Community Server

Knowledge Management and Collaboration Platform
Welcome to Community Server Sign in | Join | Help
in Search

Browse by Tags

All Tags » Security
Showing page 2 of 2 (20 total posts)
  • IIS and Kerberos. Part 4 - A simple delegation scenario

    Delegation is a feature of Kerberos authentication that allows a server to obtain a Kerberos ticket on behalf of an end user without ever having access to the end user's password. This functionality allows Kerberos to solve typical "double-hop" authentication problems where a user's credentials need to flow through multiple ...
    Posted to Ken Schaefer (Weblog) by Ken on January 28, 2007
  • IIS and Kerberos. Part 3 - A simple scenario

    In Part 3 of this series we look at setting up Kerberos Authentication in the simplest possible scenario. If you missed Parts 1 (What is Kerberos and how does it work) and 2 (Service Principal Names) they may be worth reading first. In this scenario, we have a client, a DC and a single IIS server. As we progress through the series, we will ...
    Posted to Ken Schaefer (Weblog) by Ken on January 16, 2007
  • IIS and Kerberos. Part 2 - Service Principal Names

    Apologies for the delay in posting Part 2 - I've been on holidays so it's been a bit hard finding the time to write these posts. In this part we cover Service Principal Names (SPNs).  In a previous post we covered the basics of Kerberos authentication. Everything is relatively straitforward, however I didn't cover the one ...
    Posted to Ken Schaefer (Weblog) by Ken on November 19, 2006
  • IIS and Kerberos. Part 1 - What is Kerberos and how does it work?

    Edit: I've created a list of all the parts in this series here, which will be updated as I add more parts.  Configuring Kerberos and Delegation is one of the more common problems I see in the communities and even within Avanade. Since Kerberos isn't a simple topic, I'm going to write a quick series explaining how Kerberos works, ...
    Posted to Ken Schaefer (Weblog) by Ken on October 20, 2006
  • Why Vista? Mandatory Integrity Control (MIC) (Security, Stability, System Integrity)

    A little discussed feature in Windows Vista is Mandatory Integrity Control (MIC). Unlike DACL (Discretionary Access Control Lists), MIC is designed to protect your operating system based on the trustworthiness of the code being run. High integrity files (e.g. system operating files) are protected from accidental damage by users, and user data is ...
    Posted to Ken Schaefer (Weblog) by Ken on August 18, 2006
  • On Identity and Authorization

    Well it seems Mitch is talking about user-centric identity again. :-) I'd like to say that users should be in control of their identity. And identity exchange systems that make it easier, better and more secure for users to interact with computer systems, both internal to their companies, and externally, are a good thing. However I think Mitch ...
    Posted to Ken Schaefer (Weblog) by Ken on August 8, 2006
  • Why Vista? Changes to services part 2 (Security, Stability, System Integrity)

    What else has changed with services in Vista? The user contexts that services run under has changed dramatically in Windows Vista. Instead of running as LocalSystem, many services now run as lower privileged Network Service or Local Service for most of the time. The following chart compares Windows XP SP2 to the planned release of Vista: But ...
    Posted to Ken Schaefer (Weblog) by Ken on August 5, 2006
  • ISA Server 2006 Released

    Microsoft ISA Server 2006 has been released. Internally within Avanade we have been using ISA Server 2006 (aka Wolverine) for around six months to publish our internal Early Adopter environment (Exchange 2007, Sharepoint 2007 etc) where we test Microsoft products. Avanade was the first TAP partner to deploy Exchange 2007 into production.
    Posted to Ken Schaefer (Weblog) by Ken on August 2, 2006
  • Why Vista? Changes to services part 1 (Security, Stability, System Integrity)

    Welcome to part 1 of a "Why Vista" series. Following on from my previous post, I'll hopefully be presenting a post every few days on what good changes are coming in Vista. None of these are features that will appeal to everyone, but the sum total of all of these features will hopefully provide the value proposition to justify an ...
    Posted to Ken Schaefer (Weblog) by Ken on August 1, 2006
  • Two IIS patches this month - what's the risk?

    Microsoft released two IIS-related updates in this month's batch of security patches. The first involves ASP, and the second ASP.NET. Both are listed as Important. What are the actual risks and vulnerability details though? ASP.NET The ASP.NET patch (MS 06-033) deal with a potential Information Disclosure risk. In ASP.NET v2 a special folder ...
    Posted to Ken Schaefer (Weblog) by Ken on July 12, 2006
Powered by Community Server, by Telligent Systems