tag:blogger.com,1999:blog-33909979725269341922024-03-13T05:56:14.702-07:00Web Developmentrajhttp://www.blogger.com/profile/07775159902177850551noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-3390997972526934192.post-5979801462747920252010-10-19T07:46:00.000-07:002010-10-19T07:46:12.115-07:00Building Secure ASP.NET ApplicationsFrom SQL Server Books online, the members of the enumerated type,<br />
SQLDMO_AUDIT_TYPE are:<br />
SQLDMOAudit_All 3 Log all authentication attempts - success or failure<br />
SQLDMOAudit_Failure 2 Log failed authentication<br />
SQLDMOAudit_None 0 Do not log authentication attempts<br />
SQLDMOAudit_Success 1 Log successful authentication<br />
<span style="font-size: large;"><b><br />
Sample Log Entries</b></span><br />
<br />
The following list shows some sample log entries for successful and failed entries in<br />
the SQL Server logs.<br />
<br />
Successful login using Integrated Windows authentication:<br />
2002-07-06 22:54:32.42 logon Login succeeded for user 'SOMEDOMAIN\Bob'.<br />
Connection: Trusted.<br />
Successful login using SQL standard authentication:<br />
2002-07-06 23:13:57.04 logon Login succeeded for user 'SOMEDOMAIN\Bob'.<br />
Connection: Non-Trusted.<br />
Failed Login:<br />
2002-07-06 23:21:15.35 logon Login failed for user 'SOMEDOMAIN\BadGuy'.<br />
<span style="font-size: large;"><b><br />
IIS Logging</b></span><br />
<br />
IIS logging can be set to different formats. If you use W3C Extended Logging, then<br />
you can take advantage of some additional information. For example, you can turn<br />
on Time Taken to log how long a page takes to be served. This can be helpful for<br />
isolating slow pages on your production Web site. You can also enable URI Query<br />
which will log Query String parameters, which can be helpful for troubleshooting<br />
GET operations against your Web pages. The figure below shows the Extended<br />
Properties dialog box for IIS logging.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_sT3hnOr4kDU/TL2tsZJKgYI/AAAAAAAAAIM/aiNsfsOl8jE/s1600/5689.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://4.bp.blogspot.com/_sT3hnOr4kDU/TL2tsZJKgYI/AAAAAAAAAIM/aiNsfsOl8jE/s320/5689.JPG" width="140" /></a></div><br />
<br />
<br />
IIS extended logging properties<br />
<b><span style="font-size: large;"><br />
Troubleshooting Tools</span></b><br />
<br />
The list of tools presented in this section can prove invaluable and will help you<br />
diagnose both security and non-security related problems.<br />
<br />
<b><span style="font-size: large;">File Monitor (FileMon.exe)</span></b><br />
<br />
This tool allows you to monitor files and folders for access attempts. It is extremely<br />
useful to deal with file access permission issues. It is available from<br />
www.sysinternals.com.<br />
<br />
<span style="font-size: large;"><b>More Information</b></span><br />
<br />
For more information see the Knowledge Base article Q286198, “HOWTO: Track<br />
‘Permission Denied’ Errors on DLL Files”.<br />
<br />
<span style="font-size: large;"><b>Fusion Log Viewer (Fuslogvw.exe)</b></span><br />
<br />
Fusion Log Viewer is provided with the .NET Framework SDK. It is a utility that<br />
can be used to track down problems with Fusion binding (see the .NET Framework<br />
documentation for more information).<br />
<br />
To create Fusion logs for ASP.NET, you need to provide a log path in the registry<br />
and you need to enable the log failures option through the Fusion Log Viewer<br />
utility.<br />
<br />
To provide a log path for your log files, use regedit.exe and add a directory location,<br />
such as e:\MyLogs, to the following registry key:<br />
[HKLM\Software\Microsoft\Fusion\LogPath]<br />
<br />
<b><span style="font-size: large;">ISQL.exe</span></b><br />
<br />
ISQL can be used to test SQL from a command prompt. This can be helpful when<br />
