Download presentation
Presentation is loading. Please wait.
Published byMagdalen Oliver Modified over 9 years ago
1
Understanding Security Lesson 6
2
Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the System Security namespace (5.1) Understanding Authentication and Authorization Understand authentication and authorization (5.2) Understanding CryptographyUnderstand the System Security namespace (5.1) Understanding Code Access Security Understand authentication and authorization (5.2)
3
Authentication Authentication refers to the process of obtaining credentials from a user and verifying his or her identity. The process of authentication validates the user’s credentials against some authority. When using Windows authentication the WindowsPrincipal object represents the security context and WindowsIdentity object has authentication information for a user.
4
Using Windows Authentication
5
Authorization Authorization is the process of determining whether an authenticated identity is allowed to perform a requested action. Authentication and authorization often work together. Applications will first use authentication to verify the user’s identity and then use the identity information to determine the actions that a user is authorized to perform.
6
The WindowsPrincipal.IsInRole Method The IsInRole method of the WindowsPrincipal object can be used to determine whether the current user is in a specific windows group.
7
Cryptography Cryptography helps protects data by: Encrypting the data so that it cannot be viewed by unauthorized users Detecting whether the data has been modified. Establishing the identity of the sender so you can trust that a message is actually coming from the claimed sender.
8
Encryption and Decryption One of the major goals of cryptography is to protect data by encrypting it. Encrypted data can be decrypted only by someone with a key. The.NET Framework provides two types of encryption algorithms: Secret-key encryption Public-key encryption
9
Secret-Key Encryption The sender encrypts the message before sending it across and the receiver uses the same key to decrypt the message. Also known as symmetric encryption because the same key is used for both encryption and decryption. The secret key must be protected from unauthorized use.
10
Secret-Key Algorithms The.NET Framework’s classes for secret key encryption and decryption: AesManaged DESCryptoServiceProvider HMACSHA1 RC2CryptoServiceProvider RijndaelManaged TripleDESCryptoServiceProvider AesManaged and RijndaelManaged provide the highest-level of encryption.
11
Public-Key Encryption Public-key encryption protects data by using a set of two cryptographically paired keys. One key is called a private key and it is known only to its owner. The other key is called a public key and as the name suggests, it can be made public to anyone. The private key can also be used for digital signatures.
12
Public-Key Algorithms The.NET Framework provides the following classes to implement the public-key encryption algorithms: DSACryptoServiceProvider RSACryptoServiceProvider ECDiffieHellmanCng ECDsaCng
13
Code Access Security Code access security (CAS) defines what the code running on a computer system is allowed to do. CAS enforces that the code originating from unknown or untrusted source runs with added protection. CAS helps reduce the chances that your code is misused by malicious code to perform unintended operations.
14
.NET Framework 4.0 Security Transparency Transparency is a security enforcement mechanism that separates code that can do privileged things (critical code), such as calling native code, and code that cannot (transparent code). Transparent code can execute commands within the bounds of the permission set it is operating in, but cannot execute, derive from, or contain critical code.
15
Transparency Level-2 Categories
16
Managing Permissions Permissions refer to the actions that a code is allowed to or not allowed to perform. Permission sets are a predefined collection of permissions that are applied together. The System.Security.Permissions namespace defines the classes that specify the permissions you can apply to an assembly declaratively or programmatically.
17
Access Control Access control refers to security features that control who can access resources such as files or directories in the operating system. Applications call access control functions to check or set who can access specific resources. There are two parts to the acess control model: access tokens and security descriptors.
18
Access Tokens and Security Descriptors An access token contains security identifiers that identify the user’s account. The system uses this information to identify the user when a process perform a task that requires secure privileges. A security descriptor identifies the object’s owner and the object’s access control list (ACL). The ACL contain information about the users allowed or denied access to the object.
19
Hands-On Use Authentication – Page 128 Use Authorization – Page 129 Use PrincipalPermission class to implement Authorization – Page 130 Use Secret Key Encryption – Page 132 Use Public Key Encryption – Page 135 Explore Code Access Security Settings Page 137 Manage Permissions for Partially Trusted Code – Page 140 Antoine.Victor@ProDataMan.com www.ProDataMan.com www.FaceBook.com/ProDataMan www.YouTube.com/ProDataManTrains http://www.linkedin.com/in/antoinevictor/
20
Antoine's Contact Info Antoine.Victor@ProDataMan.com www.ProDataMan.com www.FaceBook.com/ProDataMan www.YouTube.com/ProDataManTrains http://www.linkedin.com/in/antoinevictor/
21
Recap Authentication Authorization Cryptography Encryption and Decryption Secret-Key Encryption Public-Key Encryption Code Access Security Permissions Access Control
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.