![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to xtra_nfo.txt CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [WindowsNT SDKs] / q_a / samples / check_sd|
Return to xtra_nfo.txt CVS log | Up to [WindowsNT SDKs] / q_a / samples / check_sd |
1.1 ! root 1: "Extra Information".txt ! 2: ! 3: Here is some extra information on security. Although these issues ! 4: have come up in the past in discussion with developers of Win32 ! 5: apps, this isn't really a FAQ (Frequently Asked Questions) list, ! 6: in that some of the issues below haven't come up that often. ! 7: It's just extra information made available to you on this CD ! 8: ! 9: From time to time when we answer questions that pertain to any of ! 10: the issues below, we may refer to particular ranges of line ! 11: numbers in this file as part of the discussion. We may also ! 12: upload to a Compuserve library (for example GO MSWIN32) updated ! 13: versions of this file that would contain additional and/or more ! 14: recent extra information ! 15: ! 16: --- Getting started with security as a developer ! 17: ! 18: Among the first places to look would be: ! 19: ! 20: - "Inside Windows NT", by Custer, from MS Press, 1993, ISBN ! 21: 1-55615-481-X. See pages 72-81 ! 22: ! 23: - "Windows NT - Answer Book", by Groves, from MS Press, 1993, ! 24: ISBN 1-55615-562-X. See pages 44-141 and 187-190. Much of ! 25: this information is actually more tuned towards ! 26: administrators and end-users, however developers may also ! 27: find this information useful ! 28: ! 29: - The Windows NT Resource Guide (see on this CD the ! 30: \doc\enduser\resource directory), chapter 3, which is pages ! 31: 51-92 ! 32: ! 33: - The two-article "Inside Windows NT Security" series by Rob ! 34: Reichel that appeared in Windows/DOS Developer's Journal. ! 35: The first of the series appeared in the April 1993 issue ! 36: beginning on page 6, the second appeared in the May 1993 ! 37: issue, pages 44-50 ! 38: ! 39: - The Win32 .hlp file. Click on "Functions and Overviews", ! 40: choose Security, click the "Overview" button. The first ! 41: nine subtopics ("Terms" through "SIDs") need to be ! 42: understood before moving on. In particular see the diagram ! 43: in the "Security Model" subtopic, that shows the ! 44: relationship between Access Token and ACL. Pages 84-92 of ! 45: the Windows NT Resource Guide chapter 3 have examples ! 46: showing how this relationship works ! 47: ! 48: - This sample, check_sd, is also useful in understanding ! 49: Access Tokens and ACLs. It shows what some actual examples ! 50: of the data structures on your machine look like, how the ! 51: different defines for building up Access Mask values may ! 52: have been used, etc ! 53: ! 54: --- Information on C2 security ! 55: ! 56: In the Windows NT Resource Guide (see on this CD the ! 57: \doc\enduser\resource directory) on pages 52-54 is a summary ! 58: of the C2 criteria. This is a good place to start ! 59: understanding the C2 criteria, as is "Inside Windows NT", by ! 60: Custer, from MS Press, 1993, ISBN 1-55615-481-X. See pages ! 61: 3-4, 74-76, 196, 330 and 370 ! 62: ! 63: If more info is needed, the Government Printing Office ! 64: (202)783-3238 provides copies of the Orange Book, GPO Stock ! 65: Number 008-000-00461-7 at nominal charges. Another reference ! 66: is the book "Computer Security Basics", by Russel and Gangemi, ! 67: from O'Reilly & Assoc, 1992, ISBN 0-937175-71-4. This book ! 68: has a 59 page chapter 6 (called "Inside the Orange Book") ! 69: along with other information that may be useful to those ! 70: working their way through each of the 121 pages in the Orange ! 71: Book
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.