Secure communication
Release Date: 9/29/2004
| Update Date: 9/29/2004
This chapter
Distributed applications typically process sensitive data. Sensitive data may include credentials or data for authentication (such as credit card numbers or bank transactions). Whether the information is stored in the database or in the intermediate application node, it is important to maintain security.
Secure Communications in the Intermediate Web Application Node is an important part of a thorough security system, and it is especially important when the application passes a bright message through the public network (like the Internet).
This chapter discusses the necessity of secure communication, describing security communication technologies that can be utilized in the ASP.NET web application.
aims
Use this chapter:
• Learn Why and how to communicate securely on all levels of distributed .NET web applications. • Understand the purpose, capabilities and limitations of three core technologies that implement secure communications: SSL / TLS, IPSEC and RPC encryption. • Determine which way SSL / TLS, IPSec and RPC encryption is best suited for secure communication between different entities of your distributed web application.
Applicable to:
This chapter applies to the following products and technologies:
• Microsoft® Windows® XP or Windows 2000 Server (Service Pack 3), and later operating system • Microsoft Internet Information Services (IIS) 5.0 and later version • SQL ServerTM 2000 (Service Pack 2) and later version
How to use this chapter
To learn this chapter:
• Read "Introduction to the Safety ASP.NET Web Application", define the importance of distributed web applications secure communication. • The "ASP.NET Application Security Model" is provided, providing the architecture and technology overview used in the creation process of distributed ASP.NET Web program, focusing on this instrument architecture suitable for use certification, authorization and Safe communication location. • Demonstration of secure communication technology discussed in this chapter, please read the section below:
• "How to Call A Web Service Using SSL". • "How to set up SSL ON A Web Server". • "How to use ipsec to provide secretations Between Two Servers". • "How to use SSL to Secure Communication with SQL Server 2000".
This page
Understand what SSL / TLS you want to protect before you start using SSLIPSec encryption using IPSecrpc Encryption using RPC encrypted point security between IPSec and SSL selection field and load balancing summary
Before you start
Many applications communicate securely sensitive data from end users through the network and from end users and between the intermediate application nodes. Sensitive data may include credentials or data for authentication (such as credit card numbers or bank transactions). In order to prevent unnecessary information leakage and protection data from unauthorized modifications during transmission, the channel between communication terminals must be safe.
Secure communication has the following two features:
• Confidentiality. Confidentiality refers to ensuring that the data is private and confidential, and the drops of the network monitoring software will not be viewed. It is usually achieved by encryption. • Integrity. The secure channel must also ensure that the data is protected from unexpected or deliberate (malicious) during transmission. Integrity is usually implemented by using the Message Authentication Code (MAC).
This chapter contains the following secure communication technologies:
• Safety socket layer / transport layer security (SSL / TLS). This is usually used to protect channel security between browsers and web servers. However, it can also be used to protect the security of web service messages and communication from the database server running Microsoft? SQL Server® 2000. • Internet Protocol Security (IPSec). IPSec provides a transfer-level security communication solution that protects data between two computers (eg, an application server and a database server). • Remote Process Call (RPC) Encryption. The RPC protocol used by distributed COM (DCOM) provides an authentication level (packet confidentiality) that encrypts each packet transmitted between the client and the server. Back to top
Learn about what to protect
When a web request passes the physical deployment layer of your application, it has many channels. Figure 1 shows a commonly used web application deployment model.
Figure 1 Typical web deployment model
In this typical deployment model, a request is to pass three different channels. The link to the client to the web server may be implemented via the Internet or company intranet, usually using HTTP. The remaining two links are done between the internal servers in the company domain. Even so, the above three linkages is worryable. Many intranet-based applications are transmitted secure sensitive data between layers; for example, handling sensitive employee data for human resources and payroll applications.
Figure 2 shows how to combine SSL encryption, IPSec encryption, and RPC encryption to protect each channel.
