|
|
Many applications pass security sensitive data across networks to and from end users and between intermediate application nodes. Sensitive data might include credentials used for authentication, or data such as credit card numbers or bank transaction details. To guard against unwanted information disclosure and to protect the data from unauthorized modification while in transit, the channel between communication end points must be secured.
Secure communication provides the following two features:
Privacy. Privacy is concerned with ensuring that data remains private and confidential, and cannot be viewed by eavesdroppers who may be armed with network monitoring software. Privacy is usually provided by means of encryption.
Integrity. Secure communication channels must also ensure that data is protected from accidental or deliberate (malicious) modification while in transit. Integrity is usually provided by using Message Authentication Codes (MACs).
This chapter covers the following secure communication technologies:
Secure Sockets Layer / Transport Layer Security (SSL/TLS). This is most commonly used to secure the channel between a browser and Web server. However, it can also be used to secure Web service messages and communications to and from a database server running Microsoft® SQL Server™ 2000.
Internet Protocol Security (IPSec). IPSec provides a transport level secure communication solution and can be used to secure the data sent between two computers; for example, an application server and a database server.
Remote Procedure Call (RPC) Encryption. The RPC protocol used by Distributed COM (DCOM) provides an authentication level (packet privacy) that results in the encryption of every packet of data sent between client and server.
|
|