• • Table of Contents Index The NET Developer's Guide to Windows Security By Keith Brown Publisher : Addison Wesley Pub Date : September 27, 2004 ISBN : 0-321-22835-9 Pages : 408 "As usual, Keith masterfully explains complex security issues in down-to-earth and easy-tounderstand language I bet you'll reach for this book often when building your next software application." Michael Howard, coauthor, Writing Secure Code "When it comes to teaching Windows security, Keith Brown is 'The Man.' In The NET Developer's Guide to Windows Security, Keith has written a book that explains the key security concepts of Windows NT, Windows 2000, Windows XP, and Windows Server 2003, and teaches you both how to apply them and how to implement them in C# code By organizing his material into short, clear snippets, Brown has made a complicated subject highly accessible." Martin Heller, senior contributing editor at Byte.com and owner of Martin Heller & Co "Keith Brown has a unique ability to describe complex technical topics, such as security, in a way that can be understood by mere mortals (such as myself) Keith's book is a must read for anyone attempting to keep up with Microsoft's enhancements to its security features and the next major version of NET." Peter Partch, principal software engineer, PM Consulting "Keith's book is a collection of practical, concise, and carefully thought out nuggets of security insight Every NET developer would be wise to keep a copy of this book close at hand and to consult it first when questions of security arise during application development." Fritz Onion, author of Essential ASP.NET with Examples in C# The NET Developer's Guide to Windows Security is required reading for NET programmers who want to develop secure Windows applications Readers gain a deep understanding of Windows security and the know-how to program secure systems that run on Windows Server 2003, Windows XP, and Windows 2000 Author Keith Brown crystallizes his application security expertise into 75 short, specific guidelines Each item is clearly explained, cross-referenced, and illustrated with detailed examples The items build on one another until they produce a comprehensive picture of what tools are available and how developers should use them The book highlights new features in Windows Server 2003 and previews features of the upcoming version 2.0 of the NET Framework A companion Web site includes the source code and examples used throughout the book Topics covered include: Kerberos authentication Access control Impersonation Network security Constrained delegation Protocol transition Securing enterprise services Securing remoting How to run as a normal user and live a happy life Programming the Security Support Provider Interface (SSPI) in Visual Studio.NET 2005 Battle-scarred and emerging developers alike will find in The NET Developer's Guide to Windows Security bona-fide solutions to the everyday problems of securing Windows applications • • Table of Contents Index The NET Developer's Guide to Windows Security By Keith Brown Publisher : Addison Wesley Pub Date : September 27, 2004 ISBN : 0-321-22835-9 Pages : 408 Copyright Praise for The NET Developer's Guide to Windows Security Microsoft NET Development Series Titles in the Series Preface Acknowledgments Part I The Big Picture Chapter 1 What Is Secure Code? Chapter 2 What Is a Countermeasure? Chapter 4 What Is the Principle of Least Privilege? Chapter 6 What Is Authentication? Chapter 8 What Is a Nonprivileged User? Chapter 3 What Is Threat Modeling? Chapter 5 What Is the Principle of Defense in Depth? Chapter 7 What Is a Luring Attack? Chapter 9 How to Develop Code as a Non-Admin The Secondary Logon Service But I Hate the Command Prompt! Network Credentials Debugging Writing Code That Can Be Used by a Non-Admin Installation Tips A Sample Setup for a VS.NET Developer Creating Web Projects in VS.NET Isolated Storage Chapter 10 How to Enable Auditing Chapter 11 How to Audit Access to Files Part II Security Context Chapter 12 What Is a Security Principal? Chapter 13 What Is a SID? Chapter 15 What Is Security Context? Chapter 16 What Is a