Pearson - Programming Windows Security

Pearson

Always Learning

Browse by discipline

Humanities & Social Sciences

Math & Science

Professional & Career

Programming Windows Security
Keith Brown

ISBN-10: 0201604426
ISBN-13: 9780201604429

Publisher: Addison-Wesley Professional
Copyright: 2000
Format: Paper; 608 pp
Published: 07/05/2000
Status: Instock

Net price: $28.34 (What's this?)

Customers outside the U.S., click here.

Request a printed exam copy

Email this page to a colleague
Prepare for the First Day of Class
Learn about customization options
Print this page

Print this content

In this section:

Description

This is one of only a few security books that target software developers. Most are directed at network administrators who want to configure their systems to avoid attacks. Yet Windows programmers have lots of tools at their disposal for securing their applications and most are completely unaware that these tools exist. The first part of the book identifies the crucial elements that a developer must master (e.g. cryptography, authentication, access control, credentials) in order to understand NT security. The second part of the book deals with application of these elements to various tools and programming techniques (COM(+), MTS, MSMQ, Active Directory).

Table of Contents

Preface.

I. MODEL 1.

1. The Players.

Principals.

Authorities.

Machines as Principals.

Authentication.

Trust.

Summary.

2. The Environment.

Logon Sessions.

Tokens.

The System Logon Session.

Window Stations.

Processes.

Summary.

3. Enforcement.

Authorization.

Discovering Authorization Attributes.

Distributed Applications.

Objects and Security Descriptors.

Access Control Strategies.

Choosing a Model.

Caching Mechanisms.

Summary.

II. MECHANICS.

4. Logon Sessions.

Logon Session 999.

Daemon Logon Sessions.

Network Logon Sessions.

Interactive Logon Sessions.

Network Credentials.

Tokens.

Memory Allocation and Error Handling Strategies.

Using Privileges.

Impersonation.

Restricting Authorization Attributes.

Terminating a Logon Session.

Summary.

5. Window Stations and Profiles.

What Is a Window Station?

Window Station Permissions.

Natural Window Station Allocation.

Daemons in the Lab.

Other Window Stations.

Exploring Window Stations.

Closing Window Station Handles.

Window Stations and Access Control.

Desktops.

Jobs, Revisited.

Processes.

Summary.

6. Access Control and Accountability.

Permissions.

Anatomy of a Security Descriptor.

Where Do Security Descriptors Come From?

Security Descriptor Usage Patterns.

How ACLs Work.

Security Descriptors and Built-in Objects.

Security Descriptors and Private Objects.

Hierarchical Object Models and ACL Inheritance.

ACL Programming.

Handles.

Summary.

III. DISTRIBUTION.

7. Network Authentication.

The NTLM Authentication Protocol.

The Kerberos v5 Authentication Protocol.

SSPI.

SPNEGO: Simple and Protected Negotiation.

Summary.

8. The File Server.

Lan Manager.

Lan Manager Sessions.

Clients and Sessions.

Use Records.

NULL Sessions.

Dealing with Conflict.

Drive Letter Mappings.

Named Pipes.

SMB Signing.

Summary.

9. COM(+).

The MSRPC Security Model.

The COM Security Model.

COM Interception.

Activation Requests.

More COM Interception: Access Control.

Plugging Obscure Security Holes.

Security in In-Process Servers?

Surrogates and Declarative Security.

COM Servers Packaged as Services.

Legacy Out-of-Process Servers.

Launching Servers via the COM SCM.

A Note on Choosing a Server Identity.

Access Checks in the Middle Tier.

The COM+ Security Model: Configured Components.

Catalog Settings.

Applications and Role-Based Security.

Making Sense of COM+ Access Checks.

Which Components Need Role Assignments?

Security in COM+ Library Applications.

Fine-Grained Access Control: IsCallerInRole.

Call Context Tracking.

Tips for Debugging COM Security Problems.

Summary.

10. IIS.

Authentication on the Web.

Public Key Cryptography.

Certificates.

Secure Sockets Layer.

Certificate Revocation.

From Theory to Practice: Obtaining and Installing a Web Server Certificate.

