Chapter 12 -- Secure Connectivity

Chapter 12

The ability to communicate in a secure manner is absolutely essential to server software. No matter how much time and effort you spend applying access control and security to the objects on your system, your investment is virtually worthless if your server is not constantly sure of two things:

• Your server must be sure who its client is. That is to say, your server must be able to authenticate the party with which it is communicating.
• Your server must be able to ensure that the information passing between itself and its client has not been modified (or perhaps even viewed) by a third party.

Server software usually has many rights on the system that hosts it—if your server can be sure of these two things, you can be assured that its power is not being abused and the system's security is in tact.

The challenge for the developer of a service running on Microsoft Windows 2000 is to authenticate clients and enable the service to communicate securely with these clients in a manner that integrates well with the Windows security model. Meeting this challenge is the focus of this chapter, but first I will be covering some history and defining some terms.