Index_N
N
named instances
configuring to listen on the same port, 674
database servers, 522
named permission sets, 229230
names , 266
naming conventions
code access security, 214215
to indicate risk, 214215
for unmanaged code methods , 629
NAT. See Network Address Translation
native classes, 215
with SuppressUnmanagedCode attribute, 215
.NET Framework
Enterprise Services tools and configuration settings, 489
file extensions on Web servers, 458459
IISlockd.exe, 797
installation considerations on Web servers, 430432
installation defaults, 431
installation on application server, 489
and MBSA, 490
role-based security, 133139
security namespaces, 139140
security overview, 129130
and SecurityException, 140
and System.Web.HttpForbiddenHandler, 575
version 1.0, 222
Web server file extensions, 458459
Web servers running, lxviii
.NET Framework version 1.1
IsolateApps setting, 601
restricting authentication cookies in, 280
.NET remoting
application server, 481, 484485
deployment, 103
how to secure, lxx
security considerations, 486
Web servers, 463
NetBIOS
and calling Web services, 249
and database server security, 514
disabling, 647
Web servers, 441443
Netdiag.exe, 785
Netstat output, 649650
Network Address Translation, 761
network eavesdropping, 3536
application server, 477478
data access, 372
database servers, 504
described, 29, 259
remoted components , 350
secure Web services, 322
serviced components, 301
Web pages and controls, 259
network security
auditing and logging, 413
firewall considerations, 413416
router considerations, 409411
network service accounts
ACLs, 593594
on Windows Server 2003, 325
networks
checklists, 721722
component categories, 7
components, 403404
configuration deployment review, 677678
data privacy and integrity on, 399
identifying threats, 5758
and plaintext credentials, 358
securing, lxxv, 403404
securing sensitive data over, 387
security elements, lxxv
snapshot of, 418419
threats and countermeasures, 1820, 405
topology details, 762
newsgroups, lx, 683
home pages, 683
NICs, 449
Nimda, 414
NNTP
disabling, 64
Web servers, 439
NoLMHash, 674
non-base classes, 153154, 617
non- repudiation , 91
nonce
defined, 324
and timestamp, 334
notification
services, 538
Web sites, 684
NTFS permissions
for ASP.NET process accounts, 578
requirements, 559
shares, 521
for SQL Server service account, 519
Web servers, 460
NTFS volumes , 648
NTLMv2 authentication, 518
null sessions
database servers, 517
disabling, 648, 672
Web servers, 445
numeric fields, 267
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
EAN: 2147483647
Year: 2003
Pages: 613
Pages: 613
Authors: Microsoft Corporation