Внимание!!! AdBlock блокирует показ некоторых скриншотов. Пожалуйста, все вопросы к разработчкикам
Автор
Сообщение
Galfimbul
Programming Windows Security / Программирование системы безопасности Windows
Год: 2000 Автор: Keith Brown / Кейт Браун Издательство: Addison-Wesley Professional ISBN: 0-201-60442-6 / 978-0-201-60442-9 Язык: Английский Формат: PDF Качество: Распознанный текст без ошибок (OCR) Интерактивное оглавление: Да Количество страниц: 331 Описание: "Keith Brown lucidly explains the Win32 security architecture and how it pervades Windows NT and Windows 2000. He demystifies authentication, authorization, auditing, COM+ security, logon sessions, and much more." --George V. Reilly, IIS Performance Lead, Microsoft
Windows security has often been considered a dry and unapproachable topic. For years, the main examples of programming security were simply exercises in ACL manipulation. Programming Windows Security is a revelation providing developers with insight into the way Windows security really works. This book shows developers the essentials of security in Windows 2000, including coverage of Kerberos, SSL, job objects, the new ACL model, COM+ and IIS 5.0. Also included are highlights of the differences between security in Windows 2000 and in Windows NT 4.0.
Programming Windows Security is written by an experienced developer specifically for use by other developers. It focuses on the issues of most concern to developers today: the design and implementation of secure distributed systems using the networking infrastructure provided by Windows, the file server, the web server, RPC servers, and COM(+) servers.
Topics covered include:
COM(+) security, from the ground up IIS security How the file system redirector works and why developers should care The RPC security model Kerberos, NTLM, and SSL authentication protocols and SSPI Services and the Trusted Computing Base (TCB) Logon sessions and tokens Window stations, desktops, and user profiles The Windows 2000 ACL model, including the new model of inheritance Using private security descriptors to secure objects Accounts, groups, aliases, privileges, and passwords Comparison of three strategies for performing access control--impersonation, role-centric, and object-centric--and their impact on the design of a distributed application
Programming Windows Security provides the most comprehensive coverage of COM(+) security available in one place, culled from the author's extensive experience in diagnosing COM security problems in the lab and via correspondence on the DCOM mailing list.
Contents Preface.......................................................................................................................................................4 Chapter 1 - The Players...........................................................................................................................11 Principals................................................................................................................................................11 Authorities..............................................................................................................................................15 Machines as Principals..........................................................................................................................16 Authentication........................................................................................................................................17 Trust.......................................................................................................................................................20 Summary................................................................................................................................................24 Chapter 2 - The Environment..................................................................................................................26 Logon Sessions......................................................................................................................................26 Tokens...................................................................................................................................................29 The System Logon Session...................................................................................................................31 Window Stations....................................................................................................................................32 Processes..............................................................................................................................................35 Summary................................................................................................................................................35 Chapter 3 - Enforcement.........................................................................................................................37 Authorization..........................................................................................................................................37 Discovering Authorization Attributes......................................................................................................41 Distributed Applications..........................................................................................................................41 Objects and Security Descriptors...........................................................................................................42 Access Control Strategies......................................................................................................................44 Choosing a Model..................................................................................................................................48 Caching Mechanisms.............................................................................................................................49 Summary................................................................................................................................................52 Chapter 4 – Logon Sessions..................................................................................................................54 Logon Session 999................................................................................................................................56 Daemon Logon Sessions.......................................................................................................................58 Network Logon Sessions........................................................................................................................60 Interactive Logon Sessions....................................................................................................................61 Network Credentials...............................................................................................................................62 Tokens...................................................................................................................................................62 Memory Allocation and Error Handling Strategies..................................................................................74 Using Privileges.....................................................................................................................................75 Impersonation........................................................................................................................................79 Restricting Authorization Attributes........................................................................................................91 Terminating a Logon Session.................................................................................................................94 Summary................................................................................................................................................95 Chapter 5 – Window Stations and Profiles............................................................................................97 What Is a Window Station?....................................................................................................................97 Window Station Permissions..................................................................................................................99 Natural Window Station Allocation.......................................................................................................100 Daemons in the Lab.............................................................................................................................102 Other Window Stations........................................................................................................................103 Exploring Window Stations...................................................................................................................105 Closing Window Station Handles.........................................................................................................106 Window Stations and Access Control..................................................................................................107 Desktops..............................................................................................................................................108 Jobs, Revisited.....................................................................................................................................114 Processes............................................................................................................................................115 Summary..............................................................................................................................................124 Chapter 6 - Access Control and Accountability..................................................................................125 