Programming Windows Security
Addison Wesley (Verlag)
978-0-201-60442-9 (ISBN)
- Titel ist leider vergriffen;
keine Neuauflage - Artikel merken
Windows 2000 and NT offer programmers powerful security tools that few developers use to the fullest -- and many are completely unaware of. In Programming Windows Security, a top Windows security expert shows exactly how to apply them in enterprise applications. Keith Brown starts with a complete roadmap to the Windows 2000 security architecture, describing every component and how they all fit together. He reviews the "actors" in a secure system, including principals, authorities, authentication, domains, and the local security authority; and the role of trust in secure Windows 2000 applications. Developers will understand the security implications of the broader Windows 2000 environment, including logon sessions, tokens, and window stations. Next, Brown introduces Windows 2000 authorization and access control, including groups, aliases, roles, privileges, security descriptors, DACLs and SACLs - showing how to choose the best access strategy for any application. In Part II, he walks developers through using each of Windows 2000's security tools, presenting techniques for building more secure setup programs, using privileges at runtime, working with window stations and user profiles, and using Windows 2000's dramatically changed ACLs. Finally, Brown provides techniques and sample code for network authentication, working with the file system redirector, using RPC security, and making the most of COM/COM+ security.
Keith Brown focuses on application security at Pluralsight, which he cofounded with several other .NET experts to foster a community, develop content, and provide premier training. Keith regularly speaks at conferences, including TechEd and WinDev, and serves as a contributing editor and columnist to MSDN Magazine.
Preface.
I. MODEL 1.
1. The Players.
Principals.
Authorities.
Machines as Principals.
Authentication.
Trust.
Summary.
2. The Environment.
Logon Sessions.
Tokens.
The System Logon Session.
Window Stations.
Processes.
Summary.
3. Enforcement.
Authorization.
Discovering Authorization Attributes.
Distributed Applications.
Objects and Security Descriptors.
Access Control Strategies.
Choosing a Model.
Caching Mechanisms.
Summary.
II. MECHANICS.
4. Logon Sessions.
Logon Session 999.
Daemon Logon Sessions.
Network Logon Sessions.
Interactive Logon Sessions.
Network Credentials.
Tokens.
Memory Allocation and Error Handling Strategies.
Using Privileges.
Impersonation.
Restricting Authorization Attributes.
Terminating a Logon Session.
Summary.
5. Window Stations and Profiles.
What Is a Window Station?
Window Station Permissions.
Natural Window Station Allocation.
Daemons in the Lab.
Other Window Stations.
Exploring Window Stations.
Closing Window Station Handles.
Window Stations and Access Control.
Desktops.
Jobs, Revisited.
Processes.
Summary.
6. Access Control and Accountability.
Permissions.
Anatomy of a Security Descriptor.
Where Do Security Descriptors Come From?
Security Descriptor Usage Patterns.
How ACLs Work.
Security Descriptors and Built-in Objects.
Security Descriptors and Private Objects.
Hierarchical Object Models and ACL Inheritance.
ACL Programming.
Handles.
Summary.
III. DISTRIBUTION.
7. Network Authentication.
The NTLM Authentication Protocol.
The Kerberos v5 Authentication Protocol.
SSPI.
SPNEGO: Simple and Protected Negotiation.
Summary.
8. The File Server.
Lan Manager.
Lan Manager Sessions.
Clients and Sessions.
Use Records.
NULL Sessions.
Dealing with Conflict.
Drive Letter Mappings.
Named Pipes.
SMB Signing.
Summary.
9. COM(+).
The MSRPC Security Model.
The COM Security Model.
COM Interception.
Activation Requests.
More COM Interception: Access Control.
Plugging Obscure Security Holes.
Security in In-Process Servers?
Surrogates and Declarative Security.
COM Servers Packaged as Services.
Legacy Out-of-Process Servers.
Launching Servers via the COM SCM.
A Note on Choosing a Server Identity.
Access Checks in the Middle Tier.
The COM+ Security Model: Configured Components.
Catalog Settings.
Applications and Role-Based Security.
Making Sense of COM+ Access Checks.
Which Components Need Role Assignments?
Security in COM+ Library Applications.
Fine-Grained Access Control: IsCallerInRole.
Call Context Tracking.
Tips for Debugging COM Security Problems.
Summary.
10. IIS.
Authentication on the Web.
Public Key Cryptography.
Certificates.
Secure Sockets Layer.
Certificate Revocation.
From Theory to Practice: Obtaining and Installing a Web Server Certificate.
Requiring HTTPS via the IIS Metabase.
Managing Web Applications.
Client Authentication.
Server Applications.
IIS as a Gateway into COM+.
Miscellaneous Topics.
Where to Get More Information.
Summary.
Appendix: Some Parting Words.
Well-Known SIDs.
Printing SIDs in Human Readable Form.
Adding Domain Principals in Windows 2000.
Adding Groups in Windows 2000.
Adding Local Accounts and Aliases.
Privileges and Logon Rights.
Secrets: The Windows Password Stash.
Glossary.
Bibliography.
Index. 0201604426T04062001
| Erscheint lt. Verlag | 18.7.2000 |
|---|---|
| Verlagsort | Boston |
| Sprache | englisch |
| Maße | 234 x 188 mm |
| Gewicht | 871 g |
| Themenwelt | Informatik ► Betriebssysteme / Server ► Windows |
| Informatik ► Theorie / Studium ► Kryptologie | |
| ISBN-10 | 0-201-60442-6 / 0201604426 |
| ISBN-13 | 978-0-201-60442-9 / 9780201604429 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