Figure 2 typical web deployment model with secure communication
The choice of technology should be based on many factors, including transport protocols, endpoint technology, and environmental considerations (such as hardware, operating system versions, firewalls, etc.).
Back to top
SSL / TLS
SSL / TLS is used to establish an encrypted channel between the client and the server. The handshake mechanism for establishing a safety channel has detailed records, and more information can be found in the following article in the Microsoft Knowledge Base:
• Q257591, "Description of the Secure Sockets Layer (SSL) Handshake" • Q257587, "Description of the Server Authentication Process During the SSL Handshake" • Q257586, "Description of the Client Authentication Process During the SSL Handshake"
Back to top
SSL
When you use SSL, you should pay attention to the following points:
• When applying SSL, the client uses the HTTPS protocol (and specifying https: // URL), and the server listens on TCP port 443. • When SSL is enabled, the performance of the application should be monitored. SSL encrypts or decrypts data using complex encryption, so there is an impact on the performance of the application. The maximum performance shock occurs in the initial handshake, because it is used as the asymmetric public key / private key encryption. After this (after generating and exchanged the security session key), the application data will be encrypted using faster symmetrical encryption. • You should optimize the page with SSL, the method to make the page contain less text and simple graphics. • Because in the establishment of the session, the performance related to SSL is destroyed, so make sure your connection is not timeout. You can accurately adjust it by adding the value of the ServerCachetime registry key. For more information, see Q247658 in the Microsoft Knowledge Base article, "How to: Configure Secure Sockets Layer Server and Client Cache Elements". • SSL requires the server authentication certificate on a web server (or on the Database Server if you use SSL to communicate with SQL Server 2000). For more information on installing a server authentication certificate, see "How to set up SSL ON A Web Server" Reference "section of this guide (" How to install SSL on the web server ")." Back to top
IPsec
IPSec can be used to protect data security between two computers (eg, an application server and a database server). IPsec is completely transparent to the application because encryption, integrity, and authentication services are implemented at the transfer level. The application continues to communicate with each other using TCP ports and UDP ports.
With IPsec, you can:
• Implement the message confidentiality by encrypting all the data transmitted between the two computers. • Message integrity (no need to encrypt data) between two computers. • Provide mutual authentication between two computers (not users). For example, a policy that allows only requests from specific client computers (such as applications or web servers) can be established to help ensure the security of the database server. • Restriction which computers can communicate with each other. It is also possible to limit communication with specific IP protocols and TCP / UDP ports.
Note: The purpose of IPSec is not to replace application-level security. Today, it is used as a deep defense mechanism or to protect unsafe applications (without having to change them), and to protect non-TLS protocols from attacks from network lines.
Back to top
Use IPSec
When you use IPSec, you should learn about the following information:
• IPSec can be used for authentication or in encryption. • There is no IPSec API for developers to control settings in program mode. IPSec is fully controlled and configured by the management unit of IPsec within the local security policy Microsoft Management Console (MMC). • IPsec in Microsoft Windows 2000 operating system does not protect all IP communication types. Specifically, it cannot be used to protect broadcast communication, multiple broadcast communication, Internet key exchange communication or Kerberos (it is already a security protocol) communication. For more information, see Microsoft Knowledge Base Article Q253169 Enable communication - and cannot be protected - Be Secured by ipsec • You can use IPSec filter to control when IPSec. To test the IPsec policy, use the IPSec monitor. IPSec Monitor provides information about which IPsec policy is active and whether the security channel between the computer has been established. For more information, see the following knowledge base articles: • Q313195, "How to do: How to use IPsec Monitor in Windows 2000 • Q231587," View IPSec Communication with IP Security Monitor "• To create two servers Trust, you can use IPsec with mutual authentication. This method uses a certificate to verify the identity of the two computers. For more information, see the following knowledge base articles:
• Q248711, "L2TP / IPSec support Mutual authentication method" • Q253498, "How to do: Install the IP Security certificate" • If you need to use IPsec to protect the communication security of the two firewall separated by firewalls, please Make sure the firewall does not use "Network Address Translation (NAT)". IPSec cannot run on any NAT-based device. For more information and configuration procedures, see Q233256, "How to Enable IPSec Traffic THROUGH A FireWall" Microsoft Knowledge Book "How to use ipsec to provide Secure Communication Between Two Servers."
