NetworkStream安全吗? [英] Is NetworkStream Secure?
问题描述
我正在研究现有的C#.NET 4.5应用程序.它具有一个组件,该组件使用TcpClient
和NetworkStream
Read
和Write
命令从大型机下载数据(我没有哪种类型的详细信息).最初编写代码的开发人员已经离开公司,审计领域现在正在质疑如何下载这些大型机数据集的安全性.原始开发人员的命名约定似乎表明正在使用FTP,但是在阅读TcpClient
和NetworkStream
上的文档时,没有提到用于实际传输数据的协议.
I'm working on an existing C# .NET 4.5 application. It has a component that downloads data from a mainframe (I don't have details on what kind) using a TcpClient
with NetworkStream
Read
and Write
commands. The developer that originally wrote the code has left the company and the audit area is now questioning the security of how these mainframe datasets are being downloaded. The original developer's naming conventions seem to indicate that FTP was being used, but reading the documentation on TcpClient
and NetworkStream
, there is no mention of the protocols that are used to actually transfer the data.
我的网络经验非常有限,但是我的理解是TcpClient
仅提供网络连接,然后需要在TCP连接上运行某种应用程序协议(例如FTP)才能实际移动数据.
My networking experience is very limited, but my understanding is that the TcpClient
just provides the network connection and then some sort of application protocol (such as FTP) needs to run on the TCP connection to actually move the data.
所以我的问题是,NetworkStream.Read
使用什么协议,它安全吗?如果不安全,有什么好的选择?
So my question is, what protocol does NetworkStream.Read
use and is it secure? If it's not secure, what is a good alternative?
推荐答案
Wireshark 捕获流量来形象化这一点.
By itself, System.Net.Sockets.NetworkStream
does not have any inherent security. You can visualize this by forming up a connection and capturing the traffic with Wireshark.
如果需要保护数据,请查看 NegotiateStream
来查看它们是否满足您对自定义客户端/服务器应用程序的需求.
If you need to secure your data, have a look at SslStream
or NegotiateStream
to see if they fit your needs for custom client/server applications.
或者,根据您的应用程序,您也许可以通过HTTPS提供数据集.如果您只需要保护数据集的完整性而不是机密性,则还可以添加数字签名添加到数据集,并在收到这些签名后对其进行检查.
Alternately, depending on your application, you may be able to serve your data sets over HTTPS. If you just need to protect the integrity of the data sets and not the confidentiality, you could also add digital signatures to data sets and check those signatures after they are received.
这篇关于NetworkStream安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!