short, Short, SHORT coverage of security

Hi;

When we ship our portal to customers, we will have a "suggested" Web.Config for their use but I am guessing most will need to tweak it. My concern is that most people administering this will not invest hours to get up to speed on security. Yes they should - but they won't. Nor will they hire someone who knows this.

Is there something that will give a sys-admin type what they need to know for settings (ASP.NET users/roles, ActiveDirectory, and/or integrated) they might want to make that can be read in 5 minutes, 10 at most. I figure that's the longest it can be and they will still read it.

thanks - dave

ps - I figure better to be realistic and get them to understand the basics than to insist that the minimum is a couple of hours or more and have them then read nothing.


Design reports in Word or Excel - www.windwardreports.com
0
david (15)
3/6/2006 12:29:37 AM
asp.net.security 27051 articles. 0 followers. Follow

3 Replies
210 Views

Similar Articles

[PageSpeed] 22

Hi David,

I'd recommend checking out this post: http://weblogs.asp.net/scottgu/archive/2006/02/24/438953.aspx

It provides a number of linkis to some good material I think you could use.

Hope this helps,

Scott

0
ScottGu
3/6/2006 9:56:39 AM

Hi;

That's what I'm reading and it's great for someone like me that must understand this stuff well and will put in the time to learn it. But what hit me yesterday while reading some of it is when we ship to a company that has one person who is their "tech guy" - he/she is not going to read through that. Maybe a few will but most won't.

Thats why I was hoping there was s short cheat sheet for people like that. If not, we're going to have to write something for them.

thanks - dave


Design reports in Word or Excel - www.windwardreports.com
0
david
3/6/2006 2:19:08 PM

Hi David,

I believe there a few articles lower in the list on MSDN and the PAG site that have some administrator checklists that admins can go through to secure and manage the server.  That is probably the best place to start -- although I suspect you might need to edit and put together your own paper a little.

Hope this helps,

Scott

0
ScottGu
3/7/2006 11:25:44 PM
Reply:

Similar Artilces:

Security of short URLs?
Name: Shannon Jacobs Email: shanen0atyahoodotcom Product: Firefox Summary: Security of short URLs? Comments: The different short URL systems have different preview mechanisms. Would it be possible to provide a unified security mechanism for Firefox? Either within the browser as a feature or as a plug-in? Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729) From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one y...

short
Name: midori Email: midori_1912atyahoodotcom Product: Minefield Summary: short Comments: asdfghjkl Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061218 Minefield/3.0a1 From URL: http://www.mozilla.org/projects/minefield/ ...

Short
I am getting really short. Last day here is the 9th. Then off to a new position that is muuuuuch closer to home (13.4 miles versus 1:15 drive+train commute) WOOT Paul W. Paul Wolf scribbled something like: > WOOT In FIGMO mode, eh? > "Paul Wolf" <paul.wolf@dot.gov> wrote in message > news:gjsIj.2155$fC5.739@kovat.provo.novell.com... > > I am getting really short. Improve your posture? -- AZC That put me in mind of the old Steve Martin thing, "Let's Get Small." Andrew Z Carpenter wrote: >>...

short
Name: Donna Canada Email: synbaadatbellsouthdotnet Product: Firefox Summary: short Comments: I am pleased with Firfox except for the fact that your Smiley Central is not compatible with a Macintosh computer. I can use it on firefox mail, but only in that.I hope one day you will make it compatible for a Mac to use in my reg mail server. I used to use safari, but find Firefox is much faster. Thanks for your service. Donna Browser Details: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.0.11) Gecko/2009060214 Firefox/3.0.11 From URL: http://hendrix.mozilla.org/ ...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

in short?
Thank you gentlemen, you came to my rescue, I won't forget that. A friend was able to stop by last night helping me with all this. I showed him the thread I posted here, and he went straight to work in cleaning my system. I had massive illegal ops tho (today/aftermath) - of which I am *sure* is related to AOL......it alllllllways is (I'm running 128 mb ram, i know it's not tons but it's enough ya know?) So I went ahead and formatted, installed ZA, and the Norton....I just finished doing all the updates. And justtttttt for peace of mind, i ran LPS, sat here wonder...

Security issues move Linksys routers off the short list
As more companies adopt a telecommuting-friendly culture, more employees are taking the plunge for cable or DSL-based Internet access. In many cases, their households have more than one Internet user and are installing turnkey connection-sharing appliances. The two companies that most often come to mind for me as providers of these appliances are the recently Cisco-acquired Linksys and the as-of-yet-to-be acquired NetGear. Linksys is apparently having some engineering difficulties that are leaving its customers exposed to potential security problems. http://techupdate.zdnet.com/techu...

(IN)SECURE Magazine from Net-Security (PDF download)
A little more light reading :-) Latest issue, #13: http://www.net-security.org/insecuremag.php (86 pages, with ads [not animated ads] - like a printed magazine) Archives of past issues: http://www.net-security.org/insecure-archive.php ISSUE 13 (September 2007) * Interview with Janne Uusilehto, Head of Nokia Product Security * Social engineering social networking services: a LinkedIn example * The case for automated log management in meeting HIPAA compliance * Risk decision making: whose call is it? * Interview with Zulfikar Ramzan, Senior Principal Re...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...

Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...

Web resources about - short, Short, SHORT coverage of security - asp.net.security

Wikipedia:Press coverage 2001 - Wikipedia, the free encyclopedia
Sun Media syndicated "netelligence" column by Sandy McMurray (printed in the London Free Press , Calgary Sun, and Toronto Sun 2001/08/15, Edmonton ...

Media coverage of climate change - Wikipedia, the free encyclopedia
although a few organisations hold non-committal positions . The way the media report on climate change in the English-speaking media, especially ...

Has ‘The Wall Street Journal’ Gone Overboard With its Facebook IPO Coverage?
We’re just waiting for a Facebook tab to appear on The Wall Street Journal ’s homepage: The newspaper has been covering with great speed and ...

Coverage roundup: Facebook f8 2014
... more ways for users to have control over what information they share. Inside Facebook was on the scene at f8, and here’s a recap of our coverage: ...

KATC.com - Continuous News Coverage - Acadiana-Lafayette, Louisiana
The KATC TV-3 offers an in-depth look at the latest news events, as well as timely updates on local stories of interest and Lafayette area weather. ...

Sports Media 101 - 24/7 Obsessive Sports News Coverage
SportsMedia101.com provides 24/7 Obsessive Sports News Coverage. Real-time sports coverage including the NFL, MLB, NBA, NHL, NCAA Football, NCAA ...

ESPN NHL coverage (@ESPN_NHL) on Twitter
Twitter Registrieren Anmelden Folgen ESPN NHL coverage @ESPN_NHL Verifizierter Account Follow ESPN’s official coverage for the latest news, updates, ...

Waxahachie Daily Light: Waxahachie's News Leader brings you the latest news, sports, and weather coverage ...
Waxahachie's News Leader brings you the latest news, sports, and weather coverage.

Oscars 2015: Complete coverage
Red carpet arrivals, winners, and more.

Payments : What are the best payment processors to integrate with for global payment coverage?
Payments : What are the best payment processors to integrate with for global payment coverage?

Resources last updated: 12/20/2015 2:25:13 AM