Infrastructure Security: The Application Level |
Application or software security should be a critical element of your security program. Most enterprises with information security programs have yet to institute an application security program to address this realm. |
|
Infrastructure Security: The Host Level |
When reviewing host security and assessing risks, you should consider the context of cloud services delivery models (SaaS, PaaS, and IaaS) and deployment models (public, private, and hybrid). |
|
Infrastructure Security: The Network Level |
In the standard cancellation scenario, your task is passed a CancellationToken value from a higher layer of the application, such as the UI. In the case of a pipeline stage, you need to observe this cancellation token in two places. |
|
.NET Components : Configuring Permissions |
The .NET Configuration tool has a folder called Runtime Security Policy, which contains an item for each of the three policies that system administrators can use to mange code access security: Enterprise, Machine, and User. Each policy item has subfolders containing its code groups, permissions sets, and custom policy assemblies |
|
The .NET Security Architecture |
.NET component-oriented security is based on an elegant concept: using an administration tool, the system administrator grants assemblies certain permissions to perform operations with external entities such as the filesystem, the Registry, the user interface, and so on. |
|
|
ASP.NET 4 in VB 2010 : The Security Controls |
The basic membership features are a remarkable time-saver. They allow you to concentrate on programming your web application, without worrying about managing security and crafting the perfect database or user information. Instead, you can use the higher-level Membership and MembershipUser classes to do everything you need. |
|
Security Fundamentals : Windows Authentication |
When you use Windows authentication, you force users to log into IIS before they're allowed to access secure content in your website. The user login information can be transmitted in several ways (depending on the network environment, the requesting browser, and the way IIS is configured), but the end result is that the user is authenticated using a local Windows account. |
|
Security Fundamentals : Forms Authentication |
In old-fashioned ASP programming, developers had to create their own security systems. A common approach was to insert a little snippet of code at the beginning of every secure page. |
|
|
Publishing ASP.NET Web Applications : MSDeploy Publish |
One of the new features in deploying Web applications is the Microsoft Web Deployment Tool, also known as MSDeploy that is a command-line tool included in the .NET Framework 4 and which can build advanced deployment scripts |
|
Configuring a Web Application for Security |
The sample web application that was illustrated in the previous section has one important limitation: It can be accessed by anonymous users that can access important data. |
|
|
Understand Security Improvements in Windows Server 2008 |
You have installed Windows Server 2008 because you want to take advantage of the many improvements, including those in the area of security. How do you understand what improvements have been made to Windows Server 2008 security, and what do these improvements mean for your network? |
|
|
Inspecting Declarative Security Statements |
The Permissions View tool (Permview.exe) allows you to view the declarative security statements used in an assembly. This is particularly useful when configuring security policy, as it allows you to view the permission requests contained in the assembly. |
|
Securing Data from the DBA |
Perhaps it is the increasing number of companies that outsource or offshore the DBA function, but I am regularly asked how to secure the data from the DBA who is in the sysadmin fixed server role. |
|
SQL Server 2005 Data Protection |
SQL Server 2005 introduces various methods to protect your data. As discussed throughout this chapter, data encryption uses a key to create nondeterministic ciphertext (encrypted data), which can only be decrypted with the appropriate encryption key |
|
SQL Server 2005 Encryption Key Hierarchy |
Each installation of SQL Server 2005 has a single service master key, which is created when you install SQL Server 2005. The service master key is used to protect linked server logins and credential secrets, and can be used to encrypt the database master key. |
|
Default Security Policy |
The configuration information for the enterprise, machine, and user policy levels is stored in separate files. Each file contains an XML description of the complete policy level including code groups, named permission sets, and fully trusted assemblies. |
|
Security Policy Explained in .NET |
Security policy is the set of configurable rules that provide a mapping between evidence and permissions. Specifically, the runtime uses security policy to determine which code-access permissions to grant an assembly or application domain based on the set of evidence that the assembly or application domain presents—a process known as policy resolution. |
|
Permissions: Extending the .NET Framework |
CAS is fully extensible and allows you to create your own permission classes that integrate with the security framework to provide capabilities equivalent to the standard permission classes. The creation of custom permissions is relatively straightforward. |
|
Programming Code-Access Security |
As a developer of applications, you will be interested in understanding the implementation and functionality of the standard permission classes, as well as how to make security requests to ensure that your application has the permissions it needs to execute. |
|
