Locking Down .NET

Previous page
Table of content
Next page


Both Windows and IIS were originally developed in more innocent times, before denial of service attacks, cyber terrorism, and the Nimda virus. For this reason, it’s understandable that each needs considerable configuration to be locked down. The .NET Framework, on the other hand, was developed in the dawn of the 21st century, when the challenges and importance of security was already well known. As a result, the default installation of both .NET version 1.0 (included with Microsoft Visual Basic .NET 2002), and .NET version 1.1 (included with Visual Basic .NET 2003) is designed to be secure. Unless you need to, you should not change the default. (Chapter 3 introduced you to scenarios where it makes sense to change the default settings.)

As with Windows and IIS, it’s important to install the latest .NET Framework service pack. The .NET Framework version 1.0 SP1 changed the default service policy subtly. Originally, .NET version 1.0 allowed code downloaded from the Internet to be run (with limited permissions). SP1 changed the default policy so that code downloaded from the Internet was not permitted to run. The .NET Framework version 1.1 again re-allows code downloaded from the Internet to be run. For information on the change in SP1, see the article at http://support.microsoft.com/default.aspx?scid=kb;EN-US;317399.


Previous page
Table of content
Next page
Security for Microsoft Visual Basic .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Certified Ethical Hacker Exam Prep
C++ How to Program (5th Edition)
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
An Introduction to Design Patterns in C++ with Qt 4
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy