Enhanced Security for Online Exam Using Group Cryptography Complete Proposal:

Development of the Web has contributed to the growth of Internet learning and online exams, Internet and Online exams have not been extensively adopted. An Internet based exam is defined in this project as one that ta e place over the unsure of yourself web, and where no proctor is in the same place as the examinees. !y project propose an improved safe filled Internet exam organi"ation setting mediated by group cryptography methods using distant monitoring and control of ports and input. #he objective domain of this project is that of Internet exams for any subject$s contest in any level of %ducation, as well as exams in online university courses with students in various different locations. &roject proposes a trouble'free solution to the issue of security and cheating for online exams. #his solution uses an enhanced in the Online Exam safety organi"ed system which is based on group cryptography with e'monitoring methods

Existing System
Different dishonest patterns exists in present organi"ation together with photocopying the answers of others, inter'changing answers, penetrating the web for answers, using the information and software saved on the student$s computer and discussing the exam by mailing system, phone, or immediate messaging or using (igbee etc.

Disadvantages
)* +tages of contact between teachers and students decreases. ,* #he tendency to copy in the online exams and cheat by students increases. -* #he system must rely on students$ sincerity, honesty or their having an reputation code

Proposed System

&roject introduces a clarification to the issue of safety and cheating for web based exams. #his solution uses an enhanced safety organi"e system in the Online Exam which is based on collection based cryptography with an e'monitoring methodologies. #he cryptography supports superior safety organi"es for the web exam process, as well as validation and veracity. #he e'monitoring provides a proctor role to distinct location examinees to prevent copying and cheating over the internet based online examination systems, and thus removes the prere.uisite of having to go to a permanent location. #he target of this project is web based exams of any type and exams in online university courses with students at distinct locations. &roject undergoes administer an internet based examination at a static time with the same .uestions for all examinees, just li e an off'line exam, but without restricting the physical place of the examinees. #his system enable many inds of tests to be given online, it can provide teachers with well again evaluation principles for students and may put in to improving the .uality of education.

Advantages
)* web based exam management system having some monitoring method to prevent and to detect cheating and copying ,* Without regard to position and time. -* Avoid intercepting or interfering with communications during an exam conducted through web.

Soft are !e"uirements

/ / / Operating system 2ront %nd 8ac end 0' Windows 1& &rofessional 0' 3isual +tudio ,445, A+&.net, 67 0' +9: +erver ,44;

#ard are !e"uirements

/ / +<+#%! =A>D DI+? 0 &entium I3 0 @4 A8

>A!

0 ;), !8

Pro$ect Plans and %ethods &nvolved:

The modules involved are:

Administrator Key Generation Student Exam Modules

Results and Reports Video Conference and Desktop Capturing

Administrator:In t is module Administrator is a!ing t e task to manage t e information e can also add# update or a"out t e Examiners# $roctors and students and applying for t e exams t roug

delete t e information a"out t e Examination centers and t e candidates internet% Also sc edule t e information a"out accessing t e t e exams and generate keys using Asymmetric algorit ms &uestion papers to t e data"ase and

&uestion papers upload "y different type of examiners ' o are uploading e can also add t e marks for t e student after completion of t eir exams% (ere key management plays a !ital role in pro!iding security and safety to t e online examination processes% Admin 'ill encrypt t e ans'er upload "y t e examiners ' o are preparing online exams using AES algorit m%

Key Generation:In t is module Admin Exams and as t e 'ork to sc edule t e information a"out t e

e is a"le to send pu"lic and pri!ate keys to t e students "ased

on t e re&uested sc edule in order to generate keys 'e user group key generator "ased algorit ms in t is application t is module place a role of identifying t e student attending t e exam using p oto comparisons and a"le

to monitor t e systems ' ere students are access t e online examination application "y desktop capturing mec anism%

Students Exam Modules:-

In t is module student can c eck t e information pro!ided "y t e administrator pu"lic keys and pri!ates% )y using keys e is a"le login to t e exam 'indo' can ans'er t e &uestion% Immediately after exam starts a !ideo conference "et'een examiners and students to identify t e "e a!iors of t e students and capturing of images for e!ery * to + seconds in order to identify t e genuinely of t e student at t e time of results% All t e ,S) $orts of t e C%$%, are disa"ling in order to a!oid copying of ans'ers from t ird party de!ices% An interface is de!eloping in suc a 'ays ' ic a!oids access of key"oard and ot er menus of -perating system% Results and Reports:. is module contains all t e information a"out t e results generated "y t e Administrator and a lot rank cards to t e students "ased on t eir "e a!iors and performance during t e online examination% Admin can generate reports "ased on grades allotted "y online examination system Video Conferen e and !es"top Capturin# . is module contains all t e information a"out Video conference "et'een student and examiner t ese * modules 'ill "e automatically initiali/ed immediately after starting up t e application 0-nline Examination systems1 a li!e !ideo 'ill "e telecasted of student and

sa!e to t e student data"ase to t e ser!er% . e e!ents and "e a!iors of t e student during t e online exam process

Resear h Methods:

2% 3ogging4client registers is5 er personal data 6login# pass'ord7 a% confirmation is taking place after su"mitting data "% aut entication error is signali/ed "y fault message c% if aut entication doesn8t return error# user is allo'ed to system *% Managing students 9 called "y examiner a% inspector adds# remo!es and modifies students data% "% if examiner did not insert re&uired data 6login# pass'ord# and image 'ill uploaded to t e ser!er data"ase at t e time of registration7 else system returns error message c% if data is registered and users enter all !alid information 'it !alid data correctly# accepting message is "eing s o'n +% $reparing exams a% examiner is permitted to decide categories and num"er of &uestions from indi!idual exam "% examiner adds t e amount of correct ans'ers 6in :7 re&uired to pass t e exam and ans'ers entered "y examiner 'ill "e encrypted using AES5DES algorit m to pro!ide security to t e ans'ers from ackers or intruders% c% examiner sets time and sc edule of exam ;% Acti!ating Exam a% Examiner acti!ate exam using a pu"lic and pri!ate key generated "y t e examiners so t at students can run it%

<% Managing &uestions a% examiner adds# edits and remo!es &uestions and categories "% (e can also su"scri"e &uestions to categories =% Vie'ing results a% examiner can !ie' condensed results of all students t at a!e "een passing t is test "% after clicking one student8s login e can enter >Vie'ing personal ?eed)ack@ A% Vie'ing personal ?eed)ack a% user is allo'ed to exam results of one studentB "% examiner can !ie' results of eac student at e!ery time c% student can see results of exam only once 9 Cust after passing t e exam% D% Running test a% student is c oosing one of a!aila"le exams# "ecause of ' at personali/ed test 'it random &uestions is "eing created "% after student finis es test# its results and &uestions are "eing sa!ed in exam% c% Video conference module is add to monitor student from distinct places d% Desktop capturing mec anism elps in capturing t e e!ents and actions performed "y t e users or student during t e examination process e% ,S) Disa"le and ena"les automatically immediately after examination starts Initial 3iterature Re!ie'E . e recent ser!ice and e!entual extensi!e acceptance of electronic monitoring in groping students and a !ariety of classes In t is proCect # 'e examine t e impacts# connected c allenges and safety

lapses of t e existing electronic4examination structure 'it t e aim of ameliorating and emergent a ne' satisfactory e4Exam system t at takes care of t e existing system8s c allenges and safety measures lapses% Students t at participated in t e online exams 'ere c osen for inter!ie' and &uestionnaire% )ased on t e examination of t e inter!ie's and study of t e existing electronic online test and examination system# some anomalies 'ere exposed and a ne' e4 exams system 'as de!eloped to 'ipe out t ese anomalies% . e ne' system uses data encryption in order to protect t e &uestions sent to t e e4Examination center t roug t e internet or intranet and a !ideo conference "ased de!ices are connected to a!oid c eating in t e online examination process% -nline examination as "een ig ly paying attention and appropriate in "ot learning and educational aspects% . e "est met od to e!aluate t e a"ility and kno'ledge of an indi!idual is t roug examination process% .o t is conclusion# !arious met ods as "een in 'ork in examining t e capa"ility of an personality# starting from manual means of using paper and pencil to electronic# from spoken to 'rite# practical to t eoretical and many ot ers% . e current information tec nology 'ay of examining students is t e use of electronic systems in position of manual or paper tec ni&ue ' ic 'as c aracteri/ed "y uge examination leakages# impersonations# demand for satisfaction "y teac ers# inducement4 taking "y super!isors and in!igilators of examinations% . ere is a rising "ody of in!estigation is focused on mounting impro!ed 'ays to super!ise e4exams met ods and e4learning systems% Some of t is researc focused on a !ariety of section of t e system and t ese includesE Sc ramm looked at a e4learning 'e" "ased system t at could simply offer and grade mat ematical &uestions 'it inFnite lack of complaint% . erefore it needs t e a"ility for in and output of numerical formulas# t e dynamic generation of plots and t e generation of random 'ords and statistics%. is is 'e" "ased online examination sc eme# t e system carry out t e test and auto4grading for students exams% . e system facilitates conducting exams# collection of ans'ers# auto marking t e su"missions and manufacture of reports for t e exam% It supports many kinds of &ueries% It 'as used t roug online and is t erefore suita"le for "ot limited and distant examination% . e system could assist lecturers# instructors# teac ers and ot ers ' o are prepared to create ne' exams or edit presented ones as 'ell as students participating in t e exams

'iterature Survey:

(raud and Cheating control: >esearch is on case study that describes the researchers$ attempts to article and stop frauds and cheating on their web based exams. #hey present facts of their hard wor to decrease both the probability and force of cheating on'line. +uggestions are offered that are planned to provide direction for others wishing to pursue web based online exams in their classes over the past several years, a number of academics have espoused the value of using on'line exams in classes as opposed to the face'to'face paper exams that are traditionally given in the college classroom. !ost often, on'line exams are used in conjunction with a distance'learning course where all the course material is administered on'line. #heoretically, however, many of the benefits associated with using online exams in a distance e'learning course should also be present if on'line exams are used in a more traditional course. #his paper used on'line exams in just that style. Although we teach divide sections of lessons that get together face'to'face twice a wee , and decided to explore the possibility of administering web based online exams to our learners on'line. #he possible remuneration of doing this are many and comprise ever'increasing grading correctness, minimi"ing the grading time, and provided that students with instant feedbac . &ossibly even more importantly, web based internet exams can free of charge up time in class to pursue other nowledge behaviors. In most lessons, the time available always seems to run out earlier than the amount of main material that re.uirements to be covered. If exams are ta en out of the classroom and administer over the web, then many instructors would find four or more extra class session in which they could cover added material. Or, they may wish to cover the same amount of information to be shared to the students attending online exams, but cover it in better depth. As this paper will essay, we establish all of these profit and more when administering our exams web based exams.

While I am very pleased with our first nowledge, a irritating .uestion persisted. Bamely, i concerned that student may have been cheating or doing fraud on the exams, and that the cheating and fraud may have been widespread. As such, i too a number of steps to aim to notice any cheating on the web baesd exams. In adding, I too a amount of steps to try to minimi"e the impact of whatever cheating did occur that did not get detected. In the sections that follow, we will first describe our course and learning environment in detail. Additionally, we will see to document many of the ways that students could potentially cheat on on'line exams. 2urthermore, we will outline the specific steps we too to detect it and minimi"e its impact. #o conclude, we will share some of our positive experiences with on'line testing in general, and will outline additional steps we plan to ta e in the future to improve their effectiveness in the classroom. 8efore describing the various means of cheating on the exam, it is important for us to discuss our testing protocol so that it is clear what students are and are not allowed to do. At the beginning of every exam, we include a paragraph that reads in part, C#his is not an open boo or open notes exam. #his exam is to be ta en during the allotted time period without the aid of boo s, notes, or other students. <ou have approximately @; seconds per .uestion to complete this exam. #his exam must be ta en on'line from start to finish. Do not download it to ta e it or distribute it to anyone. #he statistics feature of On course will monitor and report how you ta e this exam.D We also verbally announce this statement in class prior to each exam and answer any .uestions students might have with regard to what is and is not allowed on the exam. As such, we have identified the following potential ways to cheat on our on'line exams0 =aving someone other than the student ta e the exam %xceeding the posted time limit 6ollaborating with others during the exam Downloading or distributing the exam to others Esing material that is not allowed Ftextboo or class notes* Identifying the possible means of compromising the integrity of the exam was an important first step, but it was only a first step. After devising this list, we then set out to try to detect whether or not cheating occurred. S)EPS )O %&*&%&+E )#E &%PAC) O( C#EA)&*G +ome of the ways we minimi"e the impact of cheating rely on the same tools we use to detect it as outlined in the previous section. 2or instance, timing the exam helps lessen

the opportunity that students have to utili"e inappropriate material. If our exams had no time limit, the temptation to avoid studying and rely instead on loo ing up answers during the exam would be greater. 8y providing only forty'five seconds per .uestion, we limit the students$ ability to engage in this. We also tend to as lengthy, application'based .uestions. #hese .uestions ta e more time to process and are more difficult to loo up in the textboo because the answers re.uire a synthesis of information as opposed to a simple recitation of a fact. While we could ta e this one step further and re.uire essay .uestions, we have not pursued that yet, but may do so in the future. #iming the tests also ma es it more difficult for students to collaborate during the exam. We add a further level of difficulty to any attempt at collaboration by scrambling the order of the test .uestions on each exam. #his prevents students from simply as ing each other the answer to .uestion six, for example, because the .uestion order will be different on each exam. In a similar vein, we also ta e steps to minimi"e the li elihood that someone other than the student is ta ing the exam. One of the primary ways we do this is to have multiple assignments due during the course of the semester. In a typical semester, each student will need to submit over twenty separate assignments on'line. Although it may be relatively easy for them to get help on one of them or even a few of them, it will be considerably tougher and G or more costly to find someone willing to complete every on'line activity for them. <et another way we minimi"e the impact of collaboration is to re.uire a cumulative, face'to'face final exam at the end of the semester. #his exam is weighted more heavily than the other exams and has a pronounced impact on the students$ final grades. If they have not been eeping up with the material throughout the semester Fi.e., they have had someone else doing their wor *, they are very li ely to fail the final exam. If they fail the final, it carries enough points that they are unli ely to get an A or a 8 in the course regardless of how well they did on any other assignment. All told, these steps help us minimi"e the impact that cheating has in our classroom. While we certainly have not eradicated its occurrence, we suggest that totally eliminating it is not li ely on any exam, face to face or on'line. Instead, these steps have allowed us to lessen the li elihood of cheating and also lessen the temptation for cheating to the students. #his has allowed us to reali"e many benefits in the classroom that we would not have had if we had given our exams in the traditional manner.

