Security

Summary

With today’s constant worries about security, you need to know how to incorporate security features in your C# network programs. This chapter presented various .NET security features that can be easily used in programs.

The .NET CLR uses security policies to determine how (and if) applications run on the system. Each application is a member of a security group based on characteristics of the application (such as the location or the author of the application). The CLR system uses security permission sets to determine each security group’s permissions for local system resources such as files and network sockets.

You can use the caspol program, included in .NET, to determine the security settings for a machine and to modify security settings to grant your applications the appropriate permissions to access network sockets. Often, if applications are run from a remote file server disk share, they will not have sufficient permissions to access network sockets on the system. To solve this problem, you can add the appropriate group (usually intranet) to the Everything permission set.

The .NET network library also includes classes for securing the network sockets that applications can access. The SocketPermissionAttribute class allows you to define attribute commands within your C# network programs to block customers from using specified sockets or IP addresses. Each metadata command defines a security attribute that is implemented on the application. If a security attribute specifies to deny access to a specific network port, the application will throw a SecurityException if the port is accessed.

Sending data across the network to a remote network host is dangerous. Depending on the network, there can be many prying eyes watching at data packets as they traverse the network. To protect your data, it is a good idea to implement some type of encryption technique before sending it out on the network. The .NET library includes several excellent encryption classes to assist you in this task.

The easiest way to implement encryption in a network program is to use a symmetric encryption class. Symmetric encryption allows the data to be encrypted in variable-length blocks, which can be chained together to form a stream. The encrypted data stream can then be passed to any other type of stream, including a NetworkStream. Often though, it is easier to handle the data by placing it in a MemoryStream and creating a byte array from the stream data. The byte array can then be safely sent across the NetworkStream as normal, using standard network stream techniques. When the data is received on the other end, it must be decrypted back to the original data using the same key pair that was used to encrypt it.

Over the past 17 chapters, we have covered lots of networking topics. I hope you have enjoyed your experience in learning network programming and that you’re ready to go off and create your own network applications. With the advent of new networking technologies, there is always something new to learn in the area of network programming. It is a good idea to stay in touch with the current network trends by browsing networking newsgroups and keeping up with the latest RFCs. Happy networking