Deploying Secure Applications

It is not enough to set up distributed security and then just go back to business as usual. A secure enterprise network needs software that has been designed with security features in mind. The archetype of a security-blind application is one that transmits passwords across the network in the clear. A secure environment needs secure applications.

When evaluating software for your enterprise, look for applications designed with security-enabled features. Look for integration with single sign-on capabilities for authenticated network connections, and the ability to run properly in secured computer configurations. The software need not require administrator privileges if it is not an administrator tool or utility.

The Application Specification for Windows   2000 defines the technical requirements that an application must meet to earn the Certified for Microsoft Windows logo. The document identifies the minimum requirement areas that secure applications must support:

  • Run on secured Windows 2000 servers.

  • Single sign-on by using the Kerberos authentication for establishing network connections.

  • Use impersonation of the client to support consistent Windows 2000 access control mechanisms using permissions and security groups.

  • Application services run by using service accounts rather than a local system (which has full system privileges).

These requirements are a minimum. It is also important to deploy applications that are well engineered and to avoid buffer overflow or other weaknesses for an intruder to exploit.

One approach is to require that application components be digitally signed. Microsoft® Authenticode™, through Microsoft® Internet Explorer, lets users identify who published a software component and verify that no one tampered with it before downloading it from the Internet.

Also, regularly remind users not to run programs directly from e-mail attachments if they are unfamiliar with the sources or if they are not expecting to receive e-mail from the source.