Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the.

Published byMagdalen Oliver Modified over 8 years ago

Similar presentations

Presentation on theme: "Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the."— Presentation transcript:

1 Understanding Security Lesson 6

2 Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the System Security namespace (5.1) Understanding Authentication and Authorization Understand authentication and authorization (5.2) Understanding CryptographyUnderstand the System Security namespace (5.1) Understanding Code Access Security Understand authentication and authorization (5.2)

3 Authentication Authentication refers to the process of obtaining credentials from a user and verifying his or her identity. The process of authentication validates the user’s credentials against some authority. When using Windows authentication the WindowsPrincipal object represents the security context and WindowsIdentity object has authentication information for a user.

4 Using Windows Authentication

5 Authorization Authorization is the process of determining whether an authenticated identity is allowed to perform a requested action. Authentication and authorization often work together. Applications will first use authentication to verify the user’s identity and then use the identity information to determine the actions that a user is authorized to perform.

6 The WindowsPrincipal.IsInRole Method The IsInRole method of the WindowsPrincipal object can be used to determine whether the current user is in a specific windows group.

7 Cryptography Cryptography helps protects data by: Encrypting the data so that it cannot be viewed by unauthorized users Detecting whether the data has been modified. Establishing the identity of the sender so you can trust that a message is actually coming from the claimed sender.

8 Encryption and Decryption One of the major goals of cryptography is to protect data by encrypting it. Encrypted data can be decrypted only by someone with a key. The.NET Framework provides two types of encryption algorithms: Secret-key encryption Public-key encryption

9 Secret-Key Encryption The sender encrypts the message before sending it across and the receiver uses the same key to decrypt the message. Also known as symmetric encryption because the same key is used for both encryption and decryption. The secret key must be protected from unauthorized use.

10 Secret-Key Algorithms The.NET Framework’s classes for secret key encryption and decryption: AesManaged DESCryptoServiceProvider HMACSHA1 RC2CryptoServiceProvider RijndaelManaged TripleDESCryptoServiceProvider AesManaged and RijndaelManaged provide the highest-level of encryption.

11 Public-Key Encryption Public-key encryption protects data by using a set of two cryptographically paired keys. One key is called a private key and it is known only to its owner. The other key is called a public key and as the name suggests, it can be made public to anyone. The private key can also be used for digital signatures.

12 Public-Key Algorithms The.NET Framework provides the following classes to implement the public-key encryption algorithms: DSACryptoServiceProvider RSACryptoServiceProvider ECDiffieHellmanCng ECDsaCng

13 Code Access Security Code access security (CAS) defines what the code running on a computer system is allowed to do. CAS enforces that the code originating from unknown or untrusted source runs with added protection. CAS helps reduce the chances that your code is misused by malicious code to perform unintended operations.

14 .NET Framework 4.0 Security Transparency Transparency is a security enforcement mechanism that separates code that can do privileged things (critical code), such as calling native code, and code that cannot (transparent code). Transparent code can execute commands within the bounds of the permission set it is operating in, but cannot execute, derive from, or contain critical code.

15 Transparency Level-2 Categories

16 Managing Permissions Permissions refer to the actions that a code is allowed to or not allowed to perform. Permission sets are a predefined collection of permissions that are applied together. The System.Security.Permissions namespace defines the classes that specify the permissions you can apply to an assembly declaratively or programmatically.

17 Access Control Access control refers to security features that control who can access resources such as files or directories in the operating system. Applications call access control functions to check or set who can access specific resources. There are two parts to the acess control model: access tokens and security descriptors.

18 Access Tokens and Security Descriptors An access token contains security identifiers that identify the user’s account. The system uses this information to identify the user when a process perform a task that requires secure privileges. A security descriptor identifies the object’s owner and the object’s access control list (ACL). The ACL contain information about the users allowed or denied access to the object.

19 Hands-On Use Authentication – Page 128 Use Authorization – Page 129 Use PrincipalPermission class to implement Authorization – Page 130 Use Secret Key Encryption – Page 132 Use Public Key Encryption – Page 135 Explore Code Access Security Settings Page 137 Manage Permissions for Partially Trusted Code – Page 140 Antoine.Victor@ProDataMan.com www.ProDataMan.com www.FaceBook.com/ProDataMan www.YouTube.com/ProDataManTrains http://www.linkedin.com/in/antoinevictor/

20 Antoine's Contact Info Antoine.Victor@ProDataMan.com www.ProDataMan.com www.FaceBook.com/ProDataMan www.YouTube.com/ProDataManTrains http://www.linkedin.com/in/antoinevictor/

21 Recap Authentication Authorization Cryptography Encryption and Decryption Secret-Key Encryption Public-Key Encryption Code Access Security Permissions Access Control

Download ppt "Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the."

Similar presentations

Computer Technology Timpview High School. A collection of local, regional, national, and international computer networks that are linked together to exchange.

Computer Technology Timpview High School. A collection of local, regional, national, and international computer networks that are linked together to exchange.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
.NET Framework Application Security Overview

.NET Framework Application Security Overview
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Core Web Service Security Patterns

Core Web Service Security Patterns
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.

1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.

August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.
Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Security Management.

Security Management.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Similar presentations

Ads by Google