O,E!A'' ASSESS%E*) O( O*-'&*E E.A%S Overall, we are .uite pleased with the impact that using on'line exams has had in our classes. 8y using this method, we have freed up three entire class periods worth of time. We have used this time to have class discussions that were more in'depth and focused than time normally allowed. We have also been able to add more group activities and experiences that re.uire students to ta e some of the theoretical concepts we discuss in class and apply them to their personal lives. +tudent satisfaction with this approach has been high. Bot only do the students enjoy the flexibility of ta ing the exams at a time that is convenient for them, they also report learning more in the classroom. 8ecause we are able to use experiential exercises in class that we did not have time to use before, they also report greater satisfaction with the material. It is more meaningful to them because they have internali"ed more of it. #his would be more difficult to accomplish if we were not able to free up class time by using on'line exams. On'line exams would not be possible if we did not have cheating under control. 8y ta ing the steps we have to detect cheating and minimi"e its impact, we have been able to ta e class exams offline and have had a more rewarding classroom experience for our students. We are very encouraged by the initial results. (U)U!E S)EPS While this study does help provide some insight as to how to detect cheating and minimi"e its impact, the wor in this area is just beginning. As more and more academics decide to explore the possibility of using this form of testing, additional steps need to be ta en to ensure that cheating is minimi"ed. As such, it is important that further research be devoted to this crucial topic. One area ripe for further exploration is to underta e additional steps to enhance the testing protocol that is used. As an example, some schools have reported success in having students formally sign honor codes before ta ing exams. It may be beneficial to see what impact this might have in an online testing environment. Another potentially promising area that we plan to explore is to loo at whether or not student personality characteristics might influence their propensity to cheat. We are currently collecting data on such variables as student self'efficacy and self'esteem to see whether or not there might be a significant relationship between them and subse.uent

cheating on exams. #o conclude, we encourage other instructors to engage in this field of research. #he benefits of using online exams are numerous, but until teachers and administrators can be reasonably assured that cheating is not rampant, they will not be fully utili"ed in the classroom and many of these benefits will go unreali"ed. 8y continuing to explore the topic of cheating on online exams, the problem can be further minimi"ed and the general classroom experience can be enhanced.

Group Cryptograp yE

Exam GroupsE

Algorithms:
#he D%+ FData %ncryption +tandard* algorithm is the most widely used encryption algorithm in the world. 2or many years, and among many people, Hsecret code ma ingH and D%+ have been synonymous. And despite the recent coup by the %lectronic 2rontier 2oundation in creating a I,,4,444 machine to crac D%+'encrypted messages, D%+ will live on in government and ban ing for years to come through a life' extending version called Htriple'D%+.H =ow does D%+ wor J #his article explains the various steps involved in D%+'encryption, illustrating each step by means of a simple example. +ince the creation of D%+, many other algorithms Frecipes for changing data* have emerged which are based on design principles similar to D%+. Once you understand the basic transformations that ta e place in D%+, you will find it easy to follow the steps involved in these more recent algorithms. 8ut first a bit of history of how D%+ came about is appropriate, as well as a loo toward the future.

)he DES Algorithm &llustrated

D%+ is a block cipher''meaning it operates on plaintext bloc s of a given si"e FK@'bits* and returns ciphertext bloc s of the same si"e. #hus D%+ results in a permutation among

the ,LK@ Fread this as0 H, to the K@th powerH* possible arrangements of K@ bits, each of which may be either 4 or ). %ach bloc of K@ bits is divided into two bloc s of -, bits each, a left half bloc ' and a right half !. F#his division is only used in certain operations.* Example: :et % be the plain text message % M 4),-@;KN5OA86D%2, where % is in hexadecimal Fbase )K* format. >ewriting % in binary format, we get the K@'bit bloc of text0 % M 4444 444) 44)4 44)) 4)44 4)4) 4))4 4))) )444 )44) )4)4 )4)) ))44 ))4) )))4 )))) ' M 4444 444) 44)4 44)) 4)44 4)4) 4))4 4))) ! M )444 )44) )4)4 )4)) ))44 ))4) )))4 )))) #he first bit of % is H4H. #he last bit is H)H. We read from left to right. D%+ operates on the K@'bit bloc s using key si"es of ;K' bits. #he eys are actually stored as being K@ bits long, but every 5th bit in the ey is not used Fi.e. bits numbered 5, )K, ,@, -,, @4, @5, ;K, and K@*. =owever, we will nevertheless number the bits from ) to K@, going left to right, in the following calculations. 8ut, as you will see, the eight bits just mentioned get eliminated when we create sub eys. Example: :et / be the hexadecimal ey / M )--@;NNOO886D22). #his gives us as the binary ey Fsetting ) M 444), - M 44)), etc., and grouping together every eight bits, of which the last one in each group will be unused*0 / M 444)44)) 44))4)44 4)4)4))) 4))))44) )44))4)) )4))))44 ))4))))) ))))444) #he D%+ algorithm uses the following steps0

Step 0: Create 01 su23eys4 each of hich is 56-2its long7

#he K@'bit ey is permuted according to the following table, PC-0. +ince the first entry in the table is H;NH, this means that the ;Nth bit of the original ey / becomes the first bit of the permuted ey /P. #he @Oth bit of the original ey becomes the second bit of the permuted ey. #he @th bit of the original ey is the last bit of the permuted ey. Bote only ;K bits of the original ey appear in the permuted ey.

PC-1 57 1 10 19 63 7 14 21 49 58 2 11 55 62 6 13 41 50 59 3 47 54 61 5 33 42 51 60 39 46 53 28 25 34 43 52 31 38 45 20 17 26 35 44 23 30 37 12 9 18 27 36 15 22 29 4

Example: 2rom the original K@'bit ey / M 444)44)) 44))4)44 4)4)4))) 4))))44) )44))4)) )4))))44 ))4))))) ))))444) we get the ;K'bit permutation /P M ))))444 4))44)) 44)4)4) 4)4)))) 4)4)4)4 )4))44) )44)))) 444)))) Bext, split this ey into left and right halves, C0 and D0, where each half has ,5 bits. Example: 2rom the permuted ey /P, we get C0 M ))))444 4))44)) 44)4)4) 4)4)))) D0 M 4)4)4)4 )4))44) )44)))) 444)))) With C0 and D0 defined, we now create sixteen bloc s Cn and Dn, )QMnQM)K. %ach pair of bloc s Cn and Dn is formed from the previous pair Cn-1 and Dn-1, respectively, for n M ), ,, ..., )K, using the following schedule of Hleft shiftsH of the previous bloc . #o do a left shift, move each bit one place to the left, except for the first bit, which is cycled to the end of the bloc .
Iteration Number 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Number of Left Shifts 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1

#his means, for example, C3 and D3 are obtained from C2 and D2, respectively, by two left shifts, and C16 and D16 are obtained from C15 and D15, respectively, by one left shift. In all cases, by a single left shift is meant a rotation of the bits one place to the left, so that after one left shift the bits in the ,5 positions are the bits that were previously in positions ,, -,..., ,5, ). Example: 2rom original pair C0 and D0 we obtain0 C0 M ))))4444))44))44)4)4)4)4)))) D0 M 4)4)4)4)4))44))44))))444)))) C1 M )))4444))44))44)4)4)4)4))))) D1 M )4)4)4)4))44))44))))444))))4 C2 M ))4444))44))44)4)4)4)4)))))) D2 M 4)4)4)4))44))44))))444))))4) C3 M 4444))44))44)4)4)4)4)))))))) D3 M 4)4)4))44))44))))444))))4)4) C4 M 44))44))44)4)4)4)4))))))))44 D4 M 4)4))44))44))))444))))4)4)4) C5 M ))44))44)4)4)4)4))))))))4444 D5 M 4))44))44))))444))))4)4)4)4) C6 M 44))44)4)4)4)4))))))))4444)) D6 M )44))44))))444))))4)4)4)4)4) C7 M ))44)4)4)4)4))))))))4444))44 D7 M 4))44))))444))))4)4)4)4)4))4 C8 M 44)4)4)4)4))))))))4444))44)) D8 M )44))))444))))4)4)4)4)4))44) C9 M 4)4)4)4)4))))))))4444))44))4 D9 M 44))))444))))4)4)4)4)4))44)) C10 M 4)4)4)4))))))))4444))44))44) D10 M ))))444))))4)4)4)4)4))44))44 C11 M 4)4)4))))))))4444))44))44)4) D11 M ))444))))4)4)4)4)4))44))44)) C12 M 4)4))))))))4444))44))44)4)4) D12 M 444))))4)4)4)4)4))44))44))))

C13 M 4))))))))4444))44))44)4)4)4) D13 M 4))))4)4)4)4)4))44))44))))44 C14 M )))))))4444))44))44)4)4)4)4) D14 M )))4)4)4)4)4))44))44))))444) C15 M )))))4444))44))44)4)4)4)4))) D15 M )4)4)4)4)4))44))44))))444))) C16 M ))))4444))44))44)4)4)4)4)))) D16 M 4)4)4)4)4))44))44))))444)))) We now form the eys Kn, for )QMnQM)K, by applying the following permutation table to each of the concatenated pairs CnDn. %ach pair has ;K bits, but PC-8 only uses @5 of these.
PC-2 14 3 23 16 41 30 44 46 17 28 19 7 52 40 49 42 11 15 12 27 31 51 39 50 24 6 4 20 37 45 56 36 1 21 26 13 47 33 34 29 5 10 8 2 55 48 53 32

#herefore, the first bit of Kn is the )@th bit of CnDn, the second bit the )Nth, and so on, ending with the @5th bit of Kn being the -,th bit of CnDn. Example: 2or the first ey we have C1D1 M )))4444 ))44))4 4)4)4)4 )4))))) )4)4)4) 4))44)) 44))))4 44))))4 which, after we apply the permutation PC-8, becomes K1 M 444))4 ))4444 44)4)) )4)))) )))))) 444))) 44444) ))44)4 2or the other eys we have K2 M 4))))4 4))4)4 )))4)) 4))44) ))4))4 ))))44 )44))) )44)4) K3 M 4)4)4) 4))))) ))44)4 44)4)4 4)4444 )4))44 )))))4 4))44) K4 M 4)))44 )4)4)4 ))4))) 4)4))4 ))4))4 ))44)) 4)4)44 4)))4) K5 M 4))))) 44)))4 ))4444 444))) )))4)4 ))4)4) 44)))4 )4)444 K6 M 4))444 )))4)4 4)4)44 )))))4 4)4)44 444))) )4))44 )4)))) K7 M )))4)) 44)444 4)44)4 ))4))) ))))4) )4444) )444)4 ))))44 K8 M ))))4) )))444 )4)444 )))4)4 ))4444 4)44)) )4)))) )))4)) K9 M )))444 44))4) )4)))) )4)4)) )))4)) 4))))4 4))))4 44444) K10 M )4))44 4))))) 44))4) 444))) )4)))4 )44)44 4))44) 44))))

K11 M 44)444 4)4)4) )))))) 4)44)) ))4))) )4))4) 44)))4 444))4 K12 M 4)))4) 4)4))) 444))) ))4)4) )44)4) 444))4 4))))) )4)44) K13 M )44)4) ))))44 4)4))) 4)444) )))))4 )4)4)) )4)44) 44444) K14 M 4)4))) ))4)44 44)))4 ))4))) ))))44 )4)))4 4)))44 )))4)4 K15 M )4)))) )))44) 444))4 44))4) 44)))) 4)44)) ))))44 44)4)4 K16 M ))44)4 ))44)) ))4))4 44)4)) 4444)) )4444) 4))))) ))4)4) +o much for the sub eys. Bow we loo at the message itself.

