Professional Documents
Culture Documents
WindowsIdentity class
Represents a windows user account. Provides access to user name, authentication type and account token. Does not allow authentication windows has already done this, it simply stores the result of the authentication (including user name and authentication token). Call one of following methods to create instance:
GetAnonymous represents anonymous, unauthenticated user. Use this method to impersonate anonymous user to ensure code operates without credentials.
GetCurrent represents current windows users. Impersonate represents a specified user on a system. Properties provide information about user, e.g.
IsAnonymous- true if anonymous IsAuthenticated true if authenticated IsGuest true if guest IsSystem true if user is part of system Name represents authentication domain and user name in format DOMAIN\Username. If account in local user database, then DOMAIN is the machine name. Token integer representing user authentication token - assigned by computer that authenticated the user. Examination of object is useful if for example sections of code displays information that should only be available to authenticated users.
WindowsPrincipal class
Provides access to the groups a user belongs to. Created by instance of WindowsIdentity class, e.g. WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent(); WindowsPincipal currentPrincipal = new WindowsPrincipal(currentIdentity); Alternatively, can extract WindowsPrincipal from current thread, e.g.: AppDomain.CurrentDomain.SetPrincipal(PrincipalPolicy.Window
Use subject to our Terms and Conditions Written By Ross Fruen
sPrincipal); WindowsPrincipal currentPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal; To query for built in groups pass to the WindowsPrincipal.IsInRole method a member of the System.Security.Principal.WindowsBuiltInRole class (each member of this class representing a built in group). To query for custom groups, pass a string value (in format DOMAIN\Group Name) to the overloaded IsInRole method.
PrincipalPermission Class
Enables you to check active principal for both declarative and imperative security actions. Used to declaratively demand that users running code have been authenticated or belong to specified role. By passing identity info (user name or role) to constructor the class can be used to demand that identity of actual principal match this information. Can set any combination of three properties:
Name string that must match the users name Role string that must match one of principals role Demand method verifies active principal meets requirements specified in properties.
static void AdministratorsOnlyMethod()... Can use multiple declarative demands to enable users who meet any of the demands to execute the code.
PrincipalPermission(PermissionState)
PrincipalPermission(Name, Role) if only require a user name or role then specify null for other PrincipalPermission(Name, Role, Authenticated) // Use Windows security policy System.AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy. WindowsPrincipal); try { // Grant access to members of VS Developers group PrincipalPermission p = new PrincipalPermission(null, System.Environment.MachineName + @\VS Developers, true); p.Demand(); ... } catch (System.Security.SecurityException) { ... }
AuthenticationType describes the authentication mechanism to allow apps to determine whether to trust the authentication, e.g. one app may determine that Passport meets its requirements, whilst for another it does not. If using a custom authentication mechanism then specify a unique AuthenticationType.
IsAuthenticated true if use has been authenticated Name string storing users name Class constructor should define each of objects properties When NOT to implement IIdentity If want to add properties to a windows logon whilst still using the Windows token or other Windows security properties then derive custom identity from WindowsIdentity. Same applies for IPrinicpal and WindowsPrincipal.
AuthenticationException prompt the user for different credentials and retry operation
<Type>Security provide methods for retrieving collection of DACLs or SACLs and adding / removing ACL. Inherit from NativeObjectSecurity.
<Type>AccessRule Set of access rights allowed or denied for a user or group. Inherit from AccessRule (which derives from AuthroiszationRule). <Type>AuditRule Set of access rights to be audited for a user. Inherit from AuditRule (which derives from AuthroiszationRule).
