Index_C

Previous page
Table of content
Next page


C

CA (Certification Authority) utility, See also cryptography techniques

creating code-signing certificates, 175

digital certificates, defined, 173, 443

distributing root certificates, 175–177, 175–177

getting own certificates, 177–179, 178

making changes in, 175, 175

overview of, 173–174

viewing certificates, 174–175, 174

caching

affect on security, 271

credentials, 210–212, 312

Global Assembly Cache, 17, 17

caller zones. See zones

canonical representation issues, avoiding, 63–64

“Canonicalization Problems Using Deny” write-up, 97

CAs (Certificate Authorities), 99, 173, 441

CASPol (Code Access Security Policy) tool, See also code access security; policies

adding

assemblies, 116–117, 116

custom code groups, 120

groups, 111–112, 111–112

permissions, 113–116, 113, 115, 140

command-line switches, 108–109

defined, 108–109

listing assemblies with, 109–110, 110

listing security elements, 109–110, 110

versus .NET Framework Configuration Tool, 110, 111

removing

assemblies, 117

groups, 112–113, 113

permissions, 116

resolving errors in assemblies, 117–118, 117

undoing changes, 115

warning, 113

Web resources, 108, 109

Certificate dialog box, 197, 197

certificates, digital, See also CA

Certificate Authorities, 99, 173, 441

defined, 173

obtaining certificates for SSL, 294

obtaining client certificate info via SSL, 296–298, 298

channel data interception risk, 304

channel sinks, 279, 282

characters, unnecessary, avoiding, 57–59

checklists, 53, 65, 260–261

Class Library Comparison Tool, 367–369, 368

classes

cryptographic classes, 179–184, 182

evidence classes, 76

HTTP-specific classes, 244–245

in .NET Compact Framework, 367–369, 368

sorting unmanaged code into, 165

in System.Security.Cryptography namespace, 36

ClassInterface attribute, 214–215

CLR (Common Language Runtime)