Permissions..........................................................................................................................................125 Anatomy of a Security Descriptor.........................................................................................................128 Where Do Security Descriptors Come From?......................................................................................131 Security Descriptor Usage Patterns.....................................................................................................132 How ACLs Work...................................................................................................................................135 Security Descriptors and Built-in Objects.............................................................................................143 Security Descriptors and Private Objects.............................................................................................144 Hierarchical Object Models and ACL Inheritance.................................................................................146 ACL Programming................................................................................................................................162 Handles................................................................................................................................................170 Summary..............................................................................................................................................172 Chapter 7 – Network Authentication....................................................................................................174 The NTLM Authentication Protocol......................................................................................................174 The Kerberos v5 Authentication Protocol.............................................................................................186 SSPI.....................................................................................................................................................203 SPNEGO: Simple and Protected Negotiation.......................................................................................207 Summary..............................................................................................................................................208 Chapter 8 – The File Server..................................................................................................................209 LAN Manager.......................................................................................................................................209 LAN Manager Sessions.......................................................................................................................210 Clients and Sessions............................................................................................................................213 Use Records........................................................................................................................................214 NULL Sessions....................................................................................................................................220 Dealing with Conflict.............................................................................................................................221 Drive Letter Mappings..........................................................................................................................221 Named Pipes........................................................................................................................................222 SMB Signing........................................................................................................................................224 Summary..............................................................................................................................................225 Chapter 9 – COM(+)...............................................................................................................................227 The MSRPC Security Model................................................................................................................227 The COM Security Model.....................................................................................................................239 COM Interception.................................................................................................................................249 Activation Requests.............................................................................................................................254 More COM Interception: Access Control..............................................................................................258 Plugging Obscure Security Holes.........................................................................................................259 Security in In-Process Servers?...........................................................................................................260 Surrogates and Declarative Security....................................................................................................260 COM Servers Packaged as Services...................................................................................................263 Legacy Out-of-Process Servers...........................................................................................................264 Launching Servers via the COM SCM.................................................................................................265 A Note on Choosing a Server Identity..................................................................................................268 Access Checks in the Middle Tier........................................................................................................269 The COM+ Security Model: Configured Components..........................................................................270 Catalog Settings...................................................................................................................................271 Applications and Role-Based Security.................................................................................................274 Making Sense of COM+ Access Checks..............................................................................................280 Which Components Need Role Assignments?.....................................................................................284 Security in COM+ Library Applications.................................................................................................285 Fine-Grained Access Control: IsCallerlnRole.......................................................................................287 Call Context Tracking...........................................................................................................................288 Tips for Debugging COM Security Problems........................................................................................289 Summary..............................................................................................................................................291 Chapter 10 – IIS......................................................................................................................................292 Authentication on the Web...................................................................................................................292 Public Key Cryptography......................................................................................................................295 Certificates...........................................................................................................................................296 Interlude: Some Acronyms and Terms.................................................................................................299 Secure Sockets Layer..........................................................................................................................300 Certificate Revocation..........................................................................................................................303 From Theory to Practice: Obtaining and Installing a Web Server Certificate........................................303 Requiring HTTPS via the IIS Metabase...............................................................................................306 Managing Web Applications.................................................................................................................308 Client Authentication............................................................................................................................311 Server Applications..............................................................................................................................318 IIS as a Gateway into COM+................................................................................................................321 Miscellaneous Topics...........................................................................................................................324 Where to Get More Information............................................................................................................326 Summary..............................................................................................................................................327 Appendix: absent, may be not forever.................................................................................................329 Bibliography...........................................................................................................................................330
Доп. информация: Спасибо за подготовку материала -> fat-crocodile
Внимание! AdBlock блокирует показ скриншотов, все вопросы к разработчикам )))