you want to efficiently test different logins for different users. You run ISQL by<br />
typing isql.exe at a command prompt on a computer with SQL Server installed.<br />
<br />
<span style="font-size: large;"><b>Connecting Using SQL Authentication</b></span><br />
<br />
You can pass a user name by using the –U switch and you can optionally specify the<br />
password with the –P switch. If you don’t specify a password, ISQL will prompt<br />
you for one. The following command, issued from a Windows command prompt,<br />
results in a password prompt. The advantage of this approach (rather than using<br />
the –P switch) is that the password doesn’t appear on screen.<br />
C:\ >isql -S YourServer -d pubs -U YourUser<br />
<br />
Password:<br />
<br />
<b><span style="font-size: large;">Connecting Using Windows Authentication</span></b><br />
<br />
You can use the –E switch to use a trusted connection which uses the security<br />
context of the current interactively logged on user.<br />
C:\ >isql -S YourServer -d pubs -E<br />
<br />
<b><span style="font-size: large;">Running a Simple Query</span></b><br />
<br />
Once you are logged in, you can run a simple query, such as the one shown below.<br />
1> use pubs<br />
2> SELECT au_lname, au_fname FROM authors<br />
3> go<br />
<br />
To quit ISQL, type quit at the command prompt.<br />
<br />
<span style="font-size: large;"><b>Windows Task Manager</b></span><br />
<br />
Windows Task Manager on Windows XP and Windows .NET Server allows you to<br />
display the identity being used to run a process.<br />
<br />
<br />
<b><span style="font-size: large;"> To view the identity under which a process is running</span></b><br />
<br />
1. Start Task Manager.<br />
2. Click the Processes tab.<br />
3. From the View menu, click Select Columns.<br />
4. Select User Name, and click OK.<br />
The user name (process identity) is now displayed.<br />
<br />
<span style="font-size: large;"><b>Network Monitor (NetMon.exe)</b></span><br />
<br />
NetMon is used to capture and monitor network traffic.<br />
<br />
<b><span style="font-size: large;">More Information</span></b><br />
<br />
See the following Knowledge Base articles:<br />
Q243270, “HOW TO: Install Network Monitor in Windows 2000”<br />
Q148942, “HOW TO: Capture Network Traffic with Network Monitor”<br />
Q252876, “HOW TO: View HTTP Data Frames Using Network Monitor”<br />
Q294818, “Frequently Asked Questions About Network Monitor”<br />
<br />
There are a couple of additional tools to capture the network trace when the client<br />
and the server are on the same machine (this can’t be done with Netmon):<br />
tcptrace.exe. Available from www.pocketsoap.com. This is particularly useful<br />
for Web services since you can set it up to record and show traffic while your<br />
application runs. You can switch to Basic authentication and use tcptrace to<br />
see what credentials are being sent to the Web service.<br />
packetmon.exe. Available from www.analogx.com. This is a cut down version<br />
of Network Monitor, but much easier to configure.<br />
<br />
<b><span style="font-size: large;">Registry Monitor (regmon.exe)</span></b><br />
<br />
This tool allows you to monitor registry access. It can be used to show read accesses<br />
and updates either from all processes or from a specified set of processes. This tool<br />
is very useful when you need to troubleshoot registry permission issues. It is available<br />
from www.sysinternals.com.<br />
<br />
<b><span style="font-size: large;">WFetch.exe</span></b><br />
<br />
This tool is useful for troubleshooting connectivity issues between IIS and Web<br />
clients. In this scenario, you may need to view data that is not displayed in the Web<br />
browser, such as the HTTP headers that are included in the request and response<br />
packets.<br />
<br />
<b><span style="font-size: large;"> Building Secure ASP.NET Applications</span></b><br />
<br />
