Module 6: Securing File System Data

This module provides students with an explanation of how to manage user inputin a secure way. The methods for checking user input, and a discussion of theconsequences of not performing those checks, are the focus of this module.After completing this module, students will be able to secure their Webapplications by validating user input.
Nội dung trích xuất từ tài liệu:
Module 6: Securing File System Data Module 6: Securing File System DataContentsOverview 1Lesson: Overview of Securing Files 2Lesson: Windows Access Control 6Lesson: Creating ACLs Programmatically 19Lesson: Protecting ASP.NET WebApplication Files 27Review 38Lab 6: Securing Files with ACLs 39Information in this document, including URL and other Internet Web site references, is subject tochange without notice. Unless otherwise noted, the example companies, organizations, products,domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,and no association with any real company, organization, product, domain name, e-mail address,logo, person, place or event is intended or should be inferred. Complying with all applicablecopyright laws is the responsibility of the user. Without limiting the rights under copyright, nopart of this document may be reproduced, stored in or introduced into a retrieval system, ortransmitted in any form or by any means (electronic, mechanical, photocopying, recording, orotherwise), or for any purpose, without the express written permission of Microsoft Corporation.Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectualproperty rights covering subject matter in this document. Except as expressly provided in anywritten license agreement from Microsoft, the furnishing of this document does not give you anylicense to these patents, trademarks, copyrights, or other intellectual property. 2001 Microsoft Corporation. All rights reserved.Microsoft, MS-DOS, Windows, Windows NT, ActiveX, Active Directory, Authenticode, Hotmail,JScript, Microsoft Press, MSDN, PowerPoint, Visual Basic, Visual C++, Visual Studio, andWindows Media are either registered trademarks or trademarks of Microsoft Corporation in theUnited States and/or other countries.The names of actual companies and products mentioned herein may be the trademarks of theirrespective owners. Module 6: Securing File System Data iiiInstructor NotesPresentation: This module provides students with an explanation of how to manage user input90 minutes in a secure way. The methods for checking user input, and a discussion of the consequences of not performing those checks, are the focus of this module.Lab: After completing this module, students will be able to secure their Web30 minutes applications by validating user input. After completing this module, students will be able to: ! Identify the reasons for securing the Web application implementation files. ! Describe how Microsoft® Windows® access control mechanisms are used to protect file system data. ! Set ACLs on files and folders by using a script. ! Use Microsoft ASP.NET Web.config files to restrict access to files in an ASP.NET Web application.Required materials To teach this module, you need the following materials: ! Microsoft® PowerPoint® file 2300A_06.ppt ! HTML and Flash animation files: 2300A_06_A05_1664.htm, 2300A_06_A05_1664.swfPreparation tasks To prepare for this module: ! Read all of the materials for this module. ! Complete the lab. ! Practice the steps for the demonstrations. ! Read Chapter 3, “Windows 2000 Security Overview,” in Designing Secure Web-Based Applications for Microsoft Windows 2000 by Michael Howard (Redmond, Microsoft Press®), 2000. ! Read the article, “Access Control Model,” which is available at http://www.microsoft.com/windows2000/techinfo/reskit/en/distrib/ dsce_ctl_mfxc.htm. ! Read the Microsoft MSDN® article, “HOWTO: Control Access to a Windows NT, Windows 2000, and Windows XP Service,” which is available at http://support.microsoft.com/directory/ article.asp?ID=KB;EN-US;Q180116&. ! Read the MSDN article, “Setting User Security,” which is available at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ wmisdk/us_sec_8ozd.asp. ! Read the TechNet article, “Default Access Control Settings in Windows 2000,” which is available at http://www.microsoft.com/technet/treeview/ default.asp?url=/TechNet/prodtechnol/windows2000serv/maintain/security/ secdefs.asp. ! Read the TechNet article, “Working with Access Control Lists,” which is available at http://www.microsoft.com/technet/treeview/default.asp?url=/ TechNet/prodtechnol/winxppro/reskit/prdd_sec_jynl.asp.iv Module 6: Securing File System DataHow to Teach This Module This section contains information that will help you to teach this module.Lesson: Overview of Securing Files This section describes the instructional methods for teaching each topic in this lesson.Why Are Web Discuss the weaknesses in a system that lead to attacks on Web applicationApplication implementation files.Imple ...