INFO about Security

Security
Security is very important for protecting confidential and personal information.

In ASP.NET 2.0 the following controls has been added:

A Login control, which provides login functionality
A LoginStatus control, to control the login status
A LoginName control to display the current user name
A LoginView control, to provide different views depending on login status
A CreateUser wizard, to allow creation of user accounts
A PasswordRecovery control, to provide the "I forgot my password" functionality






Web Security

--------------------------------------------------------------------------------

You are offering your IP address to the entire world at this very moment.

Make sure you are not offering access to your private data at the same time.


--------------------------------------------------------------------------------

YOUR IP ADDRESS IS PUBLIC
Accessing the Internet is a security risk.

When you are connected to the Internet, an IP address is used to identify your PC. If you don't protect yourself,
this IP address can be used to access your computer from the outside world.

A fixed IP address is a larger security risk.

If you're using a modem with a dial-up connection, you will get a new IP address every time you connect to Internet,
but if you have a fixed Internet connection (cable, ADSL, fixed line), your IP address will never change.

If you have a fixed IP address, you give potential Internet crackers all the time they need to search for entrances to your computer,
and to store and share (with other crackers) information they might find about your unprotected private data.


--------------------------------------------------------------------------------

Your Network Shares
Personal computers are often connected to a shared network. Personal computers in large companies are connected to large corporate networks.
Personal computers in small companies are connected to a small local network, and computers in private homes often share a network
between family members.

Most often networks are used to share resources like printers, files and disk storage.

When you are connected to the Internet, your shared resources can be accessed by the rest of the world.


--------------------------------------------------------------------------------

A Common Windows Security Problem
Unfortunately, many Microsoft Windows users are unaware of a common security leak in their network settings.

This is a common setup for network computers in Microsoft Windows:

Client for Microsoft Networks
File and Printer Sharing for Microsoft Networks
NetBEUI Protocol
Internet Protocol TCP/IP
If your setup allows NetBIOS over TCP/IP, you have a security problem:

Your files can be shared all over the Internet
Your logon-name, computer-name, and workgroup-name are visible to others.
If your setup allows File and Printer Sharing over TCP/IP, you also have a problem:

Your files can be shared all over the Internet
Computers that are not connected to any network can also have dangerous network settings because the network settings were changed
when Internet was installed.


--------------------------------------------------------------------------------

Solving the Problem
For Windows 2000 users:

You can solve your security problem by disabling NetBIOS over TCP/IP:

Open Windows Explorer
Right-click on My Network Places
Select: Properties
Right-click on Local Area Network
Select: Properties
Select: Internet Protocol TCP/IP
Click on Properties
Click on Advanced
Select the WINS tab
Select Disable NetBIOS over TCP/IP
Click OK
If you get the message: "This connection has an empty......", ignore the message and click on YES to continue, and click OK to close the other setup windows.

You should restart your computer after the changes.

For Windows 95, 98, or ME users:

You can solve your security problem by disabling NetBIOS over TCP/IP:

Open Windows Explorer
Right-click on My Network Places
Select: Properties
Select: Internet Protocol TCP/IP
Click on Properties
Select the NetBIOS tab
Uncheck: Enable NetBIOS over TCP/IP
Click OK
You must also disable the TCP/IP Bindings to Client for Microsoft Networks and File and Printer Sharing:

Open Windows Explorer
Right-click on My Network Places
Select: Properties
Select: Internet Protocol TCP/IP
Click on Properties
Select the Bindings tab
Uncheck: Client for Microsoft Networks
Uncheck: File and Printer Sharing
Click OK
If you get a message with something like: "You must select a driver.........", ignore the message and click on YES to continue, and click OK to close the other setup windows.

If you still want to share your Files and Printer over the network, you must use the NetBEUI protocol instead of the TCP/IP protocol. Make sure you have enabled it for your local network:

Open Windows Explorer
Right-click on My Network Places
Select: Properties
Select: NetBEUI
Click on Properties
Select the Bindings tab
Check: Client for Microsoft Networks
Check: File and Printer Sharing
Click OK
You should restart your computer after the changes.


--------------------------------------------------------------------------------

Protect Your Server
iisPROTECT provides a complete range of password protection, authentication and user management solutions:

iisPROTECTasp: Protect areas of your web site and require username and password. Grant/deny any users/groups on a per resource basis. Extensive Web Interface for user/group admin, use any DB backend, store custom data, set user start/end dates, email users, audit logins.

iisPROTECT: Protect all web site files including images, databases,html,ASP etc. Protect entire directories, users / groups independent from Windows accounts, complete web administration, does not require cookies or any programming. Complete turn key solution.

iisPROTECTquota: All of the features of iisPROTECT plus: prevent concurrent logins and password cracking attempts, set quotas on hits, logins, kb per user.

Read more about iisPROTECT.