Step 8: Encode each 15-2it 2loc3 of data7

#here is an initial permutation &P of the K@ bits of the message data %. #his rearranges the bits according to the following table, where the entries in the table show the new arrangement of the bits from their initial order. #he ;5th bit of % becomes the first bit of &P. #he ;4th bit of % becomes the second bit of &P. #he Nth bit of % is the last bit of &P.
IP 58 60 62 64 57 59 61 63 50 52 54 56 49 51 53 55 42 44 46 48 41 43 45 47 34 36 38 40 33 35 37 39 26 28 30 32 25 27 29 31 18 20 22 24 17 19 21 23 10 12 14 16 9 11 13 15 2 4 6 8 1 3 5 7

Example: Applying the initial permutation to the bloc of text %, given previously, we get % M 4444 444) 44)4 44)) 4)44 4)4) 4))4 4))) )444 )44) )4)4 )4)) ))44 ))4) )))4 )))) &P M ))44 ))44 4444 4444 ))44 ))44 )))) )))) )))) 4444 )4)4 )4)4 )))) 4444 )4)4 )4)4 =ere the ;5th bit of % is H)H, which becomes the first bit of &P. #he ;4th bit of % is H)H, which becomes the second bit of &P. #he Nth bit of % is H4H, which becomes the last bit of &P. Bext divide the permuted bloc &P into a left half L0 of -, bits, and a right half bits. Example: 2rom &P, we get L0 and
0 0

of -,

L0 M ))44 ))44 4444 4444 ))44 ))44 )))) )))) 0 M )))) 4444 )4)4 )4)4 )))) 4444 )4)4 )4)4

We now proceed through )K iterations, for )QMnQM)K, using a function ! which operates on two bloc s''a data bloc of -, bits and a ey Kn of @5 bits''to produce a bloc of -, bits. 'et 9 denote .O! addition4 :2it-2y-2it addition modulo 8;. #hen for n going from ) to )K we calculate Ln M n-1 n M Ln-1 P !F ,Kn*

n-1

#his results in a final bloc , for n M )K, of L16 16. #hat is, in each iteration, we ta e the right -, bits of the previous result and ma e them the left -, bits of the current step. 2or the right -, bits in the current step, we 1O> the left -, bits of the previous step with the calculation ! . Example: 2or n M ), we have K1 M 444))4 ))4444 44)4)) )4)))) )))))) 444))) 44444) ))44)4 L1 M 0 M )))) 4444 )4)4 )4)4 )))) 4444 )4)4 )4)4 1 M L0 P !F 0,K1* It remains to explain how the function ! wor s. #o calculate !, we first expand each bloc n-1 from -, bits to @5 bits. #his is done by using a selection table that repeats some of the bits in n-1 . WeRll call the use of this selection table the function E. #hus EF n-1* has a -, bit input bloc , and a @5 bit output bloc . :et E be such that the @5 bits of its output, written as 5 bloc s of K bits each, are obtained by selecting the bits in its inputs in order according to the following table0
E BIT-SELECTION TABLE 32 4 8 12 16 20 24 28 1 5 9 13 17 21 25 29 2 6 10 14 18 22 26 30 3 7 11 15 19 23 27 31 4 8 12 16 20 24 28 32 5 9 13 17 21 25 29 1
n-1

#hus the first three bits of EF n-1* are the bits in positions -,, ) and , of last , bits of EF n-1* are the bits in positions -, and ). Example: We calculate EF 0* from
0

while the

as follows0

0 M )))) 4444 )4)4 )4)4 )))) 4444 )4)4 )4)4 EF 0* M 4))))4 )4444) 4)4)4) 4)4)4) 4))))4 )4444) 4)4)4) 4)4)4)

FBote that each bloc of @ original bits has been expanded to a bloc of K output bits.*

Bext in the ! calculation, we 1O> the output EF Kn P EF Example: 2or K1 , EF 0*, we have
n-1

n-1

* with the ey Kn0

*.

K1 M 444))4 ))4444 44)4)) )4)))) )))))) 444))) 44444) ))44)4 EF 0* M 4))))4 )4444) 4)4)4) 4)4)4) 4))))4 )4444) 4)4)4) 4)4)4) K1PEF 0* M 4))444 4)444) 4))))4 )))4)4 )4444) )44))4 4)4)44 )44))). We have not yet finished calculating the function ! . #o this point we have expanded n-1 from -, bits to @5 bits, using the selection table, and 1O>ed the result with the ey Kn . We now have @5 bits, or eight groups of six bits. We now do something strange with each group of six bits0 we use them as addresses in tables called HS 2oxesH. %ach group of six bits will give us an address in a different S box. :ocated at that address will be a @ bit number. #his @ bit number will replace the original K bits. #he net result is that the eight groups of K bits are transformed into eight groups of @ bits Fthe @'bit outputs from the S boxes* for -, bits total. Write the previous result, which is @5 bits, in the form0 Kn P EF
n-1

* M"1"2"3"4"5"6"7"8,

where each "i is a group of six bits. We now calculate #1$"1%#2$"2%#3$"3%#4$"4%#5$"5%#6$"6%#7$"7%#8$"8% where #i$"i% referres to the output of the i'th S box. #o repeat, each of the functions #1& #2&'''& #8, ta es a K'bit bloc as input and yields a @' bit bloc as output. #he table to determine #1 is shown and explained below0
S1 Column Number Row No. 0 1 2 3 0 1 2 13 14 ! 3 1 4 ! 2 4 5 6 11 ! 13 1 2 11 1 ! " 10 11 6 12 12 11 " 3 14 12 13 5 " " 5 3 10 10 0 14 15 0 3 ! 5 0 6 13

14 4 0 15 4 1 15 12

2 15 14 2 13 6 4 "

3 10 10 6 15 12 5 11

If #1 is the function defined in this table and " is a bloc of K bits, then #1$"% is determined as follows0 #he first and last bits of " represent in base , a number in the decimal range 4 to - For binary 44 to ))*. :et that number be i. #he middle @ bits of " represent in base , a number in the decimal range 4 to ); Fbinary 4444 to ))))*. :et that

number be (. :oo up in the table the number in the i'th row and ('th column. It is a number in the range 4 to ); and is uni.uely represented by a @ bit bloc . #hat bloc is the output #1$"% of #1 for the input ". 2or example, for input bloc " M 4))4)) the first bit is H4H and the last bit H)H giving 4) as the row. #his is row ). #he middle four bits are H))4)H. #his is the binary e.uivalent of decimal )-, so the column is column number )-. In row ), column )- appears ;. #his determines the outputS ; is binary 4)4), so that the output is 4)4). =ence #1F4))4))* M 4)4). #he tables defining the functions #1&'''&#8 are the following0
S1 14 4 0 15 4 1 15 12 13 7 14 8 1 4 8 2 2 15 14 2 13 6 4 9 11 8 13 1 2 11 1 7 S2 15 1 3 13 0 14 13 8 8 14 4 7 7 11 10 1 6 11 15 2 10 4 3 15 3 4 8 14 13 1 4 2 S3 10 0 13 7 13 6 1 10 9 14 0 9 4 9 13 0 6 3 3 4 8 15 6 9 15 5 6 10 3 0 8 7 S4 7 13 13 8 10 6 3 15 14 11 9 0 3 5 0 6 0 6 6 15 12 11 10 1 9 10 0 3 7 13 13 8 S5 2 12 14 11 4 2 11 8 4 1 2 12 1 11 12 7 7 10 4 7 10 13 1 14 11 6 13 1 7 8 2 13 S6 12 1 10 15 9 14 4 3 10 15 4 2 15 5 2 12 9 2 7 12 2 8 9 5 6 8 9 5 12 3 15 10 S 0 13 6 1 7 0 11 14 3 4 13 14 4 10 1 7 14 7 0 11 1 13 6 0 5 11 3 8 11 6 8 13 8 5 5 0 15 9 6 15 3 15 15 10 12 5 0 9 13 3 6 10 0 9 3 4 14 9 8 6 0 14 5 3 1 4 15 9 2 7 1 4 8 5 2 12 3 14 5 11 11 12 1 10 5 2 12 7 4 15 14 9 8 4 2 14 1 13 2 8 11 1 4 15 12 7 5 14 2 12 14 3 11 4 12 11 5 10 11 5 2 8 15 1 14 7 2 12 9 12 5 11 7 0 8 6 2 13 1 10 12 6 7 12 12 6 9 0 0 9 3 5 5 10 11 5 2 15 14 9 3 10 10 6 15 12 5 11 6 12 12 11 9 7 3 14 5 9 9 5 3 10 10 0 0 7 3 8 5 0 6 13

4 11 13 0 1 4 6 11

2 14 11 7 11 13 13 8

15 4 12 1

0 9 3 4

8 13 1 10 7 14 10 7 S!

3 12 14 3 10 15 9 5

9 7 5 12 6 8 0 15

5 10 2 15 0 5 14 2

6 1 8 6 9 2 3 12

13 2 1 15 7 11 2 1

8 13 4 14

4 8 1 7

6 15 10 3 9 12 4 10

11 1 7 4 14 2 8 13

10 9 12 5 0 6 15 12

3 14 6 11 10 13 9 0

5 0 0 14 15 3 3 5

12 7 9 2 5 8 6 11

Example: 2or the first round, we obtain as the output of the eight S boxes0 K1 P EF 0* M 4))444 4)444) 4))))4 )))4)4 )4444) )44))4 4)4)44 )44))). #1$"1%#2$"2%#3$"3%#4$"4%#5$"5%#6$"6%#7$"7%#8$"8% M 4)4) ))44 )444 44)4 )4)) 4)4) )44) 4))) #he final stage in the calculation of ! is to do a permutation P of the S'box output to obtain the final value of !0 ! M PF#1$"1%#2$"2%'''#8$"8%* #he permutation P is defined in the following table. P yields a -,'bit output from a -,'bit input by permuting the bits of the input bloc .
P 16 29 1 5 2 32 19 22 7 12 15 18 8 27 13 11 20 28 23 31 24 3 30 4 21 17 26 10 14 9 6 25

Example: 2rom the output of the eight S boxes0 #1$"1%#2$"2%#3$"3%#4$"4%#5$"5%#6$"6%#7$"7%#8$"8% M 4)4) ))44 )444 44)4 )4)) 4)4) )44) 4))) we get ! M 44)4 44)) 4)44 )4)4 )4)4 )44) )4)) )4))
1

M L0 P !F

, K1 *

M ))44 ))44 4444 4444 ))44 ))44 )))) )))) P 44)4 44)) 4)44 )4)4 )4)4 )44) )4)) )4)) M )))4 )))) 4)44 )4)4 4))4 4)4) 4)44 4)44 In the next round, we will have L2 M 1, which is the bloc we just calculated, and then we must calculate 2 ML1 ) !$ 1& K2%, and so on for )K rounds. At the end of the sixteenth round we have the bloc s L16 and 16. We then re*er+e the order of the two bloc s into the K@'bit bloc
16

L16

and apply a final permutation &P-0 as defined by the following table0

IP-1 40 39 38 37 36 35 34 33 8 7 6 5 4 3 2 1 48 47 46 45 44 43 42 41 16 15 14 13 12 11 10 9 56 55 54 53 52 51 50 49 24 23 22 21 20 19 18 17 64 63 62 61 60 59 58 57 32 31 30 29 28 27 26 25

#hat is, the output of the algorithm has bit @4 of the preoutput bloc as its first bit, bit 5 as its second bit, and so on, until bit ,; of the preoutput bloc is the last bit of the output. Example: If we process all )K bloc s using the method defined previously, we get, on the )Kth round, L16 M 4)44 44)) 4)44 44)4 44)) 44)4 44)) 4)44 16 M 4444 )4)4 4)44 ))44 ))4) )44) )44) 4)4) We reverse the order of these two bloc s and apply the final permutation to L16 M 4444)4)4 4)44))44 ))4))44) )44)4)4) 4)4444)) 4)4444)4 44))44)4 44))4)44
16

,--1 M )4444)4) )))4)444 444)44)) 4)4)4)44 4444)))) 4444)4)4 )4))4)44 44444)4) which in hexadecimal format is 5;%5)-;@424A8@4;. #his is the encrypted form of % M 4),-@;KN5OA86D%20 namely, C M 5;%5)-;@424A8@4;.

Decryption is simply the inverse of encryption, follwing the same steps as above, but reversing the order in which the sub eys are applied.

DES %odes of Operation

#he D%+ algorithm turns a K@'bit message bloc % into a K@'bit cipher bloc C. If each K@'bit bloc is encrypted individually, then the mode of encryption is called .lectronic Co/e "ook F%68* mode. #here are two other modes of D%+ encryption, namely Chain "lock Co/in0 F686* and Cipher 1ee/back F628*, which ma e each cipher bloc dependent on all the previous messages bloc s through an initial 1O> operation.

