Five Windows Vista security tips .NET developers should know

By Brian Eastwood, Site Editor 06 Jun 2007 | SearchVB.com

Office Development Channel Digg This!     StumbleUpon     Del.icio.us

If you want to offer [an] alternative to usernames and passwords, all you need to do is build a really small layer to recognize CardSpace as an authentication system. Rafal Lukawiecki strategic consultant, Project Botticelli

At Tech Ed 2007, Rafal Lukawiecki, a strategic consultant for Project Botticelli, outlined the Windows Vista security model and explained how developers can get the most out of it.

The feature to attract the most attention since Vista's release has, by and large, been the User Account Control. This stems from the fact that the UAC reverses a longstanding practice of developing and even running applications in the administrator role, Lukawiecki said.

If developers see the content prompting that denotes an admin log-in, he continued, "Please go back and change your log-in. You should never, ever see this dialog box unless…you are genuinely trying to do something administratively."

To break developers from the habit of working in the admin role all the time, Lukawiecki presented eight hints for effectively using the UAC in Windows Vista applications:

1. Decide right away whether an app needs administrator privileges at all. "This should not be done as an afterthought," he said.
2. Test the app as though you are a standard user.
3. Decide whether you wish to store binaries and per-user configuration data, and keep in mind that storing this data on disk is not that secure.
4. Outline your security needs as explicitly as possible.
5. If end users must be prompted to elevate their privileges, make sure the dialog box is very explicit about what this means.
6. Learn more about the Windows Integrity Mechanism, which is a new way to enhance the security of interprocess communication.
7. Be careful how your application checks to see if the user is an administrator, especially when he is opening files or objects.
8. Finally, Lukawiecki said, "Max_allowed is not a good thing; this is something some of used for convenience in the past but now it is costing us."

These UAC best practices touch upon another important Windows Vista security change: the logon experience. This manifests itself in two ways.

First, the need to custom-build multiple iterations of GINA has been eliminated. Microsoft has recognized that there are many ways to log onto an application, from biometrics to smart cards to voice, and has introduced the Credential Service Provider UI. This can interact with multiple plug-in credential providers and offers direct support for multi-factor authentication, Lukawiecki said.

Second, Microsoft has taken the concept of the identity metasystem to heart by introducing Windows CardSpace, in which end users create cards to manage their multiple online identities.

Along with transmitting information as part of a WS-Trust- and WS-MetadataExchange-compliant Security Token Service, CardSpace addresses the "cruel joke" that is password fatigue, Lukawiecki noted: "If you want to offer this alternative to usernames and passwords…all you need to do is build a really small layer to recognize CardSpace as an authentication system."

CardSpace, combined with IE 7, Windows Communication Foundation and the WS-* Security Guidelines that WCF supports, secure data as it transmitted across the proverbial wire. On top of this developers will find a few network security improvements.

For starters, TCP/IP is a fully rewritten, and now multithreaded, protocol stack in Windows Vista and Windows Server 2008.

More on Windows Vista for .NET developers What Vista means for developers, from the Office 2007 Ribbon to a Registry "Jedi mind trick" Get your code ready: Windows Vista is just around the corner Get started with Windows CardSpace development Microsoft takes Vista security to a new level using SDL (SearchSoftwareQuality.com)

In addition, the new Windows Server supports something called Network Access Protection, which, in relative relation to its acronym, identifies clients that have been asleep (or shut down) for so long that they lack the latest software updates. In such cases, Lukawiecki said, "[the client] is only given access to the restricted network where it can fix itself up. Once it does that, it has to go through the process again," and once it passes it receives a security token that gives it network access.

Windows Vista also introduces a set of three tools for data protection on the client, an important consideration given the recent proliferation of laptop thefts.

Bitlocker provides per-volume encryption and signs the entire hard drive, the rights management services offers per document enforcement of policy-based rights, and the encrypted file system covers per-file or per-folder encryption of data for confidentiality.

These tools, it must be noted, all presume that a client contains Trusted Platform Module v1.2, which Lukawiecki described as a "non-removable smart card" that protects keys and cryptographs and maintains code integrity.

Finally, and fundamentally, these Windows Vista security features are best implemented as part of a security development lifecycle.

Along with making sure security is an integral part of the software development lifecycle, this concept consists of five considerations:

1. Periodic, and mandatory, mandatory security training
2. The assignment of security advisors for all components being developed for an application
3. The incorporation of threat modeling into the design phase
4. The inclusion of security reviews and testing into the development schedule
5. The establishment of security metrics for product teams

Microsoft has begun advocating the security development lifecycle in response to the fact that few developers pay attention to security, Lukawiecki said. He added that the company has identified the tenets of the Common Criteria Project as a key metric for addressing security.

Tags: Windows Vista security and .NET Framework 3.0,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Vista security and .NET Framework 3.0 User Account Control (UAC): How to develop code for standard users How to write installers in Vista that work correctly under UAC How to elevate programs' privileges correctly using Vista's UAC Introduction to Vista's user account control (UAC) for developers Beginning Windows CardSpace development Windows CardSpace standards, user controls sway online banker .NET 3.0 Roadshow: An introduction to Windows CardSpace .NET 3.0 Roadshow: Instance management, security in WCF What's up with Windows CardSpace Get your code ready: Windows Vista is just around the corner

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary