| Document Type
|
:
|
BL
|
| Record Number
|
:
|
1018471
|
| Doc. No
|
:
|
b772841
|
| Main Entry
|
:
|
Brown, Keith,1967 March 16-
|
| Title & Author
|
:
|
The .NET developer's guide to Windows security /\ Keith Brown.
|
| Publication Statement
|
:
|
Boston :: Addison-Wesley,, 2004.
|
| Series Statement
|
:
|
Microsoft .NET development series
|
| Page. NO
|
:
|
xv, 392 pages :: illustrations ;; 24 cm.
|
| ISBN
|
:
|
0321228359
|
|
|
:
|
: 9780321228352
|
| Bibliographies/Indexes
|
:
|
Includes bibliographical references (pages 379-380) and index.
|
| Contents
|
:
|
I: The big picture -- What is secure code? -- What is a countermeasure? -- What is threat modeling? -- What is the principle of least privilege? -- What is the principle of defense in depth? -- What is authentication? -- What is a luring attack? -- What is a nonprivileged user? -- How to develop code as a non-admin -- How to enable auditing -- How to audit access to files -- II: Security context -- What is a security principal? -- What is a SID? -- How to program with SIDs -- What is security context? -- What is a token? -- What is a logon session? -- What is a window station? -- What is a user profile? -- What is a group? -- What is a privilege? -- How to use a privilege -- How to grant or revoke privileges via security policy -- What are WindowsIdentity and WindowsPrincipal? -- How to create a WindowsPrincipal given a token -- How to get a token for a user -- What is a daemon? -- How to choose a identity for a daemon -- How to display a user interface from a daemon -- How to run a program as another user -- What is impersonation? -- How to impersonate a user given her token -- What is Thread. CurrentPrincipal? -- How to track client identity using Thread. CurrentPrincipal -- What is a null session? -- What is a guest logon? -- How to deal with unauthenticated clients -- III. Access control -- What is role-based security? -- What is ACL-based security? -- What is discretionary access control? -- What is ownership? -- What is a security descriptor? -- What is an access control list? -- What is a permission? -- What is ACL inheritance? -- How to take ownership of an object -- How to program ACLs -- How to persist a security descriptor -- What is authorization manager? -- IV: COM(+) and EnterpriseServices -- What is the COM(+) authentication level? -- What is the COM(+) impersonation level? -- What is CoInitializeSecurity? -- How to configure security for a COM(+) client -- How to configure the authentication and impersonation levels for a COM+ application -- How to configure the authentication and impersonation level for an ASP.NET application -- How to implement role-based security for an enterprise services application -- V. Network security -- What is CIA? -- What is Kerberos? -- What is a Service Principal Name (SPN)? -- How to use Service Principal Names -- What is delegation? -- What is protocol transition? -- How to configure delegation via security policy -- What is SSPI? -- How to add CIA to a socket-based app using SSPI -- How to add CIA to .NET remoting -- What is IPSEC? -- How to use IPSEC to protect your network -- VI: Miscellaneous -- How to store secrets on a machine -- How to prompt for a password -- How to programmatically lock the console -- How to programmatically log off or reboot the machine -- What is group policy? -- How to deploy software securely via group policy.
|
| Abstract
|
:
|
Making applications secure has been one of the biggest priorities of Microsoft developers. However, very few books have been written for developers; most security books are aimed at administrators. Surprisingly enough given this focus on security there is not yet a leading book on .NET security. Keith Brown is one of the most respected names in the field, and has written the first book to explain how to make Windows Server 2003 applications secure using .NET. Furthermore, it is written in the format which has proven so successful for Scott Meyers and others: it is made up of 75 brief items which build on the previous ones, giving developers of all levels a complete, deep understanding of what tools are available, and how to use them to create secure applications for Windows.
|
| Subject
|
:
|
Computer security.
|
| Subject
|
:
|
Computer security.
|
| Subject
|
:
|
Microsoft .NET Framework.
|
|
|
:
|
Microsoft Windows (Computer file)
|
|
|
:
|
Microsoft .NET Framework.
|
|
|
:
|
Microsoft Windows (Computer file)
|
| Dewey Classification
|
:
|
005.8
|
| LC Classification
|
:
|
QA76.9.A25B775 2004
|