The .NET Developer's Guide to Windows Security

Table of Contents:

Preface.

Acknowledgments.

I: THE BIG PICTURE.

Item 1: What Is Secure Code?

Item 2: What Is a Countermeasure?

Item 3: What is threat Modeling?

Item 4: What Is the Principle of Least Privilege?

Item 5: What Is the Principle of Defense in Depth?

Item 6: What Is Authentication?

Item 7: What Is a Luring Attack?

Item 8: What Is a Nonprivileged User?

Item 9: How to Develop Code as a Non-Admin.

Item 10: How to Enable Auditing.

Item 11: How to Audit Access to Files.

II: SECURITY CONTEXT.

Item 12: What Is a Security Principal?

Item 13: What Is a SID?

Item 14: How to Program with SIDs.

Item 15: What Is Security Context?

Item 16: What Is a Token?

Item 17: What Is a Logon Session?

Item 18: What Is a Window Station?

Item 19: What Is a User Profile?

Item 20: What Is a Group?

Item 21: What Is a Privilege?

Item 22: How to Use a Privilege.

Item 23: How to Grant or Revoke Privileges via Security Policy.

Item 24: What Are WindowsIdentity and WindowsPrincipal?

Item 25: How to Create a WindowsPrincipal Given a Token.

Item 26: How to Get a Token for a User.

Item 27: What Is a Daemon?

Item 28: How to Choose an Identity for a Daemon.

Item 29: How to Display a User Interface from a Daemon.

Item 30: How to Run a Program as Another User.

Item 31: What Is Impersonation?

Item 32: How to Impersonate a User Given Her Token.

Item 33: What is Thread.CurrentPrincipal?

Item 34: How to Track Client Identity Using Thread.CurrentPrincipal.

Item 35: What Is a Null Session?

Item 36: What Is a Guest Logon?

Item 37: How to Deal with Unauthenticated Clients.

III: ACCESS CONTROL.

Item 38: What Is Role-Based Security?

Item 39: What Is ACL-Based Security?

Item 40: What Is Discretionary Access Control?

Item 41: What Is Ownership?

Item 42: What Is a Security Descriptor?

Item 43: What Is an Access Control List?

Item 44: What Is a Permission?

Item 45: What Is ACL Inheritance?

Item 46: How to Take Ownership of an Object.

Item 47: How to Program ACLs.

Item 48: How to Persist a Security Descriptor.

Item 49: What Is Authorization Manager?

IV: COM(+) AND ENTERPRISESERVICES.

Item 50: What Is the COM(+) Authentication Level?

Item 51: What Is the COM(+) Impersonation Level?

Item 52: What Is CoInitializeSecurity?

Item 53: How to Configure Security for a COM(+) Client.

Item 54: How to Configure the Authentication and Impersonation Levels for a COM+ Application.

Item 55: How to Configure the Authentication and Impersonation Level for an ASP.NET Application.

Item 56: How to Implement Role-Based Security for an Enterprise Services Application.

Item 57: How to Configure Process Identity for a COM(+) Server Application.

V: NETWORK SECURITY.

Item 58: What Is CIA?

Item 59: What Is Kerberos?

Item 60: What Is a Service Principal Name (SPN)?

Item 61: How to Use Service Principal Names.

Item 62: What Is Delegation?

Item 63: What Is Protocol Transition?

Item 64: How to Configure Delegation via Security Policy.

Item 65: What Is SSPI?

Item 66: How to Add CIA to a Socket-Based App Using SSPI.

Item 67: How to Add CIA to .NET Remoting.

Item 68: What Is IPSEC?

Item 69: How to Use IPSEC to Protect Your Network.

VI: MISCELLANEOUS.

Item 70: How to Store Secrets on a Machine.

Item 71: How to Prompt for a Password.

Item 72: How to Programmatically Lock the Console.

Item 73: How to Programmatically Log Off or Reboot the Machine.

Item 74: What Is Group Policy?

Item 75: How to Deploy Software Securely via Group Policy.

Bibliography.

Index.