Winsock Security (Windows Embedded CE 6.0)
1/6/2010
Winsock supports Secure Sockets Layer (SSL) versions 2.0 and 3.0 that provide enhanced network communication security.
With SSL, you can do the following:
- Add a security infrastructure to an application by using specific Winsock extensions.
- Specify a particular security protocol.
- Specify the certificate validation callback function.
- Ensure that the server on the certificate has the same name as the desired server.
After a secure socket is connected, the application may send and receive data on that socket and be unaware that the data over the wire is encoded.
For more information about secure sockets, see Winsock Secure Sockets, and Implementing a Secure Socket, and SSL to Enhance Security of Network Communication.
Winsock also supports Layered Service Providers (LSP) that allow you to modify a transport service provider—and therefore the protocol that it implements—to expand, restrict, or redirect its capabilities. You can implement an LSP to extend an existing transport service provider. For example, a layered protocol could be a security layer that adds a protocol to the socket connection process in order to perform authentication and establish an encryption scheme.
Only privileged applications can call the Winsock SPI functions, WSCInstallProvider, WSCDeinstallProvider, WSCInstallNameSpace, and WSCUnInstallNameSpace. If a normal application attempts to call these functions, then the call fails with a WSANO_RECOVERY error.
Winsock has the following security risk:
- Winsock supports third-party extensions. If these extensions do not use proper security and authentication procedures, they can compromise the security of a device or local network.
Ports
No specific ports are used for Winsock.
For more information about security in Windows Embedded CE, see Enhancing the Security of a Device.