Back to top
RPC encryption
RPC is the basic transmission device mechanism used by DCOM. RPC provides a configurable authentication level, including complete encryption from no authentication (and no data protection) to the parameter state.
The safest level (RPC Packet Confidentiality) is called for each remote process (and each DCOM method called) encrypted parameter state. The RPC encryption level (40 or 128 bits) depends on the version of the Windows operating system running on the client and the server.
Back to top
Using RPC encryption
The most likely to use RPC encryption is: When your web-based application is communicated with service components on remote computers (within Enterprise Services Server Applications).
In this case, use RPC packet confidential authentication (and encryption), you must configure the client and server. High watermark consultation processes occur during client and servers, ensuring higher settings in both (clients and servers).
Define Server settings can be used to define server settings at Enterprise Services by using the .NET property, or by using the Component Service management tool by deploying.
If the client is an ASP.NET Web application or web service, the COMAUTHENTINTINEVEL attribute of the element will be used
For more information on the RPC authentication level negotiation and service component configuration, see this chapter, "Enterprise Services Security."
Back to top
Point-to-point security
Point-to-point communication schemes can be roughly divided into the following topics:
• Browser to Web Server • Web Server to Remote Application Server • Application Server to Database Server
Browser to WEB Server
To protect the security of sensitive data transmitted between browser and web servers, use SSL. In the following cases, you need to use SSL:
• You use "Form" authentication, you need to protect the clear text credentials submitted from the login form to the web server. In this case, you should use SSL protection access to all pages (not just a login page), make sure that the authentication cookies generated during the initial authentication process keeps the client browser and the application session throughout the process Safety. • You use "Basic" authentication, you need to protect (Base64 encoded) clear text credentials. When "Basic" authentication is sent to the web server downward credentials to the web server (not just the initial request), you should use SSL to secure access to all pages (not just the initial login page). Note: Base64 is used to encode binary data into printable ASCII text. Unlike encryption, it does not provide the integrity and confidentiality of messages. • Your application passes sensitive data (or opposite) between browsers and web servers; for example, credit card numbers or bank accounts detail.
Web server to remote application server
IPSec encryption, SSL encryption, or RPC encryption should be used to protect the transmission channel between the web server and the remote application server. Selection depends on the transport protocol, environmental factor (operating system version, firewall, etc.).
• Enterprise Services If your remote server is a host of one or more service components (on an Enterprise Services server application), you communicate directly with them (so use DCOM), use RPC packet confidentiality encryption. For more information on how to configure RPC encryption between web applications and remote service components, see "Enterprise Services Security". • Web Services If your remote server is a host of Web Services, you can choose between IPSec and SSL. Because the web service has used HTTP transmission, you should usually use SSL. SSL also allows you to encrypt only data that is incorporated and transmitted from a web service (instead of all communications transmitted between the two computers). IPSec encrypts all communications transmitted between the two computers. Note: Message level security (including data encryption) is resolved by the Global XML Web Service Architecture (GXA) "initiative (which is the WS security specification). Microsoft provides a Web Services Development Kit that allows you to develop message-level security solutions. This can be downloaded from http://msdn.microsoft.com/webservices/building/wsdk/. • NET components (using .NET remote processing). If your remote server is a host of one or more .NET components and connects to them through TCP channels, IPSec can be used to provide secure communication links. If you are an ASP.NET, you can use SSL (use IIS configuration). Application Server to Database Server
To protect the data transmitted between the application server and the database server, you can use IPSecure. If your database server runs SQL Server 2000 and the SQL Server 2000 network library is installed on the application server, you can use SSL. The latter selection requires the server authentication certificate to be installed in the computer store of the database server.