Requiring HTTPS via the IIS Metabase.

Managing Web Applications.

Client Authentication.

Server Applications.

IIS as a Gateway into COM+.

Miscellaneous Topics.

Where to Get More Information.

Summary.

Appendix: Some Parting Words.

Well-Known SIDs.

Printing SIDs in Human Readable Form.

Adding Domain Principals in Windows 2000.

Adding Groups in Windows 2000.

Adding Local Accounts and Aliases.

Privileges and Logon Rights.

Secrets: The Windows Password Stash.

Glossary.

Bibliography.

Index. 0201604426T04062001

Courses

Windows (Computer Science)
Network Security [PTG: AW PROFESSIONAL] (Computer Science)

Print this content

In this section:

Author Bios

Keith Brown focuses on application security at Pluralsight, which he cofounded with several other .NET experts to foster a community, develop content, and provide premier training. Keith regularly speaks at conferences, including TechEd and WinDev, and serves as a contributing editor and columnist to MSDN Magazine.

Backcover Copy

"Keith Brown lucidly explains the Win32 security architecture and how it pervades Windows NT and Windows 2000. He demystifies authentication, authorization, auditing, COM+ security, logon sessions, and much more."
--George V. Reilly, IIS Performance Lead, Microsoft

Windows security has often been considered a dry and unapproachable topic. For years, the main examples of programming security were simply exercises in ACL manipulation. Programming Windows Security is a revelation providing developers with insight into the way Windows security really works. This book shows developers the essentials of security in Windows 2000, including coverage of Kerberos, SSL, job objects, the new ACL model, COM+ and IIS 5.0. Also included are highlights of the differences between security in Windows 2000 and in Windows NT 4.0.

Programming Windows Security is written by an experienced developer specifically for use by other developers. It focuses on the issues of most concern to developers today: the design and implementation of secure distributed systems using the networking infrastructure provided by Windows, the file server, the web server, RPC servers, and COM(+) servers.

Topics covered include:

COM(+) security, from the ground up
IIS security
How the file system redirector works and why developers should care
The RPC security model
Kerberos, NTLM, and SSL authentication protocols and SSPI
Services and the Trusted Computing Base (TCB)
Logon sessions and tokens
Window stations, desktops, and user profiles
The Windows 2000 ACL model, including the new model of inheritance
Using private security descriptors to secure objects
Accounts, groups, aliases, privileges, and passwords
Comparison of three strategies for performing access control--impersonation, role-centric, and object-centric--and their impact on the design of a distributed application

Programming Windows Security provides the most comprehensive coverage of COM(+) security available in one place, culled from the author's extensive experience in diagnosing COM security problems in the lab and via correspondence on the DCOM mailing list.

0201604426B04062001

Print this content

This product is a member of the following series. Click on the series name to see the full list of products in the series.

DevelopMentor Series

Password:

Forgot login/password? | Need to redeem an access code?

We're sorry!

We don't recognize your login or password. Please try again.

If you continue to have problems, try retrieving your login name password or contacting Customer Technical Support.

We're sorry!

The account you used to log in on the previous website does not contain IRC access.
If you have a separate IRC count, please log in using that login name and password.
If you do not have an IRC account, you canrequest access here

close window

Your access will expire soon.

To ensure uninterrupted service, you should renew your access for this site soon.

Renew now or proceed without renewing.

close window

We're sorry!

Your access to the Instructor Resource Center has expired.

To continue using the IRC, renew your access now.

An internal error has occurred. Please try again.

Instructor Resource Center File Download

This work is protected by local and international copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning. Dissemination or sale of any part of this work (including on the World Wide Web) will destroy the integrity of the work and is not permitted. The work and materials from this site should never be made available to students except by instructors using the accompanying text in their classes. All recipients of this work are expected to abide by these restrictions and to honor the intended pedagogical purposes and the needs of other instructors who rely on these materials.

Cancel

I accept, proceed with download

Print this content

Pearson Higher Education offers special pricing when you choose to package your text with other student resources. If you're interested in creating a cost-saving package for your students contact your Pearson Higher Education representative.

Programming Windows Security