Crac3ing DES
8efore D%+ was adopted as a national standard, during the period B8+ was soliciting comments on the proposed algorithm, the creators of public ey cryptography, !artin =ellman and Whitfield Diffie, registered some objections to the use of D%+ as an encryption algorithm. =ellman wrote0 HWhit Diffie and I have become concerned that the proposed data encryption standard, while probably secure against commercial assault, may be extremely vulnerable to attac by an intelligence organi"ationH Fletter to B8+, October ,,, )ON;*. Diffie and =ellman then outlined a Hbrute forceH attac on D%+. F8y Hbrute forceH is meant that you try as many of the ,L;K possible eys as you have to before decrypting the ciphertext into a sensible plaintext message.* #hey proposed a special purpose Hparallel computer using one million chips to try one million eys eachH per second, and estimated the cost of such a machine at I,4 million. 2ast forward to )OO5. Ender the direction of Tohn Ailmore of the %22, a team spent I,,4,444 and built a machine that can go through the entire ;K'bit D%+ ey space in an average of @.; days. On Tuly )N, )OO5, they announced they had crac ed a ;K'bit ey in ;K hours. #he computer, called Deep 6rac , uses ,N boards each containing K@ chips, and is capable of testing O4 billion eys a second. Despite this, as recently as Tune 5, )OO5, >obert :itt, principal associate deputy attorney general at the Department of Tustice, denied it was possible for the 28I to crac D%+0 H:et me put the technical problem in context0 It too )@,444 &entium computers wor ing for four months to decrypt a single message . . . . We are not just tal ing 28I and B+A Uneeding massive computing powerV, we are tal ing about every police department.H >esponded cryptograpy expert 8ruce +chneier0 H . . . the 28I is either incompetent or lying, or both.H +chneier went on to say0 H#he only solution here is to pic an algorithm with a longer eyS there isnRt enough silicon in the galaxy or enough time before the sun burns out to brute' force triple'D%+H FCrypto-Gram, 6ounterpane +ystems, August );, )OO5*.

)riple-DES

#riple'D%+ is just D%+ with two ;K'bit eys applied. Aiven a plaintext message, the first ey is used to D%+' encrypt the message. #he second ey is used to D%+'decrypt the encrypted message. F+ince the second ey is not the right ey, this decryption just scrambles the data further.* #he twice'scrambled message is then encrypted again with the first ey to yield the final ciphertext. #his three'step procedure is called triple'D%+. #riple'D%+ is just D%+ done three times with two eys used in a particular order. F#riple' D%+ can also be done with three separate eys instead of only two. In either case the resultant ey space is about ,L)),.*

!SA Overvie :

Generating Pu2lic and Private /eys

2irst, as we mentioned above, before any transmission happens, the +erver had calculated its public and secret eys. =ere is how. ).)* pic two prime numbers, weRll pic p M - and . M )) ).,* calculate n M p W . M - W )) M -).-* calculate " M F p ' ) * W F . ' ) * M F - ' ) * W F )) ' ) * M ,4 ).@* choose a prime number , such that is co'prime to ", i.e, " is not divisible by . We have several choices for 0 N, )), )-, )N, )O Fwe cannot use ;, because ,4 is divisible by ;*. :etRs pic MN Fsmaller , Hless mathH*. ).;* +o, the numbers n M -- and M N become the +erverRs public ey. ).K* Bow, still done in advance of any transmission, the +erver has to calculate itRs secret ey. =ere is how. ).N* W j M ) F mod " * ).5* N W j M ) F mod ,4 * ).O* F N W j * G ,4 M J with the remainder of ) Fthe HJH here means0 Hsomething, but donRt wory about itHS we are only interested in the remainder*. +ince we selected Fon purpose* to wor with small numbers, we can easily conclude that ,) G ,4 gives HsomethingH with the remainder of ). +o, N W j M ,), and j M -. #his is our secret ey. We !E+# BO# give this ey away. Bow, after the +erver has done the above preparatory calculations in advance, we can begin our message transmission from our 8rowser to the +erver. 2irst, the 8rowser re.uests from the +erver, the +erverRs public ey, which the +erver obliges, i.e., it sends nM-- and MN bac to the 8rowser. Bow, we said that the 8rowser has a &lain message &M)@, and it wants to encrypt it, before sending it to the +erver. =ere is how the encryption happens on the 8rowser.

Section 87 Encrypting the message

=ere is the encryption math that 8rowser executes. ,.)* & L M % F mod n * HLH means Hto the power ofH & is the &lain message we want to encrypt n and are +erverRs public ey Fsee +ection )* % is our %ncrypted message we want to generate After plugging in the values, this e.uation is solved as follows0 ,.,* )@ L N M % F mod -- * #his e.uation in %nglish says0 raise )@ to the power of N, divide this by --, giving the remainder of %. ,.-* )4;@)-;4@ G -- M -)O@-@5.K4K Fwell, I lied when I said that this is H&encil and &aperH method only. <ou might want to use a calculator here*. ,.@* -)O@-@5 W -- M )4;@)-@5 ,.;* % M )4;@)-;4@ ' )4;@)-@5 M ,4 +o, our %ncrypted message is %M,4. #his is now the value that the 8rowser is going to send to the +erver. When the +erver receives this message, it then proceeds to Decrypt it, as follows.

Section <7 Decrypting the %essage

=ere is the decryption math the +erver executes to recover the original &lain text message which the 8rowser started with. -.)* % L j M & F mod n* % is the %ncrypted message just received j is the +erverRs secret ey & is the &lain message we are trying to recover n is +erverRs public ey Fwell part ofS remember that +erverRs public ey was calculated in +ection ) as consisting of two numbers0 nM-- and MN*. After plugging in the values0 -.,* ,4 L - M & F mod -- * -.-* 5444 G -- M J with the remainder of &. +o to calculate this remainder, we do0 -.@* 5444 G -- M ,@,.@,@,@,... -.;* ,@, W -- M NO5K -.K* & M 5444 ' NO5K M )@, which is exactly the &lain text message that the

8rowser started withX Well thatRs about it. While we did not discuss the theory behind the formulae involved I hope that you got at least a basic idea of how the public ey cryptography using the >+A algorithm wor s.

57 DES&G*
570 An Overvie of Uml
#he E!: is a language for are0 #he E!:$s basic building bloc s #he rules that dictate how those building bloc s may be put together. +ome common mechanisms that apply throughout the E!:. 3isuali"ing +pecifying 6onstructing Documenting

#hese are the artifacts of a software'intensive system. #he three major elements of E!:

578 =asic =uilding =loc3s of Uml

#he vocabulary of E!: encompasses three inds of building bloc s0 #hings. >elationships. Diagrams.

57870 )hings in Uml

#hey are the abstractions that are first'class citi"ens in a model. #here are four inds of things in the E!: +tructural things. 8ehavioral things. Arouping things. Annotational things. #hese things are the basic object oriented building bloc s of the E!:. #hey are used to write well'formed models.

5787070 Structural things

+tructural things are the nouns of the E!: models. #hese are mostly static parts of the model, representing elements that are either conceptual or physical. In all, there are seven inds of +tructural things. Class A class is a description of a set of objects that share the same attributes, operations, relationships, and semantics. A class implements one or more interfaces. Araphically a class is rendered as a rectangle, usually including its name, attributes and operations, as shown below.
Main Dis tance Table Link : String Distance:Interger Cost:Interger Predeces sor:String Sucess or:String UpDate()

Colla2oration 6ollaboration defines an interaction and is a society of roles and other elements that wor together to provide some cooperative behavior that$s bigger than the sum of all the elements. Araphically, collaboration is rendered as an ellipse with dashed lines, usually including only its name as shown below.
Chain of Responsi$ility

Use Case Ese case is a description of a set of se.uence of actions that a system performs that yields an observable result of value to a particular thing in a model. Araphically, Ese 6ase is rendered as an ellipse with dashed lines, usually including only its name as shown below. Active Class An active class is a class whose objects own one or more processes or threads and therefore can initiate control activity. Araphically, an active class is rendered just li e a class, but with heavy lines usually including its name, attributes and operations as shown below.

5787078 =ehavioral things

8ehavioral #hings are the dynamic parts of E!: models. #hese are the verbs of a model, representing behaviour over time and space. &nteraction An interaction is a behavior that comprises a set of messages exchanged among a set of objects within a particular context to accomplish a specific purpose. Araphically, a message is rendered as a direct line, almost always including the name if its operation, as shown below. Display

57878 !elationships in Uml

#here are four inds of relationships in the Eml ). Dependency ,. Association -. Aenerali"ation @. >eali"ation 07 Dependency: #his is relationship between two classes whenever arrow pointing to the class that it is being depended on. one class is completely dependent on the other class. Araphically the dashed line represents it with

87 Association: It is a relationship between instances of the two classes. #here is an association between two classes if an instance of one class must now about the other in order to perform its wor . In a diagram, an association is a lin connecting two classes. Araphically it is represented by line as shown. <7 Generali>ation: An inheritance is a lin indicating one class is a super class of the other. A generali"ation has a triangle pointing to the super class. Araphically it is represented by line with a triangle at end as shown.

57 !eali>ation:

5787< Diagrams in Uml

Diagrams play a very important role in the E!:. #he some of the modeling diagrams as follows0 Ese 6ase Diagram. 6lass Diagram. Object Diagram. +e.uence Diagram. 6ollaboration Diagram. +tate 6hart Diagram. Activity Diagram. 6omponent Diagram. Deployment Diagram
,se case diagram

A use case diagram identifies the functionality provided by the system FEse cases*, identifies users who interact with system FActor* and provides association between users and Ese cases. #hese models behavior of system with respect to users. It shows dynamic aspects of the system when user interacts with the system. A Ese case can have all

possible interaction of users with use cases graphically. #hus Ese case diagram models use cases view of a system. Definition A Ese case diagram is a set of use cases, actors and relationships between them. A use case diagram contains0 Ese cases. Actors. Association between them. Aenerali"ation between Actors. Include, extend, generali"ation, relationships.

Use Case:

Deployment:

State: 7?

Class Diagram:
Registration name : String pass ord : String P!otograp! : "#te Connect D"() $dd Users()

Login username : String Pass ord : String Image : "#te $ut!enticate() %enerate&e#s()

'ome Page( pri)ate&e# : String Sc!edule : Date access*+am() )ideoCon,erence() desktopRestrict()

Marker studentDetails : Integer access-$ updateMarks() contact*+aminer()

Result studentId e+amDetails getResult() get%rade()

Data (lo :

Student

Registration

Login

Access Exam

Exam "$

ideo !apturing Su#mit "esktop !apture

An Introduction to .NET Framework

T!e .NET Framework is a Microso,t.s de)elopment plat,orm( It o,,ers to de)elop so,t are applications( It as released b# Microso,t Corporation in /00/( Later on se)eral impro)ements take !ic! makes it as muc! strong3 ad)anced and more e,,icient place in (1*T 2rame ork3

plat,orm ,or building di,,erent kinds o, so,t are applications( 4!# it is called as 5plat,orm6 is3 it acts as plat,orm ,or multiple languages3 tools and libraries( It o,,ers )isuall# stunning user e+periences3 programming orld( It o,,ers muc! ad)anced securit# ,eatures ne)er be,ore( Supports do9ens o, languages like C:3 ;"(1*T3 ;C<<(1*T3 C="=L3 Pascal3 P#t!on etc( !ic! is mostl# re7uired toda#8s competiti)e

Features of .NET Framework

Next Generation User Experiences:

(1*T o,,ers a 2rame ork ,or building applications and !ig!>,idelit# e+periences in 4indo s t!at blend toget!er application UI3 documents3 and media content3 !ile e+ploiting t!e ,ull po er o, t!e computer( 4P2 (4indo s Presentation 2oundation) o,,ers de)elopers support ,or /D and ?D grap!ics3 !ard are accelerated e,,ects3 scalabilit# to di,,erent ,orm ,actors3 interacti)e data )isuali9ation3 and superior content readabilit#(

Seam%ess and Secured En&ironment:

$pplication securit# is a big deal t!ese da#s@ per!aps t!e most closel# e+amined ,eature o, an# ne application( (1*T o,,ers its best secured en)ironment at run time( So t!at it is !ig!l# impossible to access t!e (1*T application and its related data b# t!e un>aut!ori9ed users A !ackers(

T!e assem#%' (t!e compiled code o, (1*T ,rame ork) contains t!e securit# in,ormation like !ic! categories o, users or !o can access t!e class or met!od( So t!at e can sa# t!at (1*T 2rame ork applications are muc! secured( T!e securit# can be impro)ed in t!e $SP(1*T 4eb Sites b# Securit# models like Integrated 4indo s $ut!entication3 Microso,t Passport $ut!entication3 2orms $ut!entication3 and Client Certi,icate aut!entication(

(u%ti Language Support:

(1*T pro)ides a multi>language de)elopment plat,orm3 so #ou can in t!e programming language #ou pre,er( T!e ork

6ommon :anguage >untime FA

part of .B%# 2ramewor ) pro)ides support ,or ? Microso,t de)eloped languages

and se)eral ot!er languages ,rom ot!er )endors(

Languages Supported #' .NET Framework

Languages )rom (icroso)t Languages &endors )rom ot*er ;isual C:(1*T ;isual "asic(1*T ;isual C<<(1*T $PL3 Cobol3 Perl3 Pascal3 Component Pascal3 Curriculum3 *i,,el3 2ort!3

2ortran3 'askell3 B:3 Mercur#3 Mondrian3 =beron3 P#t!on3 IronP#t!on3 RP%3 Sc!eme3 Small Talk3 Standard ML

F%exi#%e "ata Access:

(1*T 2rame ork supports ,le+ible accessibilit# o, database data it! $D=(1*T ($cti)eC Data =bDects (1*T)( $D=(1*T is a set o, classes t!at e+pose data access ser)ices to t!e (1*T programmer( $D=(1*T pro)ides a ric! set o, components ,or creating distributed3 data>s!aring applications( It is an integral part o, t!e (1*T 2rame ork3 pro)iding access to relational3 CML3 and application data(

Modules of .NET
+. !,.NET -! S*arp.NET. /-Language.
It is !ig!l# used (1*T programming language3 used b# most o, t!e (1*T programmers( It borro s some programming ,eatures ,rom 5C6 and some ot!er programming ,eatures ,rom 5C<<6( In addition to t!ese3 it borro s ,e o, t!e good ,eatures o, Da)a language( It is t!e obDect oriented programming language(

87

$.NET - isua% $asic.NET. /-Language.

