Is .NET Server Really "Trustworthy"?
What's hot these days in the tech industry? Well, Microsoft's .NET initiative, and, of course, security. Bill Gates and Microsoft Corporation have considerable interest in assuring consumers that Microsoft Windows is a secure platform, and that Microsoft is doing everything possible to enhance security in Microsoft products. Of course, as InfoWorld points out, "In the world of IT, giggling usually follows mention of 'Microsoft' and 'security' in the same sentence. That may change, however, following the release of a whitepaper by independent security consultancy Foundstone, in Irvine, Calif., on the security of Microsoft's .Net Framework." (Check out the whitepaper by Foundstone, Inc., an independent security assessment firm that logged more than 2,800 hours reviewing the security architecture of Microsoft .NET Framework.)
With the release of each new version of Windows server operating system, you justifiably expect the security to be enhanced over the previous version. Windows .NET is no exception. This article examines the security updates to Windows .NET Server. The security improvements discussed in this article are based on Windows .NET beta 3. Of course, don't be too surprised if Microsoft decides to add or remove some of these features by the time the product is released. After all, .NET Server is still in beta phase; based on previous experiences, some of the code may change in the released version.
Let's begin by looking at some of the areas on which Microsoft is focusing in Windows .NET Server. This is by no means a complete listing of all the security changes, but this overview will give you a pretty good idea of the direction in which Microsoft is headed.