Managing .NET Security Policy

Team Fly 

Page 128

enforces no permissions when native code executes, and SRP enforces none of its permissions when managed code executes.

If you've never worked with SRP, you can quickly take a look at its capabilities (limited capabilities, in fact, when compared to the greater range of CAS options). In Control Panel, open the Administrative Tools icon and choose Local Security Policy. In the left pane of the Local Security Settings dialog box, open the Software Restriction Policies node and look around. You can adjust these policies here for this individual machine. For more details on using this technology to block rogue ActiveX controls, virii, tainted scripting, and other dangers from unmanaged, alien code execution, see:

http://www.microsoft.com/windowsxp/pro/techinfo/administration/restrictionpolicies/default.asp

Managing .NET Security Policy

Now that you've got an overview of the layers of Windows security and how they interact with .NET security features, it's time to go down into another dungeon and see how to manage .NET security itself.

When you fire up an XP or Windows 2000 machine for the first time, it has a generally predictable set of security policies—the defaults that Microsoft thinks make sense for the average user. Here's an overview of the default settings for XP machines:

image Code from within the Internet zone (as Windows calls Internet locations) has a restricted permission level. The default setting for this zone is Medium (see Table 5.1). No code originating within the Internet is allowed to execute. If your computer or network requires that this policy be loosened, the administrator must explicitly adjust permissions. Run Internet Explorer, then choose Tools image Internet Options and click the Security tab in the Internet Options dialog box. Move the slider to see the various options, and make any adjustments you want by clicking the Custom Level button.

image Code from the restricted sites zone is similarly forbidden from execution. The default setting for this zone is High.

image Code in the trusted sites zone has fairly limited permissions. The default setting is basically Low, but Java permissions are adjusted to Medium and unsigned ActiveX controls can be downloaded.

image Code from your local network (intranet) has certain default capabilities (it can read, but not write, environment variables), but it is forbidden access to the security system, the Registry, and so on. The intranet zone includes network paths and any sites that are bypassed by the proxy server. The default setting for this zone is Medium-Low.

image Code executed from the My Computer zone, however, is unaffected by settings adjustable from within Internet Explorer.

Team Fly 


Visual Basic  .NET Power Tools
Visual Basic .NET Power Tools
ISBN: 0782142427
EAN: 2147483647
Year: 2003
Pages: 178

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net