In the following cases, you may need to protect the database server link:
• You connect to the database server and do not use Windows authentication. For example, you may use SQL Server to use SQL authentication, or you may connect to a non-SQL Server database. In these cases, the credentials are passed in plaintext, so security is a very important issue. Note A main advantage for SQL Server Using Windows Authentication is that it means that the credentials no longer pass the details of Windows and SQL authentication through the network, see "Data Access Security". • Your app may submit or use sensitive data from a database (for example, salary data).
Use SSL to SQL Serve
If you use SSL to protect the SQL Server database channel, consider the following:
• To make SSL take effect, you must install server authentication certificates in computer storage on the database server. On the client computer must also have a root "certificate authority" certificate issued by the same (or trusted) authority issued by the server certificate. • The client must have installed the SQL Server 2000 connection library. Early versions or universal libraries will not be able to run. • SSL can only work on TCP / IP (SQL Server Recommended Communication Protocol) and nomenclature. • You can configure the server into all connections (from all clients) to use encryption. • On the client, you can:
• Force all outgoing connections encrypted. • By using the connection string, allow the client application to select whether to use encryption for each connection. • Unlike IPsec, if the client or server IP address changes, the configuration changes are not required. More information
For more information on SSL for SQL Server, see the following resources:
• "How to use SSL to Secure Communication with SQL Server 2000." • Webcast: "Microsoft SQL Server 2000: How To Configure SSL Encryption (April 23, 2002)"
Back to top
Choose between IPSec and SSL
When choosing between IPsec and SSL, consider the following points:
• IPsec can be used to protect all IP communication between computers; and SSL is specific to individual applications. • IPsec is the setting of the computer range and does not support encryption of a particular network connection. However, the site can be divided into or without using SSL. In addition, when you use SSL to connect to SQL Server, you can select whether to use SSL based on each connection (from the client application). • IPSec is transparent to the application, so it can be used to run security protocols on IP, such as HTTP, FTP, and SMTP. SSL / TLS is closely related to the app. • In addition to encryption, IPSec can also be used for authentication of computers. This is especially important for trusted subsystem schemes. In this scenario, the database authorizes a fixed identity from a particular application (running on a specific computer). IPsec can be used to ensure that only specific application servers can be connected to the database server to prevent attacks from other computers. • IPSec requires two computers to run Windows 2000 or higher. • The SSL can work based on NAT-based firewalls, while IPsec cannot.
Back to top
Building a field and load balancing
If you use SSL in multiple virtual Web sites, you need to use unique IP addresses or unique port numbers. The same IP address and port number cannot be used on multiple sites. If the IP address is used in conjunction with server similarity in the load balancer, the effect is better.
More information
For more information, see Q187504 in the Microsoft Knowledge Base, "HTTP 1.1 Host Headers Are Not Supported When You Use SSL".
Back to top
summary
This chapter describes how to combine SSL encryption, IPSec encryption, and RPC encryption, provide you with end-to-end secure communication solution for your distributed application. In summary:
• Channel security care is the security of data passed through Internet and company Intranet. • Consider the security requirements for web browsers to web servers, web servers to application servers and application servers to database server links. • Secure communication provides confidentiality and integrity. It does not protect you is not rejected (see the client certificate) for this purpose. • Channel security options include SSL encryption, IPSec encryption, and RPC encryption. When your application communicates with the remote service components, it is suitable for use. • If you use SSL to communicate with SQL Server, the application can select whether to encrypt the connection based on each connection. • Encrypt all IP communications transmitted between the two computers. • The choice of security mechanism depends on the transfer protocol, operating system version and network factors (including firewalls). • We will always weigh the weak and disadvantages between security communication and performance. Please choose the security level that suits your application.
