Concern
|
Solution
|
Windows/.NET Solution
|
Do we know who you are?
|
Authentication
|
Windows (Kerberos/ NTLM)
ASP.NET Forms-based security
Active Directory
IIS
Passport
|
Do we know you have permission to do what you’re doing?
|
Authorization
|
Windows role-based security
Custom roles in ASP.NET
Code access security
|
Can we get the data to you in a secure manner?
|
Encryption
|
Secure Sockets Layer (SSL)
Certificate Server,
Encryption library in the Framework class library
|
Can we recover from an attack?
|
|
Auditing
IIS logs
SQL Server logs and backups
NT application logs
traceability
E2E instrumentation (future)
|
Will this security infrastructure be manageable as we grow?
|
Integrated security as opposed to a silo-based approach
|
Security Policy Groups
NT application logs
Windows integrated security
Impersonation
Active Directory
others.
|
|
|
|
No comments:
Post a Comment