Evidence and Code Identity: Extending the .NET Framework |
The standard .NET evidence classes represent the most commonly available and useful characteristics of an assembly. For most situations, these classes provide enough reliable information from which to determine a unique identity for an assembly, enabling you to configure your security policy |
|
Evidence Explained in .NET Security |
Some types of evidence are inherent in the structure and content of an assembly, such as the assembly strong name, the hash value of the assembly's content, or the publisher certificate used to sign the assembly. Other types of evidence are determined at runtime, based on characteristics such as the web site or URL from where the assembly is loaded. |
|
Introducing Code-Access Security in .NET |
An important goal of the .NET Framework is to facilitate the development of highly distributed, component-based systems. With the .NET Framework, you can easily create applications that utilize code from different publishers, dynamically loading assemblies from different locations as required |
|
|
Managing Local Logon |
All local computer accounts should have passwords. If an account is created without a password, anyone can log on to the account from the console, and there is no protection for the account. However, a local account without a password cannot be used to remotely access a computer. |
|
Managing Stored Passwords in Vista |
Windows Vista can store essential network and Web site passwords for the current user. These passwords are stored in an electronic key ring that provides easy logon to essential resources, wherever they might be located. If you find that a user frequently has problems logging on to password-protected resources, such as the company intranet or an external Internet site, you can create a key ring for that user. |
|
Managing Local User Accounts and Groups in Vista |
Local user accounts and groups are managed much like domain accounts. You can create accounts, manage their properties, reset accounts when they are locked or disabled, and so on. These and other tasks are examined in this section. |
|
Working with File and Data Management Policies in Vista |
Every system administrator should be familiar with file and data management policies, which affect the amount of data a user can store on systems, how offline files are used, and whether the System Restore feature is enabled. Policies that control disk quotas are applied at the system level. |
|
Working with Access and Connectivity Policies in Vista |
Many network policies are available. Network policies that control Internet Connection Sharing, Internet Connection Firewall, Windows Firewall, and Network Bridge are configured at the computer level. Network policies that control local area network (LAN) connections, Transmission Control Protocol/Internet Protocol (TCP/IP) configuration, and remote access are configured at the user level. |
|
Working with Computer and User Script Policies in Vista |
Policies that control script behavior are found under Computer Configuration\Administrative Templates\System\Scripts and User Configuration\Administrative Templates\System\Scripts. Through policy, you can control the behavior of startup, shutdown, logon, and logoff scripts. |
|
Working with Logon and Startup Policies in Vista |
Windows Vista provides a set of policies to control the logon process, some of which allow you to configure the way programs run at logon. This makes them similar to logon scripts, in that you can execute specific tasks at logon. Other policies change the view in the welcome and logon screens. |
|
Controlling Access to Files and Folders with NTFS Permissions |
In Windows Vista, the owner of a file or a folder has the right to allow or deny access to that resource, as do members of the Administrators group and other authorized users. Using Windows Explorer, you can view the currently assigned basic permissions by right-clicking a file or a folder, selecting Properties on the shortcut menu, and then selecting the Security tab in the Properties dialog box. |
|
Sharing Files and Folders Over the Network in Vista |
Windows Vista supports two file sharing models: public file sharing and standard file sharing. Although either or both techniques can be used in both workgroups and domains, standard file sharing is preferred because it is more secure than public file sharing. |
|
Using and Configuring Public Folder Sharing |
Public folder sharing is designed to enable users to share files and folders from a single location. It enables users to quickly determine everything they've publicly shared with others and organize publicly shared files by type. In this section, I'll examine how public folder sharing works and how public folder sharing can be configured. |
|
Customizing the Browser User Interface |
The Internet Explorer user interface can be customized for your organization using the Browser User Interface policies in Group Policy. These policies enable you to add custom titles to the title bar, custom logos that replace the Internet Explorer logo, and custom toolbars that add to or replace the existing toolbar. |
|
Setting Default Internet Programs |
You can set default Internet programs using the Programs tab of the Internet Properties dialog box or through Group Policy. The procedures are very similar. To set default programs through Group Policy, follow these steps: |
|
Managing Connection and Proxy Settings |
Internet connection settings and proxies can be two of the biggest problems for administrators. When you deploy new computers, you must configure the connection and proxy settings manually or rely on an image build of a machine that might not be up to date. When you make changes to the network, you might need to update the connection settings as well. |
|