Re: A fundamental question about CAS

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Valery Pryamikov (Valery_at_nospam.harper.no)
Date: 07/14/04 

Date: Wed, 14 Jul 2004 10:14:52 +0200

John,
VB6 was not a good example (I belive that majority of these programs will
eventually be redeveloped in .Net or discontinue to be used), but you are
right that there will be non .Net programs in future. Device drivers,
programs developed with using competing technologies/platforms and some
others would, probably, remain unmanaged. But that doesn't actually decrease
value of CAS for everyone (including administrators). Look at it this way:
security features of Internet Information Server could only be used for
securing one specific application and couple of ports. The rest of ports is
never protected by IIS configuration. However no security administrator
would ever say that it meaningless to administer IIS.
CAS provides unique possibility for administrators to control code rights
based on code evidence. It doesn't cover all executable code (just as
securing IIS means nothing for the ports that aren't used by IIS)...
And as amount of managed code grows in the future, value of CAS will grow as
well...

-Valery (Security MVP)
http://www.harper.no/valery

"jonathan" <jweizman@csi.com> wrote in message
news:a856739d.0407130129.2937d1b7@posting.google.com...
> Hi
>
> After delving into CAS for long days, i begin to understand its
> security model.
>
> BUT, there is still something i don't understand :
> CAS will treat only .NET written program. So it will never see the
> others like those written in VB6 or assembly.
> Considering not all the program won't be written in .NET languages,
> how CAS is interesting for Administrators?
>
> Thanks
> John

Relevant Pages

  • SUMMARY WAS: OT? Philosophical Question on SA responsibilities
    ... helpful for managers interested in hiring new administrators. ... Would you go thru the 14,600 messages in root and admin ... If I was a new SA I would if encountering a security hole, ... I can see some use for the passwd -s part of the crontab script, ...
    (SunManagers)
  • Re: Least User Priviledges for Network Administrators
    ... that group not be local administrators due to the nature of their work. ... in our Network Technology group are most likely, ... Trust how? ... desktop security practices and the installation of unlicensed software ...
    (microsoft.public.windowsxp.security_admin)
  • Re: .Net Security Policies
    ... that the CAS policy model for .Net is obscure ... executables) from .Net may be grouped together as a code group. ... Microsoft MVP (Windows Security) ...
    (microsoft.public.security)
  • RE: .NET security
    ... Thanks for your response and the further description. ... Access security feature. ... And CAS is a security restriction based on code(unlike the ... Thanks for your continual understanding and patience. ...
    (microsoft.public.dotnet.general)
  • Re: .NET CAS vs OS security
    ... I was catching the SecurityException and the Exception. ... CAS won't come into play if your assembly is installed on the local file ... absolutely no interaction between CAS permissions and OS permissions. ... is layered over the top of the OS security and they are based on two totally ...
    (microsoft.public.dotnet.security)