The NSA has published a massive 298 page unclassified document on .NET 2.0 security. From the introduction:
"The purpose of this document is to inform administrators responsible for systems and
network security about the configurable security features available in the .NET Framework.
To place some of the configuration options in context, a brief introduction to the .NET
Framework security model and its components is provided. For further information about
security in the .NET Framework, many resources are available; for example, see [Microsoft,
MSDN], [Microsoft, .NET Framework], [LaMacchia, et al., 2002], or [Watkins and Lange,
2002].
The security features of the .NET Framework are highly extensible and configurable. While
this document describes some of the default settings, it cannot address all possible
circumstances or scenarios administrators may experience. This guide is intended to assist
the administrator in exercising discriminating judgment in the configuration of the .NET
Framework in response to variations in organizational security policies and operational
environments.
This guide does not address Microsoft Windows operating system security issues that are not
specifically related to the .NET Framework."
Read More: http://www.nsa.gov/ia/_files/app/I731-008R-2006.pdf
In this context, I want you to also have a look at this SANS whitepaper I mentioned last week:
- .NET Framework Rootkits: Backdoors inside your Framework by Erez Metula from Category: Windows .NET
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
2 comments:
I was looking to do a post on the exact pair of articles you refer to here!
Haha.
Nice work :D
The link doesn't work anymore, because the file has been moved here.
Post a Comment