<b><span style="font-size: large;">More Information</span></b><br />
<br />
For more information about this tool and the download, see the Knowledge Base<br />
article Q284285, “How to Use Wfetch.exe to Troubleshoot HTTP Connections”.<br />
<br />
<span style="font-size: large;"><b>Visual Studio .NET Tools</b></span><br />
<br />
The Microsoft .NET Framework SDK security tools can be found at<br />
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html<br />
/cpconnetframeworktools.asp<br />
<br />
<b><span style="font-size: large;">More Information</span></b><br />
<br />
See the following Knowledge Base articles:<br />
<br />
Q316365, “INFO: ROADMAP for How to Use the .NET Performance Counters”<br />
Q308626, “INFO: Roadmap for Debugging in .NET Framework and Visual<br />
Studio”<br />
Q317297, “INFO: Roadmap for Debugging Hangs, Memory Leaks in VB .NET”<br />
<br />
<b><span style="font-size: large;">WebServiceStudio</span></b><br />
<br />
This tool can be used as a generic client to test the functionality of your Web service.<br />
It captures and displays the SOAP response and request packets.<br />
You can download the tool from http://www.gotdotnet.com/team/tools/web_svc<br />
/default.aspx<br />
<br />
<span style="font-size: large;"><b>Windows 2000 Resource Kit</b></span><br />
<br />
Available from http://www.microsoft.com/windows2000/techinfo/reskit/default.asp<br />
For a complete tools list, see http://www.microsoft.com/windows2000/techinfo/reskit<br />
/tools/default.asprajhttp://www.blogger.com/profile/07775159902177850551noreply@blogger.com0tag:blogger.com,1999:blog-3390997972526934192.post-51737204872526328662010-10-19T07:38:00.000-07:002010-10-19T07:38:10.518-07:00SQL Server AuditingBy default, logon auditing is disabled. You can configure this either through SQL<br />
Server Enterprise Manager or by changing the registry.<br />
<br />
SQL Server log files are by default located in the following directory. They are textbased<br />
and can be read with any text editor such as Notepad.<br />
<br />
C:\Program Files\Microsoft SQL Server\MSSQL\LOG<br />
<br />
<b> To enable logon auditing with Enterprise Manager</b><br />
<br />
1. Start Enterprise Manager.<br />
2. Select the required SQL Server in the left hand tree control, right-click and then<br />
click Properties.<br />
3. Click the Security tab.<br />
4. Select the relevant Audit level – Failure, Success or All.<br />
<br />
<b> To enable logon auditing using a registry setting</b><br />
<br />
1. Create the following AuditLevel key within the registry and set its value to one<br />
of the REG_DWORD values specified below.<br />
<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\AuditLevel<br />
2. Set the value of this key to one of the following numeric values, which allow you<br />
to capture the relevant level of detail.<br />
3—captures both success and failed login attempts<br />
2—captures only failed login attempts<br />
1—captures only success login attempts<br />
0—captures no logins<br />
<br />
It is recommended that you turn on failed login auditing as this is a way to determine<br />
if someone is attempting a brute force attack into SQL Server. The performance<br />
impacts of logging failed audit attempts are minimal unless you are being<br />
attacked, in which case you need to know anyway.<br />
You can also set audit levels by using script against the SQL Server DMO (Database<br />
Management Objects), as shown in the following code fragment.<br />
<br />
Sub SetAuditLevel(Server As String, NewAuditLevel As SQLDMO_AUDIT_TYPE)<br />
Dim objServer As New SQLServer2<br />
objServer.LoginSecure = True 'Use integrated security<br />
objServer.Connect Server 'Connect to the target SQL Server<br />
'Set the audit level<br />
objServer.IntegratedSecurity.AuditLevel = NewAuditLevel<br />
Set objServer = Nothing<br />
End Subrajhttp://www.blogger.com/profile/07775159902177850551noreply@blogger.com0