Chapter 11 -- Application Security

Chapter 11

About This Chapter

With the advent of distributed applications, it's becoming important to implement effective security to counteract the increased exposure and complexity of the software. Greater opportunities to manipulate data on local computers or across the network mean that application developers need to have a basic awareness of protocols and applications that use security today to help them design and create applications for tomorrow.

We begin this chapter by looking at different security-related protocols. We then look at the basic security concepts of authentication, which involves identifying users precisely and reliably when they log onto the system and when they access any resource within it; and encryption, which stores and passes information from one place to another so that it can't be read by anyone who intercepts it. We also discuss access control, which determines what users are allowed to accomplish, and auditing, which records what goes on inside the operating system as users request and work with the resources it makes available to them. Finally, we take a look at log files, event logs, and distributed environments.

The principles and guidelines we provide in this chapter are based on our own experience with the creation of application architectures and the implementation of modern applications, together with the following sources:

  • Mary Kirtland's Designing Component-Based Applications
  • The Microsoft Mastering Series Group's Mastering Enterprise Development Using Microsoft Visual Basic 6 courseware
  • Microsoft Visual InterDev online Help
  • Microsoft Windows NT Workstation 4.0 Resource Kit
  • Microsoft Internet Information Server 4.0 online Help
  • Microsoft Technet's article #Q102716, "User Authentication with Windows NT"
  • The Microsoft PBS Web team's white paper Secure Networking Using Windows 2000 Distributed Security Services
  • Mark Bieter's white paper Internet Information Server Security Overview

Upon completion, you will be able to:

  • Understand how to implement application security requirements.
  • Identify security authentication methods.
  • Understand basic authentication capabilities of Web services.
  • Identify security access methods.
  • Identify different methods of encrypting information.
  • Understand the benefits of application auditing.
  • Identify methods for application auditing.

Microsoft Corporation - Analyzing Requirements and Defining Solutions Architecture. MCSD Training Kit
Microsoft Corporation - Analyzing Requirements and Defining Solutions Architecture. MCSD Training Kit
Year: 1999
Pages: 182 © 2008-2017.
If you may any questions please contact us: