You use Microsoft Visual Studio 2010 and Microsoft .NET Framework 4.0 to create a Microsoft ASP.NET application.
The application connects to a Microsoft SQL Server database. The application is hosted on a Web server along with other applications.
You need to secure the transmission of data between the application and the database.
You need to achieve this goal without affecting other applications. What should you do?
A.
Encrypt the connection string.
B.
Use encryption to store sensitive data in the database.
C.
Use Secure Sockets Layer (SSL) to establish connections to the database.
D.
Use Internet Protocol Security (IPSec) to secure the communication channel.
Explanation:
SSL is an established standard for ensuring secure HTTP transactions.
SSL provides a mechanism to perform up to 128-bit encryption on all transactions between the client and server.
It enables the client to verify that the server belongs to a trusted entity through the use of server certificates.
It also enables the server to confirm the identity of the client with client certificates. Each of these issuesencryption,
server identity, and client identityare negotiated in the SSL handshake that occurs when a client first requests a resource from a
Secure Hypertext Transfer Protocol (HTTPS) server. Essentially, the client and server each present a list of required and preferred settings.
If a common set of requirements can be agreed upon and met, an SSL connection is established.Internet Protocol Security (IPsec) is a set of security protocols used to transfer IP packets confidentially across the Internet.
IPsec is mandatory for all IPv6 implementations and optional for IPv4.
An IPsec policy is a set of rules that determine which type of IP traffic needs to be secured using IPsec and how to secure that traffic.
Only one IPsec policy is active on a computer at one time.