A typical enterprise application includes the following architectural elements and processes:
Application security means that each of these application services must be available only to qualified users. At the same time, every component, service, and supporting file must be protected from unauthorized viewing, tampering, or modification.
The best way to protect your application's architectural elements and processes is with the built-in services provided by Windows NT operating system security. Windows NT prevents unauthorized access and tampering by providing user access control, resource and service protection, and auditability.
You can extend the standard Windows NT security features to include the protection of sensitive data transmissions by using either encryption or digital signatures.
Your application might also rely on BackOffice services such as SQL Server or Internet Information Server. All of these BackOffice services can be uniquely configured to control access and process privileges.
For More Information Understanding Windows NT Security, in this chapter, provides links to more information about a number of primary operating system-level security functions to control access. For a discussion about storing and transmitting encrypted data see Using the Microsoft CryptoAPI. For information on using digital certificates to control access to your application, see Using Certificates.