It is t!e Microso,t8s recommended language ,or beginners o, indo s programming( "ut in ,act3 it is used in )er# ,e o, t!e proDects in t!e real>time de)elopment orld3 because most o, t!e programmers usuall# comes it! 5C6 and 5C<<6 background@ !ence t!e# ,eel com,ortable it! 5C:6( It borro s some programming ,eatures ,rom ;" (;isual "asic) language( It is t!e obDect oriented programming language(

<7 AS0.NET -Acti&e Ser&er 0ages.NET. / -1e# Tec*no%og'.

It is t!e Microso,t8s eb tec!nolog#( It is used ,or eb sites de)elopment( It o,,ers muc! attracti)e and user ,riendl# user inter,aces in t!e ser)er side applications( It is t!e ne )ersion to anot!er Microso,t8s tec!nolog# called AS0 ($cti)e Ser)er Pages)3 !ic! is a ,amous eb tec!nolog# be,ore introducing $SP(1*T( It re7uires 'TML ,or eb page designing( It re7uires a (1*T language (like C:3 ;"(1*T3 ;C<<(1*T etc() ,or ser)er side logic implementation(

57 A"2.NET -Acti&e3 "ata 2#4ects.NET. / -"ata#ase Tec*no%og'.

It is t!e Microso,t8s database tec!nolog#( It o,,ers necessar# programming libraries to access t!e local A ser)er databases( It is t!e ne )ersion to anot!er Microso,t8s tec!nolog# called A"2 ($cti)eC Data =bDects)3 !ic! is a ,amous database tec!nolog#3 used it! ;"3 ;C<< and $SP languages( It re7uires a (1*T language (like C:3 ;"(1*T3 ;C<<(1*T etc() ,or logic implementation(

o,,ered to de)elop t!e ,ollo ing t#pes o, applications(

+. !onso%e App%ications
T!ese applications contains similar user inter,ace to t!e operating s#stems like MS> D=S and U1IC( &no n as C(U(I (C!aracter User Inter,ace) applications( T!ese are similar to CAC<< applications( T!ese are smaller in si9e( Doesn8t contain an# grap!ical ,eatures like mouse pointer3 colors3 ,onts3 buttons etc(

5. 1indows App%ications
T!ese applications are designed similar to t!e 54indo s6 operating s#stem( &no n as %(U(I (%rap!ical User Inter,ace) applications( =,,ers grap!ical ,eatures like mouse pointer3 colors3 ,onts3 buttons3 te+t bo+es etc(

6. 1indows Ser&ices
$ 4indo s ser)ice is a long>running e+ecutable application(

 T!ese can run onl# on indo s plat,orms( T!ese per,orm speci,ic ,unctions as background process( Doesn8t contain user inter,ace or doesn8t re7uire an# user interaction(

4indo s ser)ices can be con,igured to start

!en t!e operating s#stem is booted and run in t!e background as long as 4indo s is running3 or t!e# can be started manuall# !en re7uired(

*+amples: i( 4indo s Time( ii( 4indo s $udio( iii( $nti>;irus Securit#( i)( Database ser)ices like S7l Ser)er3 M# S7l3 =racle etc( )( IIS State Ser)ices( )i( "atter# Po er Suppl# Status on Laptops( etc( To see t!e all t!e installed indo s ser)ices on t!e s#stem3 click on 5Start6 E 5Control Panel6 E 5$dministrati)e Tools6 E 5Ser)ices6(

7. 1e# Sites 8 1e# App%ications

T!ese are most ,re7uentl# used applications b# e)er# internet literature( In modern li,e e)er# business (commercial) A educational A ser)ice oriented organi9ations are !a)ing t!eir o n eb sites( Some ot!er eb sites are o,,ering general purpose ser)ices t!at can be used b# an#bod# like *>Mail3 Searc! *ngines3 and "logs etc( So3 t!ere is muc! demand ,or t!ese applications in modern so,t are de)elopment industr#( In (1*T 2rame ork3 t!e $SP(1*T( *+: eb sites can be de)eloped using t!e tec!nolog# called

i. http0GGwww.yahoo.comG ii. http0GGwww.google.co.inG iii. http0GGwww.or ut.comG iv. http0GGwww.hotmail.comG

9. 1e# Ser&ices

 4eb Ser)ices are simple and eas# to understand( T!ese can be de)eloped using again $SP(1*T( T!ese are also kno n as 5 eb applications6 similar to 5 eb sites6( "ut 4eb sites e+pose certain user inter,ace (in t!e ,orm o, eb pages) to t!e end>user@ 4eb ser)ices e+pose a certain programming logic !ic! can be accessed t!roug! anot!er eb site( *+amples: i( =nline s!opping re7uires credit card aut!entication(

ii.

( a#/sms(com accesses t!e mail ser)ices o, Fa!oo and %mail(

1*at we need to %earn .NET

To get started it! (1*T Programming3 t!e programmer must !a)e pre)ious kno ledge in t!e ,ollo ing languages( ! (2or Procedural Programming *+perience) !:: -or. 220 ;now%edge (2or =bDect =riented Programming *+perience) S<L (2or db 7ueries) =T(L (2or eb page designing)

$e)ore .NET
$ranc*es o) (icroso)t 0rogramming:
In t!e late GHH0s3 4indo s programming using t!e Microso,t plat,orm !ad di)ided into a number o, branc!es( Most programmers ere using ;isual "asic (;")( Some ot!er programmers 2oundational Classes)( ere using ;isual C<< (;C<<) it! M2C (Microso,t

T!e remaining programmers $PI(

ere using C or C<< in a combination

it! ra

4in?/

"i))icu%ties and Limitations:

$ll o, t!ese tec!nologies !ad t!eir o n problems and di,,iculties( T!e ra M2C 4in?/ $PI as not obDect>oriented3 doesn8t supports a ,ull>pledged grap!ical as inconsistent and getting old and it is )er# muc!

application because o, limited libraries( as obDect>oriented3 but comple+ in actual coding(

0romises #' (icroso)t:

4!ile introducing .NET Framework3 Microso,t Corporation gi)en a promise to t!e so,t are industr# to deli)er a standard 2rame ork it! ,ollo ing: (u%tip%e p%at)orms: T!e s#stem runs on a broad range o, computers3 ,rom ser)ers and desktop mac!ines3 smart p!ones and cell p!ones( Industr' standards: T!e s#stem uses industr# standard communication protocols3 suc! as CML3 'TTP3 S=$P3 and 4SDL( Securit': T!e s#stem can pro)ide a muc! sa,er e+ecution en)ironment3 !acked or robbed b# ot!ers( !ic! can8t be !ic! o)ercomes t!e old problems and along

&ntroduction
. is ' ite paper co!ers some of t e operational and administrati!e tasks associated 'it MicrosoftG SH3 Ser!erI *JJ< security and enumerates "est practices and operational and administrati!e tasks t at 'ill result in a more secure SH3 Ser!er system% Eac topic descri"es a feature and "est practices% ?or additional information on t e specifics of utilities# features# and DD3 statements referenced in t is ' ite paper# see SH3 Ser!er *JJ< )ooks -nline% ?eatures and options t at are ne' or defaults t at are c anged for SH3 Ser!er *JJ< are identified% Coding examples for operational tasks use .ransact4SH3# so understanding .ransact4SH3 is re&uired for you to get t e most out of t is paper%

Surface Area !eduction

SH3 Ser!er *JJ< installation minimi/es t e Kattack surfaceK "ecause "y default# optional features are not installed% During installation t e administrator can c oose to installE Data"ase Engine J +=<JAnalysis Ser!ices Engine Repo rting Ser!ices22 Integration Ser!ices Lotification Ser!ices Documentation and Samples

It is a good practice to re!ie' ' ic product features you actually need and install only t ose features% 3ater# install additional features only as needed% SH3 Ser!er *JJ< includes sample data"ases for -3.$# data 'are ousing# and Analysis Ser!ices% Install sample data"ases on test ser!ers onlyB t ey are not installed "y default ' en you install t e corresponding engine feature% SH3 Ser!er *JJ< includes sample code co!ering e!ery feature of t e product% . ese samples are not installed "y default and s ould "e installed only on a de!elopment ser!er# not on a production ser!er% Eac item of sample code as undergone a re!ie' to ensure t at t e code follo's "est practices for security% Eac sample uses Microsoft Mindo'sG security principals and illustrates t e principal of least pri!ilege% SH3 Ser!er as al'ays "een a feature4ric data"ase and t e num"er of ne' features in SH3 Ser!er *JJ< can "e o!er' elming% -ne 'ay to make a system more secure is to limit t e num"er of optional features t at are installed and ena"led "y default% It is easier to ena"le features ' en t ey are needed t an it is to ena"le e!eryt ing "y default and t en turn off features t at you do not need% . is is t e installation policy of SH3 Ser!er *JJ<# kno'n as Koff "y default# ena"le ' en needed%K -ne 'ay to ensure t at security policies are follo'ed is to make secure settings t e default and make t em easy to use% SH3 Ser!er *JJ< pro!ides a Kone4stopK utility t at can "e used to ena"le optional features on a per4ser!ice and per4instance "asis as needed% Alt oug t ere are ot er utilities 6suc as Ser!ices in Control $anel7# ser!er configuration commands 6suc as sp% onfi#ure7# and A$Is suc as MMI 6Mindo's Management Instrumentation7 t at you can use# t e SH3 Ser!er Surface Area Configuration tool com"ines t is functionality into a single utility program% . is program can "e used eit er from t e command line or !ia a grap ic user interface% SH3 Ser!er Ser!ice Area Configuration di!ides configuration into t'o su"setsE ser!ices and connections# and features% ,se t e Surface Area Configuration for Ser!ices and Connections tool to !ie' t e installed components of SH3 Ser!er and t e client net'ork interfaces for eac engine component% . e startup type for eac ser!ice 6Automatic# Manual# or Disa"led7 and t e client net'ork interfaces t at are a!aila"le can "e configured on a per4instance "asis% ,se t e Surface Area Configuration for ?eatures tool to !ie' and configure instance4le!el features% . e features ena"led for configuration areE C3R Integration

Remote use of a dedicated administrator connection -3E Automation system procedures System procedures for Data"ase Mail and SH3 Mail Ad oc remote &ueries 6t e -$ELR-MSE. and -$ELDA.AS-,RCE functions7 SH3 Ser!er Me" Assistant xp% mdshell a!aila"ility (..$ endpoints Ser!ice )roker endpoint

. e features ena"led for !ie'ing areE

. e SH3 Ser!er Surface Area Configuration command4line interface# sac%exe# permits you to import and export settings% . is ena"les you to standardi/e t e configuration of a group of SH3 Ser!er *JJ< instances% Nou can import and export settings on a per4instance "asis and also on a per4ser!ice "asis "y using command4line parameters% ?or a list of command4line parameters# use t e -& command4line option% Nou must a!e sysadmin pri!ilege to use t is utility% . e follo'ing code is an example of exporting all settings from t e default instance of SH3 Ser!er on ser!er2 and importing t em into ser!er*E sac out server1.out sac in server1.out S server1 S server2 ! a"min I #SS$LS%&'%&

M en you upgrade an instance of SH3 Ser!er to SH3 Ser!er *JJ< "y performing an in4place upgrade# t e configuration options of t e instance are unc anged% ,se SH3 Ser!er Surface Area Configuration to re!ie' feature usage and turn off features t at are not needed% Nou can turn off t e features in SH3 Ser!er Surface Area Configuration or "y using t e system stored procedure# sp% onfi#ure% (ere is an example of using sp% onfi#ure to disallo' t e execution of xp% mdshell on a SH3 Ser!er instanceE (( )**o+ a"vance" o,tions to be chan-e". %.%/ s,0confi-ure 1sho+ a"vance" o,tions12 1 34 (( !,"ate the current*5 confi-ure" va*ue for a"vance" o,tions. &%/4N6I3!&% 34 (( 7isab*e the feature. %.%/ s,0confi-ure 18,0cm"she**12 0 34 (( !,"ate the current*5 confi-ure" va*ue for this feature. &%/4N6I3!&% G-

In SH3 Ser!er *JJ<# SH3 Ser!er )ro'ser functionality as "een factored into its o'n ser!ice and is no longer part of t e core data"ase engine% Additional functions are also factored into separate ser!ices% Ser!ices t at are not a part of t e core data"ase engine and can "e ena"led or disa"led separately includeE SH3 Ser!er Acti!e Directory (elper SH3 Ser!er Agent SH3 Ser!er ?ull.ext Searc SH3 Ser!er )ro'ser SH3 Ser!er VSS Mriter