Analyse ACLs
1. Create instance of class deriving from NativeObjectSecurity, e.g. FileSecurity. Call GetAccessRules method to retrieve instance of AuthorizationRulesCollection Iterate collection to analyse individual ACE. RegistrySecurity rs = Registry.LocalMachine.GetAccessControl(); AuthorizationRuleCollection arc = rs.GetAccessRules(true, true, type(NTAccount)); foreach(RegistryAccessRule ar in arc) Console.Writeline(ar.IdentityReference + ar.AccessControlType + ar.RegistryRights);
Configure ACLs
1. Call GetAccessControl method to get instance of class deriving from NativeObjectSecurity, e.g. FileSecurity. 2. Add / remove ACL entries from object. Typically provide user or group name, enumeration describing rights and an AccessControlType indicating whether to grant or deny rights, 3. Call SetAccessControl to apply changes. DirectorySecurity ds = Directory.GetAccessControl(dir);
Use subject to our Terms and Conditions Written By Ross Fruen
RC2 DES
TrippleDES
All derive from SymmetricAlgorithm base class and share following properties:
BlockSize number of bits algorithm processes at a single time (can usually be ignored)l
FeedbackSize determines one aspect of the algorithms encryption technique, but as a developer this can be ignored IV the initialisation vector. Like Key property both parties must specify same value. To avoid overhead of transferring securely it may be good idea to statically define in both parties. The IV is used to obscure the first block of data being encrypted thereby making decryption harder. Key secret key for algorithm. Automatically generated if not specifically defined.
KeySize the runtime will automatically choose the largest key supported by the algorithm. If the recipient does not support this size then use the property to set the highest value supported by both parties. LegalBlockSize the block sizes supported by the algorithm. MinSize and MaxSize indicate the valid range in bits whilst SkipSize indicates the intervals between key sizes. LegalKeySizes the key sizes supported by the algorithm, MinSize and MaxSize indicate the valid range in bits whilst SkipSize indicates the intervals between key sizes. Mode Determines one aspect of algorithm behaviour. Usually left at default of Cipher Block Chaining (CBC). If changed to one of its other enumerated values then the partner must be set to use the same mode. Padding determines how the algorithm fills out any difference between the block size and length of plain text. Don't generally need to change property.
Two classes provided, both deriving from System.Security.Cryptography.AsymmetricAlgorithm. Has following properties (several similar to SymmetricAlgorithm):
KeySize size of secret key. Typically much larger than symmetric keys, e.g. RSA algorithm supports lengths from 384 to 16384 bits. LegalKeySizes a KeySizes array describing the supported key sizes, each entry features a MinSize and MaxSize property setting bounds and a SkipSize specifying intervals between valid key sizes. SignatureAlgorithm URL of XML document describing signature algorithm. The AsymmetricAlgorithm has no useful methods. These are provided by its two implementations:
RSACryptoServiceProvider Managed wrapper around unmanaged RSA implementation. Used for all asymmetric encryption and decryption calls.
DSACryptoServiceProvider Used to digitally sign messages. The RSACryptoServiceProvider class also provides these properties:
PersistKeyInCsp set to true when want to reuse the key without exporting it.
UseMachineKeyStore indicates if the key should be persisted in the computers key store instead of the user profile store. Default constructors populate algorithm with strongest defaults available to runtime environment. The RSACryptoServiceProvider class also provides these methods:
Encrypt - encrypts data ExportParameters exports RASParameters structure defining the key pair. Pass true to method to export both public and private keys, otherwise only public keys are exported.
Use subject to our Terms and Conditions Written By Ross Fruen
FromXmlString imports key pair from xml ImportParameters imports key pair from RASParameters structure SignData computes hash of specified data and stores in byte array SignHash computes signature of specified hash by encrypting it with private key and storing signature in byte array ToXmlString exports key pair to xml VerifyData verifies specified signature data by comparing it with signature computed from specified data VerifyHash- verifies specified signature data by comparing it with signature computed fro specified hash
Need to export public key as without this no one can send encrypted messages to you. Only export private key if need to reuse later, if it is stored then the application must protect the privacy of the private key. To store or transmit the exported key use RSACryptoServiceProvider.ToXmlString(). Like ExportParameters it takes a boolean indicating if private key should be exported.
byte fOAEP when true encryption will use OEAP data padding 0 only supported by XP and later. When false, PKCS#1 v1.5 data padding is used. Both encryption and decryption calls must use same padding. string msg - Hello, world!; RSACryptoServiceProvider myRSA = new RSACryptoServiceProvider(); byte []msgBytes = Encoding.Unicode.GetBytes(msg); byte []encryptedMsg = myRSA.Encrypt(msgBytes, true); byte []decryptedBytes = myRsa.Decrypt(encryptedMsg, true); string msg2 = Encoding.Unicode.GetString(decryptedBytes);
Keys have to be protected against modification otherwise it defeats their value. The framework provides two classes that encrypt the key using a secret key known to both sender and receiver Class HMACSHA1 Description Hash based message authentication code. Used to determine if message sent over insecure channel has been tampered with. Accepts keys of any size and produces hash of 20 bytes Message authentication code using TripleDES. Accepts key length of 8, 16 or 24 bytes. Produces hash of 8 bytes.
MACTripleDES
Signing Files
Digital signature is appended to electronic data to prove it was created by someone possessing a specific private key. The framework provides two classes for generating and verifying signatures DSACryptoServiceProvider and SRACryptoServiceProvider. Both implement following methods:
SignData creates digital signature by first generating hash for file then generating signature based on hash VerifyHash- verifies signature based on hash of file VerifyData verifies signature given entire file contents. Separate methods are provided to generate and verify signatures (unlike hash generation) as the signature is generated by an asymmetric algorithm, i.e. the recipient checking the signature only has access to the senders public key.
Signing and Verifying File
// Create digital signature algorithm object DSACryptoServiceProvider signer = new DSACryptoServiceProvider(); // Store data to be signed in byte array FileStream file = new FileStream(args[0], FileMode,Open, FileAccess.Read); BinaryReader reader = new BinaryReader(file); byte[] data = reader.GetBytes((int)file.Length); // Generate signature byte[] signature = signer.SignData(data); // Export the key string publicKey = signer.ToXmlString(false); ... // Create digital signature algorithm object DSACryptoServiceProvider verifier = new DSACryptoServiceProvider(); // Import public key verifier.FromXmlString(publicKey);
Use subject to our Terms and Conditions Written By Ross Fruen
// Store data to be verified in byte array FileStream file2 = new FileStream(args[0], FileMode,Open, FileAccess.Read); BinaryReader reader2 = new BinaryReader(file2); byte[] data2 = reader2.GetBytes((int)file2.Length); // Verify the signature if (!verifier.VerifyData(data2, signature)) Console.WriteLine(Error); ...
Camera - most cameras like this are used during live conversations. The
camera transmits a picture from one computer to another, or can be used to record a short video. Compact Disc (CD) CDs store information. The CD can then be put into another computer, and the information can be opened and added or used on the second computer. Note: A CD-R or CD-RW can also be used as an OUTPUT device. Keyboard - The keyboard is a way to input letters or numbers into different applications or programs. A keyboard also has special keys that help operate the computer. Mouse - The mouse is used to open and close files, navigate web sites, and click on a lot of commands (to tell the computer what to do) when using different applications. Digital Camera - A digital camera can be used to take pictures. It can be hooked up to a computer to transfer the pictures from the
camera to the computer. Some digital cameras hold a floppy disk, and the floppy disk can be taken out of the camera and put directly into the computer. Drawing Tablet - A drawing tablet is similar to a white board, except you use a special pen to write on it and it's connected to the computer. Then the word or image you draw can be saved on the computer. Microphone - A microphone is used to record sound. The sound is then saved as a sound file on the computer. Scanner - A scanner is used to copy pictures or other things and save them as files on the computer. Disk Drive - A disk drive can hold a CD or a floppy disk. It reads the information on the disk so that the computer can use it. Joystick - A joystick is used to move the cursor from place to place, and to click on various items in programs. A joystick is used mostly for computer Use subject to our Terms and Conditions Written By Ross Fruen
games. Touch Screen - A touch screen is a computer screen or other screen that you can touch with your finger to enter information. Examples of touch screens include a smart board, a microwave, a dishwasher, or an ATM at a bank. Bar Code Scanner A bar code scanner scans a little label that has a bar code on it. The information is then saved on the computer. Bar code scanners are used in libraries a lot.
Monitor - A monitor is the screen on which words, numbers, and graphics can be seem. The monitor is the most common output device. Compact Disk - Some compact disks can be used to put information on. This is called burning information to a CD. Use subject to our Terms and Conditions Written By Ross Fruen
NOTE: A CD can also be an input device. Printer - A printer prints whatever is on the monitor onto paper. Printers can print words, numbers, or pictures. Speaker - A speaker gives you sound output from your computer. Some speakers are built into the computer and some are separate. Disk Drives - A disk drive is used to record information from the computer onto a floppy disk or CD. Floppy Disk - A floppy disk is used to record information on. The information is stored on the floppy disk and can be used later or used on another computer. Headphones Headphones give sound output from the computer. They are similar to speakers, except they are worn on the ears so only one person can hear the output at a time.
OVERVIEW OF COMPUTER SYSTEM These devices are examples of computer hardware. A computer system needs to have these hardware to function. COMPUTER SYSTEM A computer system is defined as combination of components designed to process data and store files. A computer system consists of four major hardware components; input devices, output devices, processor and storage devices. A computer system requires hardware, software and a user to fully function. Software refers to set of instructions that tell the hardware what to do. Software can also have
Use subject to our Terms and Conditions Written By Ross Fruen
various other functions such as performing computation, communication with other software and human interaction. User refers to a person who uses the computer for any purposes such as work, business and entertainment. COMPUTER HARDWARE Computer hardware consists of: input devices processor output devices storage devices Input Devices Input devices feed data or commands in a form that the computer can use. Example of input devices are: Keyboard Light Pen Joystick Microphone Mouse Video Digital camera. Processor The CPU is an example of a processor. It has the same important as the brain to human being. Output Devices Output devices such as the monitor shows people the process data or information. This type of information can be understood and use by computer user. Other example of output devices are: Printer Plotter Speaker Storage Devices Storage usually means secondary storage. It consists secondary storage devices such as hardisk, Floppy Disk, diskette, CD ROM and DVD ROM. COMPUTER SOFTWARE
There are 2 types of computer software, system software and application software. System software is any computer software that helps to run computer system. System software controls, integrate and manages the individual component of a computer system. Application software or program is a computer software that employs the capabilities of a computer directly to a task that the user wishes to perform. Application software is a program written to solve a specific problem, produce a specific report, or update a specific file. Below are the examples of system software and application software
System Unit
The system unit, also known as a "tower" or "chassis," is the main part of a desktop computer. It includes themotherboard, CPU, RAM, and other components. The system unit also includes the case that houses the internal components of the computer. The term "system unit" is often used to differentiate between
Use subject to our Terms and Conditions Written By Ross Fruen
the computer and peripheral devices, such as the monitor, keyboard, and mouse. For example, if a repair shop asks you to bring in your computer, it may be unclear whether you need to bring your monitor and peripheral devices as well. If you are told to just bring your system unit, it is clear you only need to bring the computer itself. Some modern computers, such as the iMac, combine the system unit and monitor into a single device. In this case, the monitor is part of the system unit. While laptops also have built-in displays, they are not called system units, since the term only refers to desktop computers.
Storage Device
A computer storage device is any type of hardware that stores data. The most common type of storage device, which nearly all
Use subject to our Terms and Conditions Written By Ross Fruen
computers have, is a hard drive. The computer's primary hard drive stores the operating system, applications, and files and folders for users of the computer. While the hard drive is the most ubiquitous of all storage devices, several other types are common as well. Flash memory devices, such as USB keychain drives and iPod nanos are popular ways to store data in a small, mobile format. Other types of flash memory, such as compact flash and SD cards are popular ways to store images taken by digital cameras. External hard drives that connect via Firewire and USB are also common. These types of drives are often used for backing up internal hard drives, storing video or photo libraries, or for simply adding extra storage. Finally, tape drives, which use reels of tape to store data, are another type of storage device and are typically used for backing up data.