Token? Chapter 18 What Is a Window Station? Chapter 20 What Is a Group? Chapter 14 How to Program with SIDs Security Context in the NET Framework Chapter 17 What Is a Logon Session? Chapter 19 What Is a User Profile? The Mechanics of Group Expansion But What about NTLM? Latency and Authenticity Chapter 21 What Is a Privilege? Chapter 23 How to Grant or Revoke Privileges via Security Policy Chapter 25 How to Create a WindowsPrincipal Given a Token Chapter 22 How to Use a Privilege Chapter 24 What Are WindowsIdentity and WindowsPrincipal? Chapter 26 How to Get a Token for a User Calling LogonUser The SSPI Workaround Chapter 27 What Is a Daemon? Chapter 29 How to Display a User Interface from a Daemon Chapter 31 What Is Impersonation? Chapter 32 How to Impersonate a User Given Her Token Chapter 28 How to Choose an Identity for a Daemon Chapter 30 How to Run a Program as Another User Pitfalls to Watch For Impersonation in ASP.NET Chapter 33 What Is Thread.CurrentPrincipal? Chapter 34 How to Track Client Identity Using Thread.CurrentPrincipal Chapter 36 What Is a Guest Logon? Chapter 35 What Is a Null Session? Chapter 37 How to Deal with Unauthenticated Clients Part III Access Control Chapter 38 What Is Role-Based Security? Chapter 39 What Is ACL-Based Security? Chapter 40 What Is Discretionary Access Control? Chapter 42 What Is a Security Descriptor? Chapter 44 What Is a Permission? Chapter 46 How to Take Ownership of an Object Chapter 48 How to Persist a Security Descriptor Chapter 41 What Is Ownership? Chapter 43 What Is an Access Control List? Chapter 45 What Is ACL Inheritance? Chapter 47 How to Program ACLs Chapter 49 What Is Authorization Manager? Introducing Authorization Manager Authorization Store Stores, Applications, and Scopes Scripts Auditing A Sample App: The Corporate Library The AzMan Runtime Interface Application Groups Supporting Authorization Scripts Conclusion Part IV COM(+) and EnterpriseServices Chapter 50 What Is the COM(+) Authentication Level? Chapter 51 What Is the COM(+) Impersonation Level? Chapter 52 What Is CoInitializeSecurity? Chapter 53 How to Configure Security for a COM(+) Client Chapter 54 How to Configure the Authentication and Impersonation Levels for a COM+ Application Chapter 55 How to Configure the Authentication and Impersonation Levels for an ASP.NET Application Chapter 56 How to Implement Role-Based Security for an Enterprise Services Application Windows XP Service Pack 2 Chapter 57 How to Configure Process Identity for a COM(+) Server Application Part V Network Security Chapter 58 What Is CIA? Message Authentication Codes Chapter 59 What Is Kerberos? Cross-Domain Authentication and Domain Trusts User-to-User Authentication What Else Is in a Ticket? Chapter 60 What Is a Service Principal Name (SPN)? Chapter 61 How to Use Service Principal Names Chapter 63 What Is Protocol Transition? Chapter 65 What Is SSPI? Chapter 67 How to Add CIA to NET Remoting Chapter 62 What Is Delegation? Chapter 64 How to Configure Delegation via Security Policy Chapter 66 How to Add CIA to a Socket-Based App Using SSPI Chapter 68 What Is IPSEC? Chapter 69 How to Use IPSEC to Protect Your Network Part VI Miscellaneous Chapter 70 How to Store Secrets on a Machine Secrets in ASP.NET Configuration Files The DataProtection Class Chapter 71 How to Prompt for a Password Chapter 73 How to Programmatically Log Off or Reboot the Machine Chapter 72 How to Programmatically Lock the Console Chapter 74 What is Group Policy? Chapter 75 How to Deploy Software Securely via Group Policy BIBLIOGRAPHY Index Copyright Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks Where those designations appear in this book, and Addison-Wesley was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals The NET logo is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries and is used under license from Microsoft The author and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein The publisher offers discounts on this book when ordered in quantity for bulk purchases and special sales For more information, please contact: U.S Corporate and Government Sales (800) 382-3419 