. e SH3 Ser!er )ro'ser ser!ice needs to "e running only to connect to named SH3 Ser!er instances t at use .C$5I$ dynamic port assignments% It is not necessary to connect to default instances of SH3 Ser!er *JJ< and named instances t at use static .C$5I$ ports% ?or a more secure configuration# al'ays use static .C$5I$ port assignments and disa"le t e SH3 Ser!er )ro'ser ser!ice% . e VSS Mriter allo's "ackup and restore using t e Volume S ado' Copy frame'ork% . is ser!ice is disa"led "y default% If you do not use Volume S ado' Copy# disa"le t is ser!ice% If you are running SH3 Ser!er outside of an Acti!e DirectoryG directory ser!ice# disa"le t e Acti!e Directory (elper% 'est pra ti es for surfa e area redu tion Install only t ose components t at you 'ill immediately use% Additional components can al'ays "e installed as needed% Ena"le only t e optional features t at you 'ill immediately use% Re!ie' optional feature usage "efore doing an in4place upgrade and disa"le unneeded features eit er "efore or after t e upgrade% De!elop a policy 'it respect to permitted net'ork connecti!ity c oices% ,se SH3 Ser!er Surface Area Configuration to standardi/e t is policy% De!elop a policy for t e usage of optional features% ,se SH3 Ser!er Surface Area Configuration to standardi/e optional feature ena"ling% Document any exceptions to t e policy on a per4instance "asis% .urn off unneeded ser!ices "y setting t e ser!ice to eit er Manual startup or Disa"led%

Service Account Selection and %anagement

SH3 Ser!er *JJ< executes as a set of Mindo's ser!ices% Eac ser!ice can "e configured to use its o'n ser!ice account% . is facility is exposed at installation% SH3 Ser!er pro!ides a special tool# SH3 Ser!er Configuration Manager# to manage t ese accounts% In addition# t ese accounts can "e set programmatically t roug t e SH3 Ser!er MMI $ro!ider for Configuration% M en you select a Mindo's account to "e a SH3 Ser!er ser!ice account# you a!e a c oice ofE Domain user t at is not a Mindo's administrator 3ocal user t at is not a Mindo's administrator Let'ork Ser!ice account 3ocal System account 3ocal user t at is a Mindo's administrator Domain user t at is a Mindo's administrator

M en c oosing ser!ice accounts# consider t e principle of least pri!ilege% . e ser!ice account s ould a!e exactly t e pri!ileges t at it needs to do its Co" and no more pri!ileges% Nou also need to consider account isolationB t e ser!ice accounts s ould not only "e different from one anot er# t ey s ould not "e used "y any ot er ser!ice on t e same ser!er% -nly t e first t'o account types in t e list a"o!e a!e "ot of t ese properties% Making t e SH3 Ser!er ser!ice account an administrator# at eit er a ser!er le!el or a domain le!el# "esto's too many unneeded pri!ileges and s ould ne!er "e done% . e 3ocal System account is not only an account 'it too many pri!ileges# "ut it is a s ared account and mig t "e used "y ot er ser!ices on t e same ser!er% Any ot er ser!ice t at uses t is account as t e same set up pri!ileges as t e SH3 Ser!er ser!ice t at uses t e account% Alt oug Let'ork Ser!ice as net'ork access and is not a Mindo's superuser account# it is a s area"le account% . is account is usea"le as a SH3 Ser!er ser!ice account only if you can ensure t at no ot er ser!ices t at use t is account are installed on t e ser!er% ,sing a local user or domain user t at is not a Mindo's administrator is t e "est c oice% If t e ser!er t at is running SH3 Ser!er is part of a domain and must access domain resources suc as file s ares or uses linked ser!er connections to ot er computers running SH3 Ser!er# a domain account is t e "est c oice% If t e ser!er is not part of a domain 6for example# a ser!er running in t e perimeter net'ork 6also kno'n as t e DMO7 in a Me" application7 or does not need to access domain resources# a local user t at is not a Mindo's administrator is preferred% Creating t e user account t at 'ill "e used as a SH3 Ser!er ser!ice account is easier in SH3 Ser!er *JJ< t an in pre!ious !ersions% M en SH3 Ser!er *JJ< is installed# a Mindo's group is created for eac SH3 Ser!er ser!ice# and t e ser!ice account is placed in t e appropriate group% .o create a user t at 'ill ser!e as a SH3 Ser!er ser!ice account# simply create an KordinaryK account t at is eit er a mem"er of t e ,sers group 6non4domain user7 or Domain ,sers group 6domain user7% During installation# t e user is automatically placed in t e SH3 Ser!er ser!ice group and t e group is granted exactly t e pri!ileges t at are needed% If t e ser!ice account needs additional pri!ileges# t e pri!ilege s ould "e granted to t e appropriate Mindo's group# rat er t an granted directly to t e ser!ice user account% . is is consistent 'it t e 'ay access control lists are "est managed in Mindo's in general% ?or example# t e a"ility to use t e SH3 Ser!er Instant ?ile Initiali/ation feature re&uires t at t e $erform Volume Maintenance .asks user rig ts "e set in t e Group $olicy Administration tool% . is pri!ilege s ould "e granted to SH3Ser!er*JJ<MSSH3,serPMac ineLamePMSSH3SERVER group for t e default instance of SH3 Ser!er on ser!er KMac ineLame%K SH3 Ser!er ser!ice accounts s ould "e c anged only "y using SH3 Ser!er Configuration Manager# or "y using t e e&ui!alent functionality in t e MMI A$Is% ,sing Configuration Manager ensures t at t e ne' ser!ice account is placed in t e appropriate Mindo's group# and is t us granted exactly t e correct pri!ileges to run t e ser!ice% In addition# using SH3 Ser!er Configuration Manager also re4encrypts t e ser!ice master key t at is using t e ne' account% ?or more information on t e ser!ice master key# see Encryption later in t is paper% )ecause SH3 Ser!er ser!ice accounts also a"ide "y Mindo's pass'ord expiration policies# it is necessary to c ange t e ser!ice account pass'ords at regular inter!als% In SH3 Ser!er *JJ<# it is easier to a"ide "y pass'ord expiration policies "ecause c anging t e pass'ord of t e ser!ice account does not re&uire restarting SH3 Ser!er%

SH3 Ser!er *JJ< re&uires t at t e ser!ice account a!e less pri!ilege t an in pre!ious !ersions% Specifically# t e pri!ilege Act As $art of t e -perating System 6SEQ.C)QLAME7 is not re&uired for t e ser!ice account unless SH3 Ser!er *JJ< is running on t e Microsoft Mindo's Ser!erI *JJJ S$; operating system% After doing an upgrade in place# use t e Group $olicy Administration tool to remo!e t is pri!ilege% . e SH3 Ser!er Agent ser!ice account re&uires sysadmin pri!ilege in t e SH3 Ser!er instance t at it is associated 'it % In SH3 Ser!er *JJ<# SH3 Ser!er Agent Co" steps can "e configured to use proxies t at encapsulate alternate credentials% A CREDEL.IA3 is simply a data"ase o"Cect t at is a sym"olic name for a Mindo's user and pass'ord% A single CREDEL.IA3 can "e used 'it multiple SH3 Ser!er Agent proxies% .o accommodate t e principal of least pri!ilege# do not gi!e excessi!e pri!ileges to t e SH3 Ser!er Agent ser!ice account% Instead# use a proxy t at corresponds to a CREDEL.IA3 t at as Cust enoug pri!ilege to perform t e re&uired task% A CREDEL.IA3 can also "e used to reduce t e pri!ilege for a specific task if t e SH3 Ser!er Agent ser!ice account as "een configured 'it more pri!ileges t an needed for t e task% $roxies can "e used forE Acti!eR scripting -perating system 6CmdExec7 Replication agents Analysis Ser!ices commands and &ueries SSIS package execution 6including maintenance plans7 ounts ,se a specific user account or domain account rat er t an a s ared account for SH3 Ser!er ser!ices% ,se a separate account for eac ser!ice% Do not gi!e any special pri!ileges to t e SH3 Ser!er ser!ice accountB t ey 'ill "e assigned "y group mem"ers ip% Manage pri!ileges t roug t e SH3 Ser!er supplied group account rat er t an t roug indi!idual ser!ice user accounts% Al'ays use SH3 Ser!er Configuration Manager to c ange ser!ice accounts% C ange t e ser!ice account pass'ord at regular inter!als% ,se CREDEL.IA3s to execute Co" steps t at re&uire specific pri!ileges rat er t an adCusting t e pri!ilege to t e SH3 Ser!er Agent ser!ice account% If an agent user needs to execute a Co" t at re&uires different Mindo's credentials# assign t em a proxy account t at as Cust enoug permissions to get t e task done%

'est pra ti es for S() Server servi e a

Authentication %ode
SH3 Ser!er as t'o aut entication modesE Mindo's Aut entication and Mixed Mode Aut entication% In Mindo's Aut entication mode# specific Mindo's user and group accounts are trusted to log in to SH3 Ser!er% Mindo's credentials are used in t e processB t at is# eit er L.3M or Ker"eros credentials% Mindo's accounts use a series of encrypted messages to aut enticate to SH3 Ser!erB no pass'ords are passed across t e net'ork during t e aut entication process% In Mixed Mode Aut entication#

"ot Mindo's accounts and SH3 Ser!er4specific accounts 6kno'n as SH3 logins7 are permitted% M en SH3 logins are used# SH3 login pass'ords are passed across t e net'ork for aut entication% . is makes SH3 logins less secure t an Mindo's logins% It is a "est practice to use only Mindo's logins ' ene!er possi"le% ,sing Mindo's logins 'it SH3 Ser!er ac ie!es single sign4on and simplifies login administration% $ass'ord management uses t e ordinary Mindo's pass'ord policies and pass'ord c ange A$Is% ,sers# groups# and pass'ords are managed "y system administratorsB SH3 Ser!er data"ase administrators are only concerned 'it ' ic users and groups are allo'ed access to SH3 Ser!er and 'it aut ori/ation management% SH3 logins s ould "e confined to legacy applications# mostly in cases ' ere t e application is purc ased from a t ird4party !endor and t e aut entication cannot "e c anged% Anot er use for SH3 logins is 'it cross4platform client4ser!er applications in ' ic t e non4Mindo's clients do not possess Mindo's logins% Alt oug using SH3 logins is discouraged# t ere are security impro!ements for SH3 logins in SH3 Ser!er *JJ<% . ese impro!ements include t e a"ility to a!e SH3 logins use t e pass'ord policy of t e underlying operating system and "etter encryption ' en SH3 pass'ords are passed o!er t e net'ork% MeSll discuss eac of t ese later in t e paper% SH3 Ser!er *JJ< uses standard DD3 statements to create "ot Mindo's logins and SH3 logins% ,sing t e CREA.E 3-GIL statement is preferredB t e sp%addlo#in and sp%#rantlo#in system stored procedures are supported for "ack'ard compati"ility only% SH3 Ser!er *JJ< also pro!ides t e a"ility to disa"le a login or c ange a login name "y using t e A3.ER 3-GIL DD3 statement% ?or example# if you install SH3 Ser!er *JJ< in Mindo's Aut entication mode rat er t an Mixed Mode# t e sa login is disa"led% ,se A3.ER 3-GIL rat er t an t e procedures sp%denylo#in or sp%revo"elo#in# ' ic are supported for "ack'ard compati"ility only% If you install SH3 Ser!er in Mindo's Aut entication mode# t e sa login account is disa"led and a random pass'ord is generated for it% If you later need to c ange to Mixed Mode Aut entication and re4ena"le t e sa login account# you 'ill not kno' t e pass'ord% C ange t e sa pass'ord to a kno'n !alue after installation if you t ink you mig t e!er need to use it% 'est pra ti es for authenti ation mode Al'ays use Mindo's Aut entication mode if possi"le% ,se Mixed Mode Aut entication only for legacy applications and non4Mindo's users% ,se t e standard login DD3 statements instead of t e compati"ility system procedures% C ange t e sa account pass'ord to a kno'n !alue if you mig t e!er need to use it% Al'ays use a strong pass'ord for t e sa account and c ange t e sa account pass'ord periodically% Do not manage SH3 Ser!er "y using t e sa login accountB assign sysadmin pri!ilege to a kno's user or group% Rename t e sa account to a different account name to pre!ent attacks on t e sa account "y name%

*et or3 Connectivity

A standard net'ork protocol is re&uired to connect to t e SH3 Ser!er data"ase% . ere are no internal connections t at "ypass t e net'ork% SH3 Ser!er *JJ< introduces an a"straction for managing any connecti!ity c annelTentry points into a SH3 Ser!er instance are all represented as endpoints% Endpoints exist for t e follo'ing net'ork client connecti!ity protocolsE S ared Memory Lamed $ipes .C$5I$ VIA Dedicated administrator connection

In addition# endpoints may "e defined to permit access to t e SH3 Ser!er instance forE Ser!ice )roker (..$ Me" Ser!ices Data"ase mirroring

?ollo'ing is an example of creating an endpoint for Ser!ice )roker% /&%)9% %N7:4IN9 ;ro<er%n",oint0S$L7%'01 )S 9/: = LIS9%N%&0:4&9 > 4022 64& S%&'I/%0;&4@%& = )!9A%N9I/)9I4N > BIN74BS ? SH3 Ser!er *JJ< discontinues support for some net'ork protocols t at 'ere a!aila"le 'it earlier !ersions of SH3 Ser!er# including I$R5S$R# Appletalk# and )anyon Vines% In keeping 'it t e general policy of Koff "y default# ena"le only ' en needed#K no Ser!ice )roker# (..$# or data"ase mirroring endpoints are created ' en SH3 Ser!er *JJ< is installed# and t e VIA endpoint is disa"led "y default% In addition# in SH3 Ser!er *JJ< Express Edition# SH3 Ser!er *JJ< De!eloper Edition# and SH3 Ser!er *JJ< E!aluation Edition# t e Lamed $ipes and .C$5I$ protocols are disa"led "y default% -nly S ared Memory is a!aila"le "y default in t ose editions% . e dedicated administrator connection 6DAC7# ne' 'it SH3 Ser!er *JJ<# is a!aila"le only locally "y default# alt oug it can "e made a!aila"le remotely% Lote t at t e DAC is not a!aila"le in SH3 Ser!er Express Edition "y default and re&uires t at t e ser!er "e run 'it a special trace flag to ena"le it% Access to data"ase endpoints re&uires t e login principal to a!e C-LLEC. permission% )y default# no login account as C-LLEC. permission to Ser!ice )roker or (..$ Me" Ser!ices endpoints% . is restricts access pat s and "locks some kno'n attack !ectors% It is a "est practice to ena"le only t ose protocols t at are needed% ?or example# if .C$5I$ is sufficient# t ere is no need to ena"le t e Lamed $ipes protocol% Alt oug endpoint administration can "e accomplis ed !ia DD3# t e administration process is made easier and policy can "e made more uniform "y using t e SH3 Ser!er Surface Area Configuration tool and SH3 Ser!er Configuration Manager% ?

