required to allow an application to query DNS. You can configure the .NET Framework to either allow or deny assemblies to query DNS using the DNS CAS permission.
Using DNS to resolve host names in your application can be hazardous because names in DNS can be spoofed by an attacker. DNS spoofing is an attack on a DNS server where an attacker fools a DNS system into believing a domain name is something other than it really is. As a result, you should be aware that DNS spoofing can cause your application to connect to another host that you do not intend to connect to.