Index


Note to the Reader: Page numbers in bold indicate the principle discussion of a topic or the definition of a term. Page numbers in italic indicate illustrations.

A

Access Control Editor, 401, 401–403

access control lists. See DACL; SACL

Access Control Markup Language (XACML), eXtensible, 320–321, 445

ACEs (Access Control Entries)

accessing directly, 408–411

ordering in ACLs, 400, 435

overview of, 390

Active Directory Users and Computers console, 175, 175

AD (Active Directory), 338–362

domain trust relationships

authentication and, 345

calling domain controllers, 346–353, 352

defined, 345

permissions and, 345

potential problems with, 346

finding AD tools, 342, 343

local settings and, 344

managing access to

using declarative security, 353–354

using imperative security, 354–356, 356

overview of, 353

write access, 357–362, 362

monitoring with ADSI Viewer, 339–342, 340–342, 344, 440

monitoring with ASDIEdit, 342–343, 343

overview of, 333, 338–339, 362

pros and cons, 338–339, 343–345

versus registry, 343–345

search tools, 346

security within, 338, 339, 343

System.DirectoryServices namespace

accessing AD, 43–44, 45

examples, 42–50, 45, 50

getting AD user information, 45–49, 50

overview of, 41

path types and, 44, 45

Web site on, 42

unmanaged data and code, 344

verifying rights with SDCheck, 343

Add Web Reference dialog box, 329, 329

addresses. See Web sites

algorithms, See also cryptography techniques

asymmetric algorithms

defined, 185

DSA, 36, 185, 186, 443

overview of, 184

RSA, 36, 184–185, 186, 279

rumor about cracking, 186

classes, in Cryptography namespace, 36

HashAlgorithm class

defined, 184, 199

MD5 algorithm, 199, 200, 449

SHA algorithms, 199–200, 451

KeyedHashAlgorithm class, 200

mapping to cryptographic classes, 180–182, 182

symmetric algorithms

defined, 184

DES, 36, 185–186, 442

Rijndael, 185, 186

TripleDES, 185, 186

AllowPartiallyTrustedCallersAttribute, 31–32, 281

Anonymous impersonation level, 433

AppDomain class

defined, 160

securing managed code

checking FriendlyName values, 162–163, 164

creating components from AppDomain objects, 163–164

creating multiple AppDomain objects, 160–163

problem with, 163–164

testing, 162–163

threads and, 163

securing unmanaged code

accessing external programs, 167–169

calling Win32 API functions, 165–166

overview of, 164–165

application domains, 6, 160, See also AppDomain class

ApplicationDirectory evidence class, 76

applications, distributed. See distributed applications

applications, library, warning, 228

articles. See Web sites

ASDIEdit tool, 342–343, 343

ASN.1 (Abstract Syntax Notation One), 183, 440

assemblies, See also CASPol

checking hash code of, 370–374, 372–373

defining policy assemblies, 91

warning, 124

assistant classes, 36

asymmetric cryptography. See cryptography, asymmetric

asynchronous/synchronous SOAP calls, testing, 329–332

attributes

AllowPartiallyTrustedCallersAttribute, 31–32, 281

COM interface attributes, 214–215, 217

debugger, in SoapHttpClientProtocol class, 306, 307

defined, 440

problem, in checking permissions, 308–309, 309

SynchronizationAttribute class, 29–31, 30

authentication, See also validation; Web server security

AuthenticationManager class, 241–244, 244

choosing usernames, 237

creating breach in, 245

defined, 236, 241, 440

enabling for debugging, 238–241, 239–240

functions, in Win32 API, 395

HTTP-specific classes and, 244–245

levels, in DCOM, 436–437

password guidelines, 237

versus permissions, 345

pre-authentication, 241–244, 244, 246–248

problems, in Web services, 304–305

in remoting, 282

warning, 245

Authentication Methods dialog box, 239, 239

authorization, See also permissions; privileges

defined, 440

of Web servers, 242–244, 244, 246–248

of wireless device files/URLs, 383–384

avoiding human error problems, 52–65, See also security risks; troubleshooting

buffer overruns, 60–61

canonical representation issues, 63–64

by using checklists, 53, 65

by controlling access

code access, 61–62

overview of, 61

role-based access, 62

setting appropriate privileges, 62–63

data entry errors

avoiding free-form text input, 59

avoiding unnecessary characters, 57–59

checking data input ranges, 53–55, 55

checking incoming data length, 55–57

coding for quality, 53

overview of, 52

providing precise help, 59

overview of, 52, 64–65, 70

by taking time for code quality, 52, 53, 61

by using update tools, 15




.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net