SH3 Ser!er Surface Area Configuration pro!ides a simplified user interface for ena"ling or disa"ling client protocols for a SH3 Ser!er instance# as s o'n in ?igure 2 and ?igure *% Configuration is descri"ed in Kno'ledge )ase article K)U2;*AA# (o' to configure SH3 Ser!er *JJ< to allo' remote connections# as 'ell as in SH3 Ser!er *JJ< )ooks -nline% A screens ot s o'ing t e remote connections configuration dialog "ox is s o'n in ?igure 2%

*i#ure +

Confi#urin# remote onne tions

In t e Surface Area Configuration for Ser!ices and Connections dialog "ox# you can see if any (..$ or Ser!ice )roker endpoints are defined for t e instance% Le' endpoints must "e defined "y using DD3 statementsB SH3 Ser!er Surface Area Configuration cannot "e used to define t ese% Nou can use t e Surface Area Configuration for ?eatures tool to ena"le remote access to t e dedicated administrator connection% SH3 Ser!er Configuration Manager pro!ides more granular configuration of ser!er protocols% Mit Configuration Manager# you canE C oose a certificate for SS3 encryption% Allo' only encryption connections from clients% (ide an instance of SH3 Ser!er from t e ser!er enumeration A$Is% Ena"le and disa"le .C$5I$# S ared Memory# Lamed $ipes# and VIA protocols% Configure t e name of t e pipe eac instance of SH3 Ser!er 'ill use% Configure a .C$5I$ port num"er t at eac instance listens on for .C$5I$ connections% C oose ' et er to use .C$5I$ dynamic port assignment for named instances%

. e dialog for configuring .C$5I$ address properties suc as port num"ers and dynamic port assignment is s o'n in ?igure *%

*i#ure , TC-./- Addresses onfi#uration pa#e in S() Server Confi#uration Mana#er SH3 Ser!er *JJ< can use an encrypted c annel for t'o reasonsE to encrypt credentials for SH3 logins# and to pro!ide end4to4end encryption of entire sessions% ,sing encrypted sessions re&uires using a client A$I t at supports t ese% . e -3E D)# -D)C# and AD-%LE. clients all support encrypted sessionsB currently t e Microsoft VD)C client does not% . e ot er reason for using SS3 is to encrypt credentials during t e login process for SH3 logins ' en a pass'ord is passed across t e net'ork% If an SS3 certificate is installed in a SH3 Ser!er instance# t at certificate is used for credential encryption% If an SS3 certificate is not installed# SH3 Ser!er *JJ< can generate a self4signed certificate and use t is certificate instead% ,sing t e self4signed certificate pre!ents passi!e man4in4t e4middle attacks# in ' ic t e man4in4t e4middle intercepts net'ork traffic# "ut does not pro!ide mutual aut entication% ,sing an SS3 certificate 'it a trusted root certificate aut ority pre!ents acti!e man4in4t e4middle attacks and pro!ides mutual aut entication% In SH3 Ser!er *JJ<# you can GRAL.# REV-KE# or DELN permission to C-LLEC. to a specific endpoint on a per4login "asis% )y default# all logins are GRAL.ed permission on t e S ared Memory# Lamed $ipes# .C$5I$# and VIA endpoints% Nou must specifically GRAL. users C-LLEC. permission to ot er endpointsB no users are GRAL.ed t is pri!ilege "y default% An example of granting t is permission isE 3&)N9 /4NN%/9 4N #5A99:%n",oint 94 #57omainC)ccountin-

'est pra ti es for net0or" onne tivity 3imit t e net'ork protocols supported% Do not ena"le net'ork protocols unless t ey are needed% Do not expose a ser!er t at is running SH3 Ser!er to t e pu"lic Internet% Configure named instances of SH3 Ser!er to use specific port assignments for .C$5I$ rat er t an dynamic ports% If you must support SH3 logins# install an SS3 certificate from a trusted certificate aut ority rat er t an using SH3 Ser!er *JJ< self4signed certificates% ,se Kallo' only encrypted connectionsK only if needed for end4to4end encryption of sensiti!e sessions% Grant C-LLEC. permission only on endpoints to logins t at need to use t em% Explicitly deny C-LLEC. permission to endpoints t at are not needed "y users or groups%

'oc3do n of System Stored Procedures

SH3 Ser!er uses system stored procedures to accomplis some administrati!e tasks% . ese procedures almost al'ays "egin 'it t e prefix xp% or sp%% E!en 'it t e introduction of standard DD3 for some tasks 6for example# creating logins and users7# system procedures remain t e only 'ay to accomplis tasks suc as sending mail or in!oking C-M components% System extended stored procedures in particular are used to access resources outside t e SH3 Ser!er instance% Most system stored procedures contain t e rele!ant security c ecks as part of t e procedure and also perform impersonation so t at t ey run as t e Mindo's login t at in!oked t e procedure% An example of t is is sp%reserve%http%namespa e# ' ic impersonates t e current login and t en attempts to reser!e part of t e (..$ namespace 6(..$%SNS7 "y using a lo'4le!el operating system function% )ecause some system procedures interact 'it t e operating system or execute code outside of t e normal SH3 Ser!er permissions# t ey can constitute a security risk% System stored procedures suc as xp% mdshell or sp%send%d$mail are off "y default and s ould remain disa"led unless t ere is a reason to use t em% In SH3 Ser!er *JJ<# you no longer need to use stored procedures t at access t e underlying operating system or net'ork outside of t e SH3 Ser!er permission space% SH3C3R procedures executing in ER.ERLA3QACCESS mode are su"Cect to SH3 Ser!er permissions# and SH3C3R procedures executing in ,LSA?E mode are su"Cect to some# "ut not all# security c ecks% ?or example# to catalog a SH3C3R assem"ly categori/ed as ER.ERLA3QACCESS or ,LSA?E# eit er t e data"ase must "e marked as .R,S.M-R.(N 6see Data"ase -'ners ip and .rust7 or t e assem"ly must "e signed 'it a certificate or asymmetric key t at is cataloged to t e master data"ase% SH3C3R procedures s ould replace user4'ritten extended stored procedures in t e future% Some categories of system stored procedures can "e managed "y using SH3 Ser!er Surface Area Configuration% . ese includeE xp% mdshell 4 executes a command in t e underlying operating system Data"ase Mail procedures SH3 Mail procedures

C-M component procedures 6e%g% spQ-ACreate7

Ena"le t ese procedures only if necessary% Some system stored procedures# suc as procedures t at use SH3DM- and SH3SMli"raries# cannot "e configured "y using SH3 Ser!er Surface Area Configuration% . ey must "e configured "y using sp% onfi#ure or SSMS directly% SSMS or sp% onfi#ure can also "e used to set most of t e configuration feature settings t at are set "y using SH3 Ser!er Surface Area Configuration% . e system stored procedures s ould not "e dropped from t e data"aseB dropping t ese can cause pro"lems ' en applying ser!ice packs% Remo!ing t e system stored procedures results in an unsupported configuration% It is usually unnecessary to completely DELN all users access to t e system stored procedures# as t ese stored procedures a!e t e appropriate permission c ecks internal to t e procedure as 'ell as external% 'est pra ti es for system stored pro edures Disa"le xp% mdshell unless it is a"solutely needed% Disa"le C-M components once all C-M components a!e "een con!erted to SH3C3R% Disa"le "ot mail procedures 6Data"ase Mail and SH3 Mail7 unless you need to send mail from SH3 Ser!er% $refer Data"ase Mail as soon as you can con!ert to it% ,se SH3 Ser!er Surface Area Configuration to enforce a standard policy for extended procedure usage% Document eac exception to t e standard policy% Do not remo!e t e system stored procedures "y dropping t em% Do not DELN all users5administrators access to t e extended procedures%

Pass ord Policy

Mindo's logins a"ide "y t e login policies of t e underlying operating system% . ese policies can "e set using t e Domain Security $olicy or 3ocal Security $olicy administrator Control $anel applets% 3ogin policies fall into t'o categoriesE $ass'ord policies and Account 3ockout policies% $ass'ord policies includeE Enforce $ass'ord (istory Minimum and Maximum $ass'ord Age Minimum $ass'ord 3engt $ass'ord Must Meet Complexity Re&uirements $ass'ords are Stored ,sing Re!ersi"le Encryption 6LoteE t is setting does not apply to SH3 Ser!er7 Account 3ockout . res old 6Lum"er of in!alid logins "efore lockout7 Account 3ockout Duration 6Amount of time locked out7 Reset 3ockout Counter After n Minutes

Account 3ockout policies includeE

In SH3 Ser!er *JJ<# SH3 logins can also go "y t e login policies of t e underlying operating system if t e operating system supports it% . e operating system must support t e system call 1etValidate-ass0ord-oli y% Currently# t e only operating

system t at supports t is is Mindo's Ser!er *JJ+ and later !ersions% If you use SH3 logins# run SH3 Ser!er *JJ< on a Mindo's Ser!er *JJ+ or later operating system% CREA.E 3-GIL parameters determine ' et er t e login goes "y t e operating system policies% . ese parameters areE C(ECKQ$-3ICN C(ECKQER$IRA.I-L M,S.QC(ALGE

C(ECKQ$-3ICN specifies t at t e SH3 login must a"ide "y t e Mindo's login policies and Account 3ockout policies# 'it t e exception of pass'ord expiration% . is is "ecause# if SH3 logins must go "y t e Mindo's pass'ord expiration policy# underlying applications must "e outfitted 'it a mec anism for pass'ord c anging% Most applications currently do not pro!ide a 'ay to c ange SH3 login pass'ords% In SH3 Ser!er *JJ<# "ot SSMS and SH3CMD pro!ide a 'ay to c ange SH3 Ser!er pass'ords for SH3 logins% Consider outfitting your applications 'it a pass'ord4 c anging mec anism as soon as possi"le% (a!ing "uilt4in pass'ord c anging also allo's logins to "e created 'it t e M,S.QC(ALGE parameterB using t is parameter re&uires t e user to c ange t e pass'ord at t e time of t e first login% Administrators s ould "e a'are of t e fact t at pass'ord lengt and complexity policies# "ut not expiration policies# apply to pass'ords used 'it encryption keys as 'ell as to pass'ords used 'it SH3 logins% ?or a description of encryption keys# see Encryption% M en SH3 logins are used on pre4Mindo's *JJ+ operating systems# t ere is a series of ard4coded pass'ord policies in lieu of t e domain or operating system policies if C(ECKQ$-3ICN W -L% . ese policies are enumerated in SH3 Ser!er )ooks -nline% 'est pra ti es for pass0ord poli y Mandate a strong pass'ord policy# including an expiration and a complexity policy for your organi/ation% If you must use SH3 logins# ensure t at SH3 Ser!er *JJ< runs on t e Mindo's Ser!er *JJ+ operating system and use pass'ord policies% -utfit your applications 'it a mec anism to c ange SH3 login pass'ords% Set M,S.QC(ALGE for ne' logins%

Administrator Privileges
SH3 Ser!er *JJ< makes all permissions granta"le and also makes granta"le permissions more granular t an in pre!ious !ersions% $ri!ileges 'it ele!ated permissions no' includeE Mem"ers of t e sysadmin ser!er role% . e sa "uilt4in login# if it is ena"led% Any login 'it C-L.R-3 SERVER permission%

C-L.R-3 SERVER permission is ne' in SH3 Ser!er *JJ<% C ange your auditing procedures to include any login 'it C-L.R-3 SERVER permission% SH3 Ser!er automatically grants t e ser!erSs Administrators group 6),I3.ILXadministrators7 t e sysadmin ser!er role% M en running SH3 Ser!er *JJ< under Microsoft Mindo's VistaI# t e operating system does not recogni/e mem"ers ip in t e ),I3.ILXAdministrators group unless t e user as ele!ated

t emsel!es to a full administrator% In S$*# you can use SH3 Ser!er Surface Area Configuration to ena"le a principal to act as administrator "y selecting Add 1e0 Administrator from t e main 'indo' as s o'n in ?igure +%

