The companion CD includes sample code and numerous tools to help build secure Web-based applications by using the tools we outline in the book. It also includes an electronic version of the book, which includes six appendixes that do not appear in the printed book. First, let's look at the appendixes.
Appendix A, "Windows 2000 Well-Known SIDs," lists the accounts installed on all Windows 2000-based computers and the tasks they perform, if applicable. Appendix B, "Strong Passwords," shows how to create strong, but memorable (to you!), passwords. Appendix C, "Windows 2000 Default Ports," is a list of TCP and UDP ports used by Windows 2000-based computers. This is important information for firewall administrators. Appendix D, "Internet Information Services Authentication Summary," lists the characteristics of all the authentication protocols supported by IIS 4 and IIS 5. Appendix E, "Security-Related IIS Server Variables," explains all the server variables that can be used to help you develop secure Web applications. Appendix F, "Secure Web Server Checklist," is the IIS 5 version of the famous IIS 4 security checklist. It's designed to work with the Hisecweb.inf configuration file found on the companion CD.
The tools and files included on the companion CD are described in the following table.
Tool | Comments |
---|---|
Hisecweb.inf | A Security Configuration Editor template for a secure Web server. You can deploy the template as outlined in Chapter 3. |
KList | Kerberos ticket listing tool. |
KerbParser | A Kerberos parser for Microsoft Network Monitor. |
RUAdmin | A tool that warns you if you have administrator-like privileges when you log on. |
TPFX2 | A tool to add a Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate to IIS 5 from the command line. |
CryptUtil | A COM+ component to generate cryptographically sound random numbers in Active Server Pages (ASP). Includes source code. |
RandomGoo | A Microsoft Windows CE 3.0 application for MIPS and SH3 Pocket PCs to produce random data. Useful for deriving strong passwords. |
WhatIf | A DHTML tool to determine which security settings support delegation. |
WFetch | A highly configurable client tool that behaves like a browser. You can configure many settings, including authentication protocol requirements, SSL/TLS ciphers and protocols, client authentication certificate types, and proxy server information. |
TranslateName | A tool that performs Active Directory lookups to translate between various name types such as SAM-compatible and UPN names. Includes C++ source code. |
PerlScripts | Various Perl scripts for maintaining a secure server. The scripts include:
|
End2End | Code for building the sample end-to-end solution defined in Chapter 10 and sample administration scripts. There are four directories, each relating to a specific computer used in the solution defined in Chapter 10. 00-WebServer:
01-Middleware:
02-DBServer:
03-DomainController:
|