How To Provide CIA For A Network Connection?

In order to provide the properties of confidentiality, integrity, and authentication for a network connection, we first must perform an authenticated key exchange using a protocol such as Kerberos or CA. Then, for each message we must calculate a MAC over the plaintext, appending it to the message. Finally we must encrypt the message. The receiver should decrypt the message and verify the attached MAC. The MAC and encryption keys should be derived from the session key that was exchanged during authentication.

Adopted from The .NET Developer's Guide to Windows Security by Keith Brown.