Chapter 13: Understanding .NET Security and Cryptography

Previous page
Table of content
Next page

Security is a critical part of every enterprise application. It was not too long ago that a simple login page that validated an entered password against a value stored in a database was enough to protect application data and services. Today, there are many approaches to system infiltration at multiple tiers of an application. Also, there are many more people trying to steal valuable corporate data or maliciously attack online services.

The .NET Framework provides a variety of solutions for adding layers upon layers of security over an enterprise application. These solutions collect user credentials, validate them against an authority, evaluate role membership, and encrypt sensitive data. This chapter describes some of the known techniques of application infiltration, outlines some approaches to protecting applications against security violations, and helps define a policy for enterprise-wide security.

Defining Layers of Application Security

Application security is a broad subject that means different things to different people. Even worse , developers typically take application security lightly during application development or even put it off to the end. However, developers must design effective security into the application and clearly spell it out from the beginning of development. They must decide early what data or functionality to guard and to what extent. Furthermore, they need to weigh data security against application performance.

Ideally, you should implement application security in a layered fashion, applying a variety of solutions that protect the application in different ways. These layers represent fundamental concepts such as authentication, authorization, environment configuration, and data encryption. As Figure 13-1 illustrates, these security layers wrap around application data to significantly increase the complexity of outside infiltration. Individually, each layer may be only a moderate deterrence. Working together, however, the layers pose an effective defense that slows aggressors.

click to expand
Figure 13-1: Layers of application security

The outermost layer represents basic application security implemented through an authentication service that validates who the user is. The next layer represents an authorization service that identifies what the user can see and do. The next layer represents the environment security such as the database, file server, Web server, or Active Directory that further obstructs access to the underlying data. And, if the application is sensitive enough, the innermost layer represents data encryption that renders the underlying data unreadable.



Previous page
Table of content
Next page
Developing. NET Enterprise Applications
Developing .NET Enterprise Applications
ISBN: 1590590465
EAN: 2147483647
Year: 2005
Pages: 119
Authors: John Kanalakis
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Microsoft VBScript Professional Projects
File System Forensic Analysis
Junos Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy