Product Description

Windows 2000 and NT offer programmers powerful security tools that few developers use to the fullest -- and many are completely unaware of. In Programming Windows Security, a top Windows security expert shows exactly how to apply them in enterprise applications. Keith Brown starts with a complete roadmap to the Windows 2000 security architecture, describing every component and how they all fit together. He reviews the "actors" in a secure system, including principals, authorities, authentication, domains, and the local security authority; and the role of trust in secure Windows 2000 applications. Developers will understand the security implications of the broader Windows 2000 environment, including logon sessions, tokens, and window stations. Next, Brown introduces Windows 2000 authorization and access control, including groups, aliases, roles, privileges, security descriptors, DACLs and SACLs - showing how to choose the best access strategy for any application. In Part II, he walks developers through using each of Windows 2000's security tools, presenting techniques for building more secure setup programs, using privileges at runtime, working with window stations and user profiles, and using Windows 2000's dramatically changed ACLs. Finally, Brown provides techniques and sample code for network authentication, working with the file system redirector, using RPC security, and making the most of COM/COM+ security.

---

Product Details

• Amazon Sales Rank: #900531 in Books
• Published on: 2000-07-18
• Original language: English
• Number of items: 1
• Binding: Paperback
• 608 pages

From the Back Cover

"Keith Brown lucidly explains the Win32 security architecture and how it pervades Windows NT and Windows 2000. He demystifies authentication, authorization, auditing, COM+ security, logon sessions, and much more."
--George V. Reilly, IIS Performance Lead, Microsoft

Windows security has often been considered a dry and unapproachable topic. For years, the main examples of programming security were simply exercises in ACL manipulation. Programming Windows Security is a revelation providing developers with insight into the way Windows security really works. This book shows developers the essentials of security in Windows 2000, including coverage of Kerberos, SSL, job objects, the new ACL model, COM+ and IIS 5.0. Also included are highlights of the differences between security in Windows 2000 and in Windows NT 4.0.

Programming Windows Security is written by an experienced developer specifically for use by other developers. It focuses on the issues of most concern to developers today: the design and implementation of secure distributed systems using the networking infrastructure provided by Windows, the file server, the web server, RPC servers, and COM(+) servers.

Topics covered include:

• COM(+) security, from the ground up
• IIS security
• How the file system redirector works and why developers should care
• The RPC security model
• Kerberos, NTLM, and SSL authentication protocols and SSPI
• Services and the Trusted Computing Base (TCB)
• Logon sessions and tokens
• Window stations, desktops, and user profiles
• The Windows 2000 ACL model, including the new model of inheritance
• Using private security descriptors to secure objects
• Accounts, groups, aliases, privileges, and passwords
• Comparison of three strategies for performing access control--impersonation, role-centric, and object-centric--and their impact on the design of a distributed application

Programming Windows Security provides the most comprehensive coverage of COM(+) security available in one place, culled from the author's extensive experience in diagnosing COM security problems in the lab and via correspondence on the DCOM mailing list.

0201604426B04062001

About the Author

Keith Brown focuses on application security at Pluralsight, which he cofounded with several other .NET experts to foster a community, develop content, and provide premier training. Keith regularly speaks at conferences, including TechEd and WinDev, and serves as a contributing editor and columnist to MSDN Magazine.

---

Customer Reviews

This book is professionally written, easy to read
Keith Brown shows what an interesting and exciting subject the security is, after reading this book you'll want to read more about it. Just read several pages describing the RPC security, and you'll see that COM and COM+ security is not scary anymore ! Don't miss this book.

Keith Brown is the security guru
Having seen Keith answer obscure security questions on the DCOM mailing lists for many years, I know that he knows his stuff. Having read the book I can confirm that he can also write lucidly about it.

I have no hesitation in recommending this book.

A wonderfully lucid explanation of a difficult topic
This is a superbly well written explanation of what is probably the least well understood corner of the Windows platform. From a straightforward introduction of the abstract concepts used to construct the security architecture, Keith Brown progresses to an explanation of the detailed mechanics, and finally to their implications in distributed COM+ and Web applications. Throughout, the style is intelligent without being dry or impersonal. Fantastic value!