Security is about controlling access to a variety of resources, such as application components, data, and hardware. There are four concepts upon which most security measures are based:
Authentication is the process of identity confirmation, which is the one layer of security control. Before an application can authorize access to a resource, it must confirm the identity of the requestor. The requestor establishes an identity by providing some form of credentials, which is known only to the requestor and the authenticating host. In some circumstances, the requestor may want to verify the identity of the authenticating host, which is called mutual authentication. For more information, see Authentication and Basic Authentication Concepts.
Authorization is the process of verifying that an authenticated party has the permission to access a particular resource, which is the layer of security control following authentication. Just because an authenticating host has confirmed the identity of the requestor, it does not necessarily follow that the authenticated requestor has the correct permissions to access a particular resource. For example, an ATM machine authenticates you by using a combination of your ATM card and PIN. However, you are authorized to access your bank account only. For more information, see Authorization and ASP.NET Authorization.
Data protection is the process of providing data confidentiality, integrity, and non-repudiability. Data requires protection not only while in transit but also while it is stored. Regardless of what the data's form, once data enters unsecured communication channels it becomes vulnerable to attack.
Encrypting the data provides data confidentiality. Data encryption uses a crypto algorithm in conjunction with a crypto key to render data useless to someone lacking both the correct algorithm and key to decrypt the data. The crypto key is an additional variable used in the algorithm. A crypto key contains a numeric value that is limited by the number of bits the key contains. Although a 40-bit key contains 240, or 1,099,511,627,776, possible key values, a typical PC could try an exhaustive search of every possible key value in approximately one week. However, if the crypto key consists of 128 bits, a brute force attack would need to try up to 2128, or 3.4 x 1038, values. Each additional bit doubles the possible number of values. Crypto keys enable a public algorithm to be used by multiple parties without compromising data encrypted with the algorithm.
Since the crypto key determines the strength of the encryption, all encryption algorithms are vulnerable to brute force attacks. A brute force attack is the systematic attempt to decrypt data using every possible key. For example, if the crypto key used to encrypt your data consisted of only four bits, a brute force attack would only need to try up to sixteen crypto key values to compromise your data. For more information, see Cryptography.
Data integrity is achieved through the use of hash algorithms, digital signatures, and message authentication codes.
To ensure the integrity of data, a hash of that data can be sent to accompany it. The receiver can then compare a hash that it computes on the received data with the hash that accompanied the received data. If the two match, the received data must be the same as the data from which the received hash was created. A hash is a fixed-length string of numbers and characters. It is computed using a hashing algorithm, such as Message Digest 5 (MD5) or Secure Hash Algorithm (SHA-1). Hashing is a one-way operation that cannot be reversed to recreate the original data.
A digital signature takes hashing a step further by encrypting the computed hash using a private key. This extra step can prevent an attacker from intercepting data and its accompanying hash, modifying the data, and then simply re-computing the new hash for the modified data. Since a digital signature is an encrypted hash, an attacker would need access to the original private key that was used to create the original digital signature. On the receiving end, digital signatures can be verified using the associated public key. Digital signatures can be used to enforce non-repudiation, which can later be used to prove the origin, contents, and timestamp of the data. For more information, see Hashes and Digital Signatures.
Message authentication codes (MACs) are used by technologies such as SSL/TLS to verify that data has not been altered while in transit. However, since MACs use a common key for encryption and verification, they cannot be used to enforce non-repudiation. For more information, see Message Authentication Codes in Schannel.
Auditing is the process of logging and monitoring events that occur in a system and that are of interest to security. Auditing provides the key source of security forensics. For more information, see Event Logging.
Unfortunately, auditing is a passive process that may reveal a problem with security only after the application has been compromised. Active monitoring can be accomplished using the Windows Performance Monitor for real-time feedback. For more information, see Performance Monitoring.