Winsock Security (Windows CE 5.0)
Winsock supports Secure Sockets Layer (SSL) versions 2.0 and 3.0 that provide enhanced network communication security. With SSL, you can do the following:
- Add a security infrastructure to an application by using specific Winsock extensions.
- Specify a particular security protocol.
- Specify the certificate validation callback function.
- Ensure that the server on the certificate has the same name as the desired server.
After a secure socket is connected, the application may send and receive data on that socket and be unaware that the data over the wire is encoded.
Winsock also supports Layered Service Providers (LSP) that allow you to modify a transport service provider—and therefore the protocol that it implements—to expand, restrict, or redirect its capabilities. You can implement an LSP to extend an existing transport service provider. For example, a layered protocol could be a security layer that adds a protocol to the socket connection process in order to perform authentication and establish an encryption scheme.
Only trusted applications can call the Winsock SPI functions, WSCInstallProvider, WSCDeinstallProvider, WSCInstallNameSpace, and WSCUnInstallNameSpace. If an untrusted application attempts to call these functions, then the call fails with a WSANO_RECOVERY error.
Winsock has the following security risk:
- Winsock supports third-party extensions. If these extensions do not use proper security and authentication procedures, they can compromise the security of a device or local network.
No specific ports are used for Winsock.
Send Feedback on this topic to the authors