Key concepts in this chapter are:
Locking down a Windows client
Locking down a Windows server
Locking down Internet Information Services
Locking down .NET
Now that you’re writing hack-resistant code and using encryption, role-based security, and other secure features, let’s turn our attention to the platform on which your applications are installed. This chapter discusses how to make sure Microsoft Windows, Internet Information Services (IIS), and .NET are secured. In security terms, this is known as locking down the platform. Locking down Windows, IIS, and .NET means restricting access to the services your application uses and making configuration changes to turn off services that are not used. The reason you have to lock down the platform is because the platform is capable of being secure, but the default installation is not secure.
In the early 1990s, locking down the platform was simple because Windows didn’t do much beyond providing common printer drivers, a flat memory model, and a graphical solitaire game. Ten years later, Windows has evolved to do a lot more, including hosting Internet applications; providing dynamic indexing; managing domains, file serving, and print serving; and much more. Curiously, it still ships with the same solitaire game, which remains a favorite activity with bored office workers. Since the launch of Windows 95, with each release, the platform has become more and more connected. For example, Windows XP can host Web sites, act as a file transfer protocol (FTP) server, and use the Internet to order photograph prints, download updates, and synchronize the computer’s clock. This increased functionality also opens the possibility for intruders to attack using these features. A big part of locking down Windows is turning off unnecessary features, reducing the ways people can attack the system. As mentioned in earlier chapters, this is known as reducing the attack surface.
Locking down Windows, IIS, and .NET is like protecting a king inside a castle in medieval times. Let’s suppose the king is protected by royal guards inside a castle that is surrounded by a moat. The moat separates the castle from surrounding land and encourages people to use the front gate to enter the castle. In computer security terms, the moat is similar to using a firewall, which turns off unneeded services and protects the computer’s disk and network to ensure that only people who get through the front gate can access the system’s resources. The front gate is similar to the computer’s password system—only people who are properly authenticated can get inside. After entering the castle, castle security (guards and locked doors) ensures that you can venture only where you are permitted to go; this is similar to role-based security within an application and code-access security in .NET. The king himself, in our fantasy castle, is protected by royal guards. In computer security terms, the king represents what intruders are ultimately after—data in a database, or a process that performs some action. The royal guards are the innermost protection for the king—hand picked, fiercely loyal, and schooled in every martial art known to man. These guards are similar to a Windows-enforced access control list (ACL), which ensures only people who were authenticated at the front gate and who are authorized to see the king get the royal treatment.
Writing secure code is only part of a secure application. A solid authentication system is the castle gate. Role-based and code-access security give you a fine castle security unit. Locking down Windows, IIS, and .NET gives you the final two pieces—a deep moat, and fiercely loyal royal guards. When all these safeguards are working together, the system becomes very hard to penetrate because there is no single point of failure. For example, if an intruder gets through the firewall and bypasses the authentication system, he still won’t be able to access the database because he hasn’t been authenticated. Of course, we don’t want intruders to get through even the first layer of security; the objective is to keep them outside the moat.