corpsales@pearsontechgroup.com For sales outside of the U.S., please contact: International Sales international@pearsoned.com Visit Addison-Wesley on the Web: www.awprofessional.com Library of Congress Cataloging-in-Publication Data modeling] role-based security 2nd Authorization Manager in 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th 18th implementing for COM+ 2nd 3rd 4th 5th 6th local groups in 2nd 3rd Thread.CurrentPrincipal and 2nd 3rd 4th 5th 6th RSA runas checking installation with running programs as another user with [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X] [Z] SACLs (system access control lists) 2nd Saltzer SAM (Security Accounts Manager) sandboxes interactive services and 2nd Schneier, Bruce 2nd 3rd 4th scope, groups and 2nd scripts Authorization Manager 2nd 3rd 4th SDDL (Security Descriptor Description Language) 2nd 3rd 4th SE_DACL_PROTECTED SE_SACL_PROTECTED SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeBackupPrivilege 2nd secedit/refreshpolicy machine_policy SeChangeNotifyPrivilege Secondary Logon Service 2nd impersonation and 2nd privileges and secpol.msc 2nd 3rd secrets ASP.NET configuration file 2nd DPAPI 2nd 3rd 4th 5th sharing in authentication 2nd storing on machines 2nd 3rd 4th 5th 6th 7th 8th Secrets and Lies (Schneier) 2nd secure attention sequence Secure Server policy 2nd SecureMethodAttribute SecureRoleAttribute 2nd security as process 2nd 3rd audits in 2nd 3rd developer understanding of 2nd 3rd 4th protection, detection, reaction in 2nd 3rd protocols 2nd 3rd 4th redundance in 2nd 3rd secure code in 2nd 3rd tradeoffs in usability balance with 2nd 3rd 4th security account databases Security Association (SA) 2nd security contexts 2nd 3rd 4th definition of getting fresh impersonation and 2nd software deployment and 2nd Security Descriptor Description Language (SDDL) 2nd 3rd 4th security descriptors 2nd 3rd 4th 5th 6th 7th access to 2nd ACLs and CoInitializeSecurity and 2nd persisting 2nd security identifiers [See SIDs (security identifiers)] security policy auditing in 2nd delegation via 2nd granting/revoking privileges via 2nd 3rd IPSEC and 2nd security principals 2nd 3rd 4th authorities and 2nd listing 2nd machine 2nd service 2nd Thread.CurrentPrincipal and 2nd user 2nd Security Support Provider Interface 2nd [See SSPI (Security Support Provider Interface)] SecurityIdentifier 2nd SeDebugPrivilege SeImpersonatePrivilege 2nd server applications ACL-based security in security context and 2nd server process identities 2nd 3rd 4th server-to-server communication ServerAuthenticate Service Control Manager (SCM) daemons and 2nd security context and service logons service principal names (SPNs) 2nd 3rd .NET remoting and 2nd configuring SSPI and structure of 2nd user-to-user authentication and using 2nd 3rd service principals 2nd ServicedComponent 2nd 3rd 4th 5th 6th SeSecurityPrivilege SeShutdownPrivilege 2nd session keys SeSystemtimePrivilege SeTakeOwnershipPrivilege SeTcbPrivilege setspn.exe 2nd SetTokenInformation SHA 2nd SHA- 2nd shatter attack SIDs (security identifiers) 2nd 3rd account names and ANONYMOUS LOGON 2nd Authenticated Users 2nd 3rd checking for in tokens group 2nd 3rd guest logon in security descriptors 2nd 3rd in tickets in tokens owner 2nd 3rd 4th 5th programming with 2nd 3rd security context and 2nd 3rd 4th sledgehammer checkbox smartcards 2nd [See also authentication] SMB signing Snort SOAP formatter social engineering software deployment 2nd 3rd Software Settings 2nd SPNEGO protocol spoofing SQL Server role-based security in service principal names and SQL statements injection vulnerability 2nd 3rd secure coding for 2nd 3rd SSL mutual authentication in SSPI (Security Support Provider Interface) 2nd 3rd 4th LogonUser and 2nd 3rd socket-based apps and 2nd 3rd 4th 5th 6th STARTUPINFO storeadm/list 2nd STRIDE 2nd SYN-flood attacks 2nd SYNCHRONIZE permission 2nd system access control lists [See SACLs (system access control lists)] SYSTEM logon session daemon identity and 2nd 3rd 4th System.Diagnostics.Process 2nd 3rd System.EnterpriseServices 2nd 3rd 4th 5th 6th System.Security.AccessControl 2nd System.Threading.Timer [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X] [Z] Take Ownership 2nd tampering TCP channel TCP stack 2nd Terminal Services second logon via 2nd TextMode=Password Thread.CurrentPrincipal 2nd 3rd in role-based security 2nd testing 2nd tracking client identity with 2nd 3rd 4th 5th WindowsIdentity and ThreadPool.QueueUserWorkItem threads attaching tokens to 2nd 3rd 4th impersonation and permissions for 2nd security context and Thread.CurrentPrincipal and 2nd threat modeling 2nd 3rd 4th 5th 6th attack trees in 2nd data flow diagrams in STRIDE acronym in 2nd Threat Modeling (Swiderski, Snyder) ticket-granting tickets (TGTs) 2nd 3rd tickets group membership in 2nd 3rd Kerberos 2nd 3rd 4th latency/authenticity and 2nd timestamps tokens 2nd 3rd 4th transference of risk 2nd Tripwire trust in Kerberos 2nd 3rd transitive 2nd trusted code, luring attacks and 2nd 3rd trusted computing base (TCB) [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X] [Z] Underwriters Laboratories universal groups 2nd expanding 2nd UNIX, access control in untrusted code, luring attacks and 2nd 3rd UPNs [See user principal names (UPNs)] User Configuration 2nd [See also group policy] Software Settings 2nd [See also group policy] user interfaces daemons and displaying from daemons 2nd 3rd 4th user principal names (UPNs) 2nd protocol transition and 2nd 3rd 4th user principals 2nd user profiles 2nd 3rd 4th 5th All Users daemons and 2nd 3rd 4th UserAppDataPath USERPROFILE 2nd users, nonprivileged 2nd 3rd 4th USS Halibut UUIDs [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X] [Z] VBScript 2nd Visual Studio.NET admin command prompt in 2nd debugging in programming SIDs in 2nd SSPI and 2nd 3rd 4th 5th Web project creation in VS Developers group [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X] [Z] web.config 2nd 3rd 4th WellKnownSidType 2nd whoami, privilege listing with 2nd Win32 functions AdjustTokenPrivileges 2nd 3rd 4th CheckTokenMembership CoInitializeSecurity 2nd 3rd 4th 5th 6th 7th 8th 9th CreateProcessWithLogonW 2nd 3rd enabling/disabling privileges with 2nd 3rd 4th 5th 6th 7th ExitWindowsEx 2nd ImpersonateAnonymousToken 2nd impersonation and LoadUserProfile LockWorkstation LogonUser 2nd 3rd 4th programming ACLs with 2nd 3rd RevertToSelf running programs as another user with 2nd 3rd SetProcessWindowStation SetTokenInformation window stations 2nd 3rd 4th interactive 2nd 3rd Windows access control in group types in Logo nonprivileged users in 2nd 3rd 4th NT 2nd 3rd Windows Forms code usable by non-admins in 2nd COM security in Windows XP service pack 2nd WindowsAccountType WindowsBuiltInRole WindowsIdentity 2nd 3rd 4th 5th getting tokens for users in 2nd null session tokens and 2nd 3rd 4th token wrapping and tokens in 2nd WindowsIdentity.GetAnonymous null session tokens and 2nd WindowsIdentity.GetCurrent 2nd token propagation with 2nd 3rd WindowsIdentity.Impersonate 2nd 3rd 4th WindowsIdentity.Token WindowsImpersonationContext 2nd WindowsImpersonationContext.Undo WindowsPrincipal 2nd 3rd 4th 5th creating 2nd 3rd 4th 5th in role-based security 2nd tokens in 2nd winnt.h 2nd SIDs in WinSta 2nd 3rd daemons in 2nd WMI (Windows Management Instrumentation) World Authority WRITE_DAC 2nd 3rd WRITE_OWNER 2nd 3rd 4th Writing Secure Code (Howard, LeBlanc) [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X] [Z] X.509 certificates xcacls.exe xcopy deployment [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X] [Z] zXML files, authorization stores as 2nd ... will find in The NET Developer's Guide to Windows Security bona-fide solutions to the everyday problems of securing Windows applications • • Table of Contents Index The NET Developer's Guide to Windows Security. .. "When it comes to teaching Windows security, Keith Brown is 'The Man.' In The NET Developer's Guide to Windows Security, Keith has written a book that explains the key security concepts of Windows NT, Windows 2000,... If he is going to steal the documents inside the safe, he is not only going to have to break into the safe, he is also going to have to defeat the system of alarms and guards The safeboth the lock and the wallsare