4.3 General Guidelines for Network Programs

The following coding practices are recommended for network programs:

  • Perform a reverse lookup on an IP address to obtain the fully qualified domain name, and then use that domain name look up the IP address. The two IP addresses should be identical.

  • Protect a service against Denial of Service (DoS) attacks by allowing it to stop processing requests if it becomes overloaded.

  • Set timeouts on read and write requests over the network.

  • Check the content, bounds, value, and type of data received over the network, and reject any data that does not conform to what the program expects.

  • Use certificates or preshared keys to authenticate the local and remote ends of the network connection.

  • Use a well-established technology such as TLS or SSL to encrypt data sent over the network connection.

  • Wherever possible, use existing networking protocols and technologies whose security characteristics are well known.

  • Log information about successful and unsuccessful connection attempts, data reception and transmission errors, and changes to the service state.