TCP/IP Security

[Guest]

Hello,

I have an x86 device called FB6500
(http://www.fabiatech.com/products/fb6500.htm). It uses Windows CE 5.0 which
i built using PB 5.0. It's purpose is to run an app which uses TCP/IP. It
basically sends TCP packets to a client every 10 seconds.

I am considering of putting some sort of security or encryption for this TCP
stuff but i am unsure of how to go about doing it. I realize there are some
components out there which provide encryption algorithms to manually encrypt
the sent data. However, i've also read stuff on SSL and IPSec, and that these
features can be added to the OS image using PB 5.0. If i do add these
features, how do i use them in my application? Thanks.

Michael--J.

 

[Ilya Tumanov [MS]]

That should help with IPSec:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcecomm5/ht
ml/wce50conipsecapplicationdevelopment.asp

Generally, applications are not affected by this; traffic is processed by
OS without application interference.

Best regards,

Ilya

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

[Guest]

Thanks Ilya.

So all i have to do is add the IPSEC feature into my OS image and it should
take care of it automcatically. So if i do a socket.send in my app, the OS
automatically encrypts it for me? What i do need to do on the other end?

Michael--J.

That should help with IPSec:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcecomm5/ht
ml/wce50conipsecapplicationdevelopment.asp

Generally, applications are not affected by this; traffic is processed by
OS without application interference.

Best regards,

Ilya

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

Thread-Topic: TCP/IP Security
thread-index: AcTyw7WGi9wf+w1CQ2uxDHF4LeQ+9Q==
X-WBNR-Posting-Host: 202.6.138.45
From: "=?Utf-8?B?TWljaGFlbC0tSg==?=" <[email protected]>
Subject: TCP/IP Security
Date: Tue, 4 Jan 2005 17:13:05 -0800
Lines: 15
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.compactframework
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.compactframework:67926
X-Tomcat-NG: microsoft.public.dotnet.framework.compactframework

Hello,

I have an x86 device called FB6500
(http://www.fabiatech.com/products/fb6500.htm). It uses Windows CE 5.0 which
i built using PB 5.0. It's purpose is to run an app which uses TCP/IP. It
basically sends TCP packets to a client every 10 seconds.

I am considering of putting some sort of security or encryption for this TCP
stuff but i am unsure of how to go about doing it. I realize there are some
components out there which provide encryption algorithms to manually encrypt
the sent data. However, i've also read stuff on SSL and IPSec, and that these
features can be added to the OS image using PB 5.0. If i do add these
features, how do i use them in my application? Thanks.

Michael--J.

 

[Ilya Tumanov [MS]]

You are correct; all traffic to/from this device will be encrypted and/or
authenticated without changing the application(s).
You do not have to change application(s) on another end either.

However, configuring IPSec is not easy and should be done by a network
administrator.

For VPN type connection (PPTP and IPSec/L2TP) you might need to establish
it first.
That might be done manually or you can add some code into your application
to do that.
VPN is relatively easy to implement and works well if you need to connect
to a private network from internet.

Best regards,

Ilya

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

Thread-Topic: TCP/IP Security
thread-index: AcTyyiCrbr90iRP6RH2riRjYEZZyoA==
X-WBNR-Posting-Host: 202.6.138.45
From: "=?Utf-8?B?TWljaGFlbC0tSg==?=" <[email protected]>
References: <[email protected]>

Subject: RE: TCP/IP Security
Date: Tue, 4 Jan 2005 17:59:01 -0800
Lines: 72
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.compactframework
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.compactframework:67928
X-Tomcat-NG: microsoft.public.dotnet.framework.compactframework

Thanks Ilya.

So all i have to do is add the IPSEC feature into my OS image and it should
take care of it automcatically. So if i do a socket.send in my app, the OS
automatically encrypts it for me? What i do need to do on the other end?

Michael--J.

That should help with IPSec:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcecomm5/ht
ml/wce50conipsecapplicationdevelopment.asp

Generally, applications are not affected by this; traffic is processed by
OS without application interference.

Best regards,

Ilya

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

Thread-Topic: TCP/IP Security
thread-index: AcTyw7WGi9wf+w1CQ2uxDHF4LeQ+9Q==
X-WBNR-Posting-Host: 202.6.138.45
From: "=?Utf-8?B?TWljaGFlbC0tSg==?="

Subject: TCP/IP Security
Date: Tue, 4 Jan 2005 17:13:05 -0800
Lines: 15
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.compactframework
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.compactframework:67926
X-Tomcat-NG: microsoft.public.dotnet.framework.compactframework

Hello,

I have an x86 device called FB6500
(http://www.fabiatech.com/products/fb6500.htm). It uses Windows CE

5.0
which

i built using PB 5.0. It's purpose is to run an app which uses TCP/IP. It
basically sends TCP packets to a client every 10 seconds.

I am considering of putting some sort of security or encryption for

this
TCP

stuff but i am unsure of how to go about doing it. I realize there

are
some

components out there which provide encryption algorithms to manually encrypt
the sent data. However, i've also read stuff on SSL and IPSec, and

that
these

features can be added to the OS image using PB 5.0. If i do add these
features, how do i use them in my application? Thanks.

Michael--J.

 

[Guest]

I see.

When you said that the application on the other end does not have to change,
is that assuming that the PC it is running on already has IPSec configured?

Another question. When you said "For VPN type connection", is there another
type of connection associated with IPSec?

Thanks.

 

[Ilya Tumanov [MS]]

Correct, that assumes IPSec is properly configured on desktop (or another
CE host).

IPSec is in fact very sophisticated.
It supports VPN type connection (tunnel mode) which encrypts traffic
between two hosts one of which is a server.
It also supports encrypting all packets sent to/from any host without
establishing a tunnel (transport mode).

Best regards,

Ilya

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

Thread-Topic: TCP/IP Security
thread-index: AcTy4MNinz0TuynhRoeSHNN9iynd5g==
X-WBNR-Posting-Host: 202.6.138.45
From: "=?Utf-8?B?TWljaGFlbC0tSg==?=" <[email protected]>
References: <[email protected]>

<[email protected]>

Subject: RE: TCP/IP Security
Date: Tue, 4 Jan 2005 20:41:03 -0800
Lines: 32
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.compactframework
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA0
3.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.compactframework:67935
X-Tomcat-NG: microsoft.public.dotnet.framework.compactframework

I see.

When you said that the application on the other end does not have to change,
is that assuming that the PC it is running on already has IPSec configured?

Another question. When you said "For VPN type connection", is there another
type of connection associated with IPSec?

Thanks.

You are correct; all traffic to/from this device will be encrypted and/or
authenticated without changing the application(s).
You do not have to change application(s) on another end either.

However, configuring IPSec is not easy and should be done by a network
administrator.

For VPN type connection (PPTP and IPSec/L2TP) you might need to establish
it first.
That might be done manually or you can add some code into your application
to do that.
VPN is relatively easy to implement and works well if you need to connect
to a private network from internet.

Best regards,

Ilya

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------