Polyteknisk Boghandel

"As usual, Keith masterfully explains complex security issues in down-to-earth and easy-to-understand language. I bet you'll reach for this book often when building your next software application." --Michael Howard, coauthor, Writing Secure Code "When it comes to teaching Windows security, Keith Brown is 'The Man.'In The .NET Developer's Guide to Windows Security, Keith has written a book that explains the key security concepts of Windows NT, Windows 2000, Windows XP, and Windows Server 2003, and teaches you both how to apply them and how to implement them in C# code. By organizing his material into short, clear snippets, Brown has made a complicated subject highly accessible." --Martin Heller, senior contributing editor at Byte.com and owner of Martin Heller & Co. "Keith Brown has a unique ability to describe complex technical topics, such as security, in a way that can be understood by mere mortals (such as myself). Keith's book is a must read for anyone attempting to keep up with Microsoft's enhancements to its security features and the next major version of .NET." --Peter Partch, principal software engineer, PM Consulting "Keith's book is a collection of practical, concise, and carefully thought out nuggets of security insight. Every .NET developer would be wise to keep a copy of this book close at hand and to consult it first when questions of security arise during application development." --Fritz Onion, author of Essential ASP.NET with Examples in C# The .NET Developer's Guide to Windows Securityis required reading for .NET programmers who want to develop secure Windows applications. Readers gain a deep understanding of Windows security and the know-how to program secure systems that run on Windows Server 2003, Windows XP, and Windows 2000. Author Keith Brown crystallizes his application security expertise into 75 short, specific guidelines. Each item is clearly explained, cross-referenced, and illustrated with detailed examples. The items build on one another until they produce a comprehensive picture of what tools are available and how developers should use them. The book highlights new features in Windows Server 2003 and previews features of the upcoming version 2.0 of the .NET Framework. A companion Web site includes the source code and examples used throughout the book. Topics covered include: Kerberos authentication Access control Impersonation Network security Constrained delegation Protocol transition Securing enterprise services Securing remoting How to run as a normal user and live a happy life Programming the Security Support Provider Interface (SSPI) in Visual Studio.NET 2005 Battle-scarred and emerging developers alike will find in The .NET Developer's Guide to Windows Securitybona-fide solutions to the everyday problems of securing Windows applications.

Preface
Acknowledgments
I: THE BIG PICTURE. Item
1: What Is Secure Code? Item
2: What Is a Countermeasure? Item
3: What is threat Modeling? Item
4: What Is the Principle of Least Privilege? Item
5: What Is the Principle of Defense in Depth? Item
6: What Is Authentication? Item
7: What Is a Luring Attack? Item
8: What Is a Nonprivileged User? Item
9: How to Develop Code as a Non-Admin. Item
10: How to Enable Auditing. Item
11: How to Audit Access to Files.
II: SECURITY CONTEXT. Item
12: What Is a Security Principal? Item
13: What Is a SID? Item
14: How to Program with SIDs. Item
15: What Is Security Context? Item
16: What Is a Token? Item
17: What Is a Logon Session? Item
18: What Is a Window Station? Item
19: What Is a User Profile? Item
20: What Is a Group? Item
21: What Is a Privilege? Item
22: How to Use a Privilege. Item
23: How to Grant or Revoke Privileges via Security Policy. Item
24: What Are WindowsIdentity and WindowsPrincipal? Item
25: How to Create a WindowsPrincipal Given a Token. Item
26: How to Get a Token for a User. Item
27: What Is a Daemon? Item
28: How to Choose an Identity for a Daemon. Item
29: How to Display a User Interface from a Daemon. Item
30: How to Run a Program as Another User. Item
31: What Is Impersonation? Item
32: How to Impersonate a User Given Her Token. Item
33: What is Thread. CurrentPrincipal? Item
34: How to Track Client Identity Using Thread. CurrentPrincipal. Item
35: What Is a Null Session? Item
36: What Is a Guest Logon? Item
37: How to Deal with Unauthenticated Clients.
III: ACCESS CONTROL. Item
38: What Is Role-Based Security? Item
39: What Is ACL-Based Security? Item
40: What Is Discretionary Access Control? Item
41: What Is Ownership? Item
42: What Is a Security Descriptor? Item
43: What Is an Access Control List? Item
44: What Is a Permission? Item
45: What Is ACL Inheritance? Item
46: How to Take Ownership of an Object. Item
47: How to Program ACLs. Item
48: How to Persist a Security Descriptor. Item
49: What Is Authorization Manager?
IV: COM(+) AND ENTERPRISESERVICES. Item
50: What Is the COM(+) Authentication Level? Item
51: What Is the COM(+) Impersonation Level? Item
52: What Is CoInitializeSecurity? Item
53: How to Configure Security for a COM(+) Client. Item
54: How to Configure the Authentication and Impersonation Levels for a COM+ Application. Item
55: How to Configure the Authentication and Impersonation Level for an ASP. NET Application. Item
56: How to Implement Role-Based Security for an Enterprise Services Application. Item
57: How to Configure Process Identity for a COM(+) Server Application.
V: NETWORK SECURITY. Item
58: What Is CIA? Item
59: What Is Kerberos? Item
60: What Is a Service Principal Name (SPN)? Item
61: How to Use Service Principal Names. Item
62: What Is Delegation? Item
63: What Is Protocol Transition? Item
64: How to Configure Delegation via Security Policy. Item
65: What Is SSPI? Item
66: How to Add CIA to a Socket-Based App Using SSPI. Item
67: How to Add CIA to NET Remoting. Item
68: What Is IPSEC? Item
69: How to Use IPSEC to Protect Your Network.
VI: MISCELLANEOUS. Item
70: How to Store Secrets on a Machine. Item
71: How to Prompt for a Password. Item
72: How to Programmatically Lock the Console. Item
73: How to Programmatically Log Off or Reboot the Machine. Item
74: What Is Group Policy? Item
75: How to Deploy Software Securely via