Improving Web Application Security: Threats and - CGISecurity

Chapter 13: Building Secure Remoted Components 361Sensitive DataIf you need to pass sensitive data over a remoting communication channel across anetwork, to address the network eavesdropping threat, consider the privacy andintegrity of the data. You have three basic choices that are likely to be determined byyour deployment environment and your choice of host. Your options include:● Using IPSec● Using SSL● Using a custom encryption sinkUsing IPSecYou can use IPSec policies to secure the communication channels to your remoteobjects, for example, the channel from a Web server. You can use IPSec to encrypt allof the TCP packets sent over a particular connection, which includes packets sent toand from your remote objects. This solution is generally used by secure Internet andintranet data center infrastructures and is beneficial because no additional codingeffort is necessary.The additional benefit of using IPSec is that it provides a secure communicationsolution irrespective of the remote object host and channel type. For example, thesolution works when you use the TcpChannel and a custom host.Using SSLIf you use the ASP.NET host, you can use IIS to configure the virtual directory of yourapplication to require SSL. Clients must subsequently use an HTTPS connection tocommunicate with your remote objects.Using a Custom Encryption SinkIf you do not have a secure data center with IPSec policies that secure thecommunication channels between your servers, an alternative strategy is toimplement a custom encryption sink. You may also want to consider this option ifyou have a requirement to secure only the sensitive parts of the messages passedfrom client to server rather than the entire payload. This approach is shown inFigure 13.4.