defined, 441

evidence process, 71, 75–77

non-verifiable code, 75, 76

security requirements and, 73

verifiable code, 75–76

Win32 API and, 71

zones, 74–75

code access security, See also policies; role-based security; validation

using code groups

checking membership, 76–77, 121, 122

creating/editing, 88–90, 89–90

default/custom groups, 119–120, 119–120

defined, 108

defining components, 121–124

installing components, 124–125, 125

listing, 109–110, 110

overview of, 118–119

testing components, 125–127, 127

usefulness of, 120–121

warnings, 124, 127

declarative security

defined, 443

defining effectively, 92

implementing permissions, 136–137

managing access to AD, 353–354

overview of, 9, 19, 87

using Permission View Tool, 83–87, 86–87

reasons to use, 72, 73, 83, 92–93

defined, 5

digital signatures, 72–73, 99

evidence in

checking, 75–77

obtaining by reflection, 103–106, 106

Publisher evidence, 99

imperative security

accessing files, 9–11

checking permissions, 309–310, 310

defined, 447

defining effectively, 93

implementing permissions, 128–135, 135

managing AD access, 354–356, 356

overview of, 9, 19

Permission View Tool and, 85

modifying using CASPol tool. See CASPol

modifying using .NET Framework Configuration tool

adding configured applications, 92

creating permission sets, 90–91, 91, 141–142, 141–142

creating/editing code groups, 88–90, 89–90

defining policy assemblies, 91

installing code groups, 124–125, 125

overview of, 74, 87–88, 88

modifying using .NET Wizards, 118, 118

overview of, 12, 61–62, 70, 81

permissions

adding, 81, 128

creating, 128–137, 135, 140–142, 141–142

declarative implementation, 136–137

imperative implementation, 128–135, 135

listing via policies, 78–79

modifying, 81

obtaining via evidence, 79–80, 80

overview of, 77–78

standard, in .NET, 80

testing, 137–139

remoting problem, 281–282

versus role-based security

overview of, 71–72

when to use, 73–74

where to use, 74

why to use, 72–73

securing the registry

locking, 97

overview of, 93

problems with, 97

using RegistryPermission class, 94–97

in Win32 API, 97

using StrongNameIdentityPermission class

checking credentials, 101–102

defined, 98

extracting public keys, 101, 101

versus Publisher evidence, 99

signed client example, 99–101

testing, 103

using System.Reflection.Assembly.Evidence property, 103–106, 106

turning on, 121

warning, 121

zones and, 73, 74–75

Code Access Security Policy. See CASPol

The Codebreakers: The Comprehensive History of… (Kahn), 172

The Code Project site, 27

COM+ (Component Object Model), See also DCOM; LAN security

adding role-based security to, 225–229, 225–228

attributes, 214–215

creating COM+ components, 221–223

overview of, 220–221

SecurityCallContext class, 223–225

warning, 228

using as Web service, See also Web services security

adding SOAP support to, 326–328, 326–328

creating Web reference to, 328–329, 329

IWAM and, 332

overview of, 325–326

testing SOAP calls, 329–332

verifying safety of, 332, 332

COM Programming with .NET (Mueller), 220

comments in IL files, 151–152, 152

CompareValidator, 267–268

components, 381

CORBA (Common Object Request Broker Architecture), 301, 441

cracker exploits, See also errors; troubleshooting

apparent communication errors, 258

bad password attempts, 237

buffer overruns, 60

classifying, 249

cracking

Data Encryption Standard, 185–186

Telnet connections, 208–209, 208

validation checks, 152–153, 155–156

DDOS attacks, 253–255, 444

defined, 24

researching, 260

in SQL Server, 265

tampering, 258

tricking forms, 260, 267

crackers, See also security risks

absurd methods of, 235

defined, 4, 441–442

overview of, 260

port preferences, 376

credentials, See also authentication; validation

caching, 210–212, 312

checking, 101–102, 265

CryptoAPI technology, 36, 37

cryptography techniques, 172–201

asymmetric algorithms

cracking, 186

defined, 185

DSA, 36, 185, 186, 443

overview of, 184

RSA, 36, 184–185, 186, 279

asymmetric cryptography

algorithms, 184–185, 186

creating key pairs, 189–193, 193

decrypting files, 187, 193, 194–195

encrypting files, 187, 193–194, 193

extracting public keys with SecUtil, 101, 101

problems securing key pairs, 151, 155, 173

securing Web data, 278–279

using Certification Authority utility

creating code-signing certificates, 175

digital certificates, defined, 173, 443

distributing root certificates, 175–177, 175–177

getting own certificates, 177–179, 178

making changes in, 175, 175

overview of, 173–174

viewing certificates, 174–175, 174

defined, 6, 36, 172, 442

encrypting and decrypting files

using asymmetric cryptography, 189–195, 193, 278–279

deriving keys from passwords, 195–196

overview of, 187

using symmetric cryptography, 187–189, 189

Web data, 278–279, 282–292

using hash algorithms, 184, 199–200

managing cryptographic classes

choosing creation methods, 179–180

mapping algorithms to, 180–182, 182

mapping OIDs to, 183–184

overview of, 179

overview of, 169, 200–201

passwords and, 172–173

securing Web data

using asymmetric encryption, 278–279

using channel sinks, 279, 282

using internal encryption, 282

laws about, 282

overview of, 278–279

in remoting clients, 288–292

in remoting components, 283–286

symmetric algorithms

defined, 184

DES, 36, 185–186, 442

Rijndael, 185, 186

TripleDES, 185, 186

symmetric cryptography

algorithms, 184–186

decrypting files, 187, 189

encrypting files, 187–189, 189

warning, 188

System.Security.Cryptography namespace, 35–39, 38–39

System.Security.Cryptography.X509Certificates namespace, 196–199, 197

Web sites, 172

CSPs (Cryptographic Service Providers), 178, 179, 191–192, 442

CustomValidator, 269



Previous page
Table of content
Next page
.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168
Authors: John Paul Mueller
BUY ON AMAZON
Adobe After Effects 7.0 Studio Techniques
Documenting Software Architectures: Views and Beyond
C++ GUI Programming with Qt 3
MySQL Clustering
GDI+ Programming with C#
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy