|
Security in the field of computers is similar to that in the real life. We install security systems in our homes, banks and work places. These systems include gatekeepers, ID cards, Closed circuit cameras, etc. Parallels to these are found even in the digital world. Gatekeepers are comparable to FireWalls. FireWalls are programs that will continuously keep a watch on the files that are coming into our computer. Files that are known to be malicious are denied an entry. Similarly ID cards are comparable to user names and passwords. Cameras are comparable to network monitors or file-system monitors. Network monitors listen to and keep a record of all the communication happening on the network. Similarly, File System monitors keep track of any changes made to the files on the hard disk. In the computer world it is important to know who is allowed to use something and to what extent. That “Who” could be a person sitting at a computer or a program that is being executed. This divides security implementation in two distinct branches.
- Protection from malicious code
- Protection from malicious users
The implementation of security in either type involves two stages, identification and deciding the scope of activity. In security terminology this is known as authentication and authorization respectively. Authentication is responsible for identification and authentication for deciding scope of activity. We would discuss authentication and authorization in detail later. After a program/user is positively identified, it needs to be decided as to what are the activities that he is allowed to do. A list is constructed containing all the things that the program/user is allowed to do. Each entry in this list is known as permission. The list is known as the permission set.
Windows Security Model
Windows like many other operating systems decides permissions on the basis of the type of user who has logged in. The security features were almost negligible under
Windows 9x operating systems. Two users could look at each other’s personal data without ever being asked why. All software installed were available to all the users.
Windows NT had a better design. There was now a distinction between different users using a machine. Moreover, every user had to log on to the computer before using it and then log off. There was no such thing as a default user. The operating system interacted differently with different users. Windows implemented a concept called group. A group is a set of users having same permissions. And for the user the group to which he belongs becomes his role. For example if “XYZ” belongs to the Administrator group, then role of “XYZ” is Administrator and had permissions to almost do anything on the machine. Then there were users, which could use the computer but could not do tasks such as installing new software or changing system variables such as page memory size, etc. There were Replicators, Printers, Power Users and so on. An administrator had the right to add new users to the machine. He could decide the permissions to be given to these users. An Administrator could also create custom groups with custom permissions. A user belonging to a certain group could do only those things that were permitted to him and nothing else. For example a user allowed to use only a printer could do only that besides logging on and off.
Under Windows if we intend to get some work done, we pass a request stating that to the operating system. The operating system in turn performs the task for us. In a network, the origin of a request could be the local machine or the remote machine. Requests could be anything like accessing data, authenticating a user against a list of valid users maintained on the server or using a resource like printer. The server operating systems are fine-tuned to prioritize network requests (requests from remote computer) rather than local requests. Again keeping in tune with the concept of security we can configure the server to respond only to certain requests and turn down others. Another thing is, to grant permissions for requests on the basis of the computer that is requesting or grant them on the basis of the current login on that computer. This scenario is very flexible and highly configurable. Let’s see how the operating system manages this. With Windows NT 3.1 and onwards, Microsoft introduced a new way of managing files on the hard disk called the NT File System (NTFS). This file system was better than the FAT32 file system. NTFS had provisions to allow or deny access to files on the basis of the user requesting to access it. For every file NTFS maintains a list of users allowed to access it. This functionality is not implemented in the FAT32 file system. Instead in FAT32, the operating system keeps a list of files and who is allowed to access them. Such an arrangement works but at the cost of performance.
The protection mechanisms discussed above were about granting of permissions to the user who is logged on. But if the user runs the malicious code, there is nothing that can be done to stop the code from causing havoc. This concern has been addressed by .NET through a concept called Code Access Security that we would discuss later.
Authentication and Authorization
As stated earlier, authentication is identification of user and authorization is granting permissions to the identified user. In any security related scenario, Authentication and Authorization are indispensable.
Windows NT at the time of Login, performs authentication and authorization. Windows maintains a list of all users allowed to use that computer. This list is known as the Access Control List (ACL). Whenever a person tries to login using one of these registered users, Windows internally looks at ACL, and grants permissions to the user according to his or her role. Permissions are access permissions to files, ability to install programs, modify system parameters and so on.
After authenticating a user, the next step is to determine whether that user has permission to access the resources it is requesting. This process is known as authorization. Authorization can be controlled using any of the following methods.
a. Windows Access Control List (ACL)
- This allows us to create permissions specific to the file system. Users can be
allowed or denied access to resources right at the file system level. The NTFS file system discussed earlier is best suited
for this. Using ACL to grant/deny permissions works best where our application is authenticated using Windows account.
b. Web Server Permissions - Web Server Permissions are configured on the IIS (Internet Information Server). This
configuration specifies permissions such as read, right, access and denial to anyone accessing the website. There is a
difference between NTFS permissions and Web Server permissions. Web Server Permissions apply to all those who
access the web and FTP sites, NTFS permissions apply only to specific users and groups with registered Windows
accounts.
c. URL Authorization - The URL maps specific users and roles to the contents of the URL. It is possible to specifically
allow or deny users and roles, access to contents of the URL. Entries made to the ‘web.config’ file will implement this
authorization.
d. Principal Objects - Under Security terminology users or entities that have been authenticated are known as Principals.
Identification of the principal could be through any of the above-discussed procedures or could also be custom defined.
The .NET platform provides a GenericPrincipal Class that can be extended as per requirements. We can then map our
custom table to the Windows accounts.
Security Under .NET
.NET security mechanisms work in close interaction with Windows security. It divides security into two distinct
models.
- Role Based Security
- Code Access Security
Role based security decides permissions on the basis of the role (or type) of the user, whereas code access security grants permission on the basis of identity of the code. Identifying code is identifying the location from where the code is running.
|
