home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Tricks of the Windows Gam…ming Gurus (2nd Edition)
/
Disc2.iso
/
msdn_vcb
/
samples
/
vc98
/
sdk
/
winbase
/
security
/
winnt
/
check_sd
/
xtra_nfo.txt
< prev
Wrap
Text File
|
1996-04-19
|
2KB
|
59 lines
Extra Information
Here is some extra information on common security issues.
Getting started with security as a developer
--------------------------------------------
Among the first places to look would be:
- "Inside Windows NT", by Helen Custer, from MS Press, 1993, ISBN
1-55615-481-X. See pages 72-81.
- "Windows NT - Answer Book", by Groves, from MS Press, 1993,
ISBN 1-55615-562-X. See pages 44-141 and 187-190. Much of
this information is actually more tuned towards
administrators and end-users, however developers may also
find this information useful.
- The Windows NT Resource Guide.
- The two-article "Inside Windows NT Security" series by Rob
Reichel that appeared in Windows/DOS Developer's Journal.
The first of the series appeared in the April 1993 issue
beginning on page 6, the second appeared in the May 1993
issue, pages 44-50.
- The Win32 Programmer's Reference. Click on Overviews,
choose Security, click the Security overview. The first
nine subtopics ("Terms" through "SIDs") need to be
understood before moving on. In particular see the diagram
in the "Security Model" subtopic, that shows the
relationship between Access Token and ACL. Pages 84-92 of
the Windows NT Resource Guide chapter 3 have examples
showing how this relationship works.
- This sample, CHECK_SD, is also useful in understanding
Access Tokens and ACLs. It shows what some actual examples
of the data structures on your machine look like, how the
different defines for building up Access Mask values may
have been used, etc.
Information on C2 security
--------------------------
In the Windows NT Resource Guide is a summary of the C2 criteria. This is a
good place to start understanding the C2 criteria, as is "Inside Windows NT",
by Helen Custer, from MS Press, 1993, ISBN 1-55615-481-X. See pages
3-4, 74-76, 196, 330 and 370.
If more info is needed, the Government Printing Office (202) 783-3238 provides
copies of the Orange Book, GPO Stock Number 008-000-00461-7 at nominal charges.
Another reference is the book "Computer Security Basics", by Russel and
Gangemi, from O'Reilly & Assoc, 1992, ISBN 0-937175-71-4. This book has a
59 page chapter 6 (called "Inside the Orange Book") along with other
information that may be useful to those working their way through each of the
121 pages in the Orange Book.