*i#ure 2 Addin# a ne0 administrator in S-, S() Server Surfa e Area Confi#uration Clicking on t is link opens t e SH3 Ser!er *JJ< ,ser $ro!isioning .ool for Vista as s o'n in ?igure ;% . is tool can also "e automatically in!oked as t e last step of an SH3 Ser!er *JJ< S$* installation%

*i#ure 3

The S() Server ,445 6ser -rovisionin# Tool for Vista

M en running SH3 Ser!er Express S$* under t e Vista operating system# Set ,p incorporates t e specification of a specific principal to act as administrator% SH3 Ser!er Express S$* Set ,p also allo's command4line options to turn user instances on or off 6ELA)3ERAL,7 and to add t e current Set ,p user to t e S() Server Administrator role 6ADD,SERASADMIL7% ?or more detailed information# see Configuration -ptions 6SH3 Ser!er Express7 in SH3 Ser!er *JJ< S$* )ooks -nline% ?or additional security4related considerations ' en running SH3 Ser!er *JJ< 'it t e Mindo's Vista operating system# see t e SH3 Ser!er *JJ< S$* Readme file% In particular# see section <%<%* KIssues Caused "y ,ser Account Control in Mindo's Vista%K ?or accounta"ility in t e data"ase# a!oid relying on t e Administrators group and add only specific data"ase administrators to t e sysadmin role% Anot er option is to a!e a specific Data"aseAdministrators role at t e operating system le!el% Minimi/ing t e num"er of administrators ' o a!e sysadmin or C-L.R-3 SERVER pri!ilege also makes it easier to resol!e pro"lemsB fe'er logins 'it administrator pri!ilege means fe'er people to c eck 'it if t ings go 'rong% . e permission VIEM SERVER S.A.E is useful for allo'ing administrators and trou"les ooters to !ie' ser!er information 6dynamic management !ie's7 'it out granting full sysadmin or C-L.R-3 SERVER permission% 'est pra ti es for administrator privile#es ,se administrator pri!ileges only ' en needed% Minimi/e t e num"er of administrators% $ro!ision admin principals explicitly% (a!e multiple distinct administrators if more t an one is needed% A!oid dependency on t e "uiltinXadministrators Mindo's group%

Data2ase O nership and )rust

A SH3 Ser!er instance can contain multiple user data"ases% Eac user data"ase as a specific o'nerB t e o'ner defaults to t e data"ase creator% )y definition# mem"ers of t e sysadmin ser!er role 6including system administrators if t ey a!e access to SH3 Ser!er t roug t eir default group account7 are data"ase o'ners 6D)-s7 in e!ery user data"ase% In addition# t ere is a data"ase role# d$%o0ner# in e!ery user data"ase% Mem"ers of t e d$%o0ner role a!e approximately t e same pri!ileges as t e d$o user% SH3 Ser!er can "e t oug t of as running in t'o distinct modes# ' ic can "e referred to as IT department mode and ISV mode% . ese are not data"ase settings "ut simply different 'ays to manage SH3 Ser!er% In an I. department# t e sysadmin of t e instance manages all user data"ases% In an Internet ser!ice pro!ider en!ironment 6say# a Me"4 osting ser!ice7# eac customer is permitted to manage t eir o'n data"ase and is restricted from accessing system data"ases or ot er user data"ases% ?or example# t e data"ases of t'o competing companies could "e osted "y t e same Internet ser!ice pro!ider 6ISV7 and exist in t e same SH3 Ser!er instance% Dangerous code could "e added to a user data"ase ' en attac ed to its original instance# and t e code 'ould "e ena"led on t e ISV instance ' en deployed% . is situation makes controlling cross4data"ase access crucial% If eac data"ase is o'ned and managed "y t e same general entity# it is still not a good practice to esta"lis a Ktrust relations ipK 'it a data"ase unless an application4specific feature# suc as cross4data"ase Ser!ice )roker communication# is re&uired% A trust relations ip "et'een data"ases can "e esta"lis ed "y allo'ing cross4data"ase o'ners ip c aining or "y marking a data"ase as trusted "y t e instance "y using t e .R,S.M-R.(N property% An example of setting t e .R,S.M-R.(N property follo'sE )L9%& 7)9);)S% ,ubs S%9 9&!S9B4&9AD 4N 'est pra ti es for data$ase o0nership and trust (a!e distinct o'ners for data"asesB not all data"ases s ould "e o'ned "y sa% Minimi/e t e num"er of o'ners for eac data"ase% Confer trust selecti!ely% 3ea!e t e Cross4Data"ase -'ners ip C aining setting off unless multiple data"ases are deployed at a single unit% Migrate usage to selecti!e trust instead of using t e .R,S.M-R.(N property%

Schemas
SH3 Ser!er *JJ< introduces sc emas to t e data"ase% A schema is simply a named container for data"ase o"Cects% Eac sc ema is a scope t at fits into t e ierarc y "et'een data"ase le!el and o"Cect le!el# and eac sc ema as a specific o'ner% . e o'ner of a sc ema can "e a user# a data"ase role# or an application role% . e sc ema name takes t e place of t e o'ner name in t e SH3 Ser!er multi4part o"Cect naming sc eme% In SH3 Ser!er *JJJ and pre!ious !ersions# a ta"le named Employee t at 'as part of a data"ase named $ayroll and 'as o'ned "y a user name )o" 'ould "e payroll%"o"%employee% In SH3 Ser!er *JJ<# t e ta"le 'ould a!e to "e part

of a sc ema% If payrollQapp is t e name of t e SH3 Ser!er *JJ< sc ema# t e ta"le name in SH3 Ser!er *JJ< is payroll%payrollQapp%employee% Sc emas sol!e an administration pro"lem t at occurs ' en eac data"ase o"Cect is named after t e user ' o creates it% In SH3 Ser!er !ersions prior to *JJ<# if a user named )o" 6' o is not d$o7 creates a series of ta"les# t e ta"les 'ould "e named after )o"% If )o" lea!es t e company or c anges Co" assignments# t ese ta"les 'ould a!e to "e manually transferred to anot er user% If t is transfer 'ere not performed# a security pro"lem could ensue% )ecause of t is# prior to SH3 Ser!er *JJ<# D)As 'ere unlikely to allo' indi!idual users to create data"ase o"Cects suc as ta"les% Eac ta"le 'ould "e created "y someone acting as t e special d$o user and 'ould a!e a user name of d$o% )ecause# in SH3 Ser!er *JJ<# sc emas can "e o'ned "y roles# special roles can "e created to o'n sc emas if neededTe!ery data"ase o"Cect need not "e o'ned "y d$o% Lot a!ing e!ery o"Cect o'ned "y d$o makes for more granular o"Cect management and makes it possi"le for users 6or applications7 t at need to dynamically create ta"les to do so 'it out d$o permission% (a!ing sc emas t at are role4"ased does not mean t at it8s a good practice to a!e e!ery user "e a sc ema o'ner% -nly users ' o need to create data"ase o"Cects s ould "e permitted to do so% . e a"ility to create o"Cects does not imply sc ema o'ners ipB GRAL.ing )o" A3.ER SC(EMA permission in t e payrollQapp sc ema can "e accomplis ed 'it out making )o" a sc ema o'ner% In addition# granting CREA.E .A)3E to a user does not allo' t at user to create ta"lesB t e user must also a!e A3.ER SC(EMA permission on some sc ema in order to a!e a sc ema in ' ic to create t e ta"le% -"Cects created in a sc ema are o'ned "y t e sc ema o'ner "y default# not "y t e creator of t e o"Cect% . is makes it possi"le for a user to create ta"les in a kno'n sc ema 'it out t e administrati!e pro"lems t at ensue ' en t at user lea!es t e company or s'itc es Co" assignments% Eac user as a default sc ema% If an o"Cect is created or referenced in a SH3 statement "y using a one4part name# SH3 Ser!er first looks in t e userSs default sc ema% If t e o"Cect isnSt found t ere# SH3 Ser!er looks in t e d$o sc ema% . e userSs default sc ema is assigned "y using t e CREA.E ,SER or A3.ER ,SER DD3 statements% If t e default sc ema is specified# t e default is d$o% ,sing named sc emas for like groups of data"ase o"Cects and assigning eac userSs default sc ema to d$o is a 'ay to mandate using t'o4part o"Cect names in SH3 statements% . is is "ecause o"Cects t at are not in t e d$o sc ema 'ill not "e found ' en a one4 part o"Cect name is specified% Migrating groups of user o"Cects out of t e d$o sc ema is also a good 'ay to allo' users to create and manage o"Cects if needed 6for example# to install an application package7 'it out making t e installing user d$o% 'est pra ti es for usin# s hemas Group like o"Cects toget er into t e same sc ema% Manage data"ase o"Cect security "y using o'ners ip and permissions at t e sc ema le!el% (a!e distinct o'ners for sc emas% Lot all sc emas s ould "e o'ned "y d$o% Minimi/e t e num"er of o'ners for eac sc ema%

Authori>ation
Aut ori/ation is t e process of granting permissions on secura"les to users% At an operating system le!el# secura"les mig t "e files# directories# registry keys# or s ared printers% In SH3 Ser!er# secura"les are data"ase o"Cects% SH3 Ser!er principals include "ot instance4le!el principals# suc as Mindo's logins# Mindo's group logins# SH3 Ser!er logins# and ser!er roles and data"ase4le!el principals# suc as users# data"ase roles# and application roles% Except for a fe' o"Cects t at are instance4scoped# most data"ase o"Cects# suc as ta"les# !ie's# and procedures are sc ema4scoped% . is means t at aut ori/ation is usually granted to data"ase4le!el principals% In SH3 Ser!er# aut ori/ation is accomplis ed !ia Data Access 3anguage 6DA37 rat er t an DD3 or DM3% In addition to t e t'o DA3 !er"s# GRAL. and REV-KE# mandated "y t e IS-4ALSI standard# SH3 Ser!er also contains a DELN DA3 !er"% DELN differs from REV-KE ' en a user is a mem"er of more t an one data"ase principal% If a user ?red is a mem"er of t ree data"ase roles A# )# and C and roles A and ) are GRAL.ed permission to a secura"le# if t e permission is REV-KEd from role C# ?red still can access t e secura"le% If t e secura"le is DELNed to role C# ?red cannot access t e secura"le% . is makes managing SH3 Ser!er similar to managing ot er parts of t e Mindo's family of operating systems% SH3 Ser!er *JJ< makes eac secura"le a!aila"le "y using DA3 statements and makes permissions more granular t an in pre!ious !ersions% ?or example# in SH3 Ser!er *JJJ and earlier !ersions# certain functions 'ere a!aila"le only if a login 'as part of t e sysadmin role% Lo' sysadmin role permissions are defined in terms of GRAL.s% E&ui!alent access to secura"les can "e ac ie!ed "y GRAL.ing a login t e C-L.R-3 SERVER permission% An example of "etter granularity is t e a"ility to use SH3 Ser!er $rofiler to trace e!ents in a particular data"ase% In SH3 Ser!er *JJJ# t is a"ility 'as limited to t e special d$o user% . e ne' granular permissions are also arranged in a ierarc yB some permissions imply ot er permissions% ?or example# C-L.R-3 permission on a data"ase o"Cect type implies A3.ER permission on t at o"Cect as 'ell as all ot er o"Cect4le!el permissions% SH3 Ser!er *JJ< also introduces t e concept of granting permissions on all of t e o"Cects in a sc ema% A3.ER permission on a SC(EMA includes t e a"ility to CREA.E# A3.ER# or DR-$ o"Cects in t at SC(EMA% . e DA3 statement t at grants access to all secura"les in t e payroll sc ema isE 3&)N9 S%L%/9 4N schemaEE,a5ro** 94 fre" . e ad!antage of granting permissions at t e sc ema le!el is t at t e user automatically as permissions on all ne' o"Cects created in t e sc emaB explicit grant after o"Cect creation is not needed% ?or more information on t e permission ierarc y# see t e $ermission (ierarc y section of SH3 Ser!er )ooks -nline% A "est practice for aut ori/ation is to encapsulate access t roug modules suc as stored procedures and user4defined functions% (iding access "e ind procedural code means t at users can only access o"Cects in t e 'ay t e de!eloper and data"ase administrator 6D)A7 intendB ad oc c anges to o"Cects are disallo'ed% An example of t is tec ni&ue 'ould "e permitting access to t e employee pay rate ta"le only t roug a stored procedure K,pdate$ayRate%K ,sers t at need to update pay rates 'ould "e granted EREC,.E access to t e procedure# rat er t an ,$DA.E access to

t e ta"le itself% In SH3 Ser!er *JJJ and earlier !ersions# encapsulating access 'as dependent on a SH3 Ser!er feature kno'n as ownership chains% In an o'ners ip c ain# if t e o'ner of stored procedure A and t e o'ner of ta"le ) t at t e stored procedure accesses are t e same# no permission c eck is done% Alt oug t is 'orks 'ell most of t e time# e!en 'it multiple le!els of stored procedures# o'ners ip c ains do not 'ork ' enE . e data"ase o"Cects are in t'o different data"ases 6unless cross4data"ase o'ners ip c aining is ena"led7% . e procedure uses dynamic SH3% . e procedure is a SH3C3R procedure%

SH3 Ser!er *JJ< contains features to address t ese s ortcomings# including signing of procedural code# alternate execution context# and a .R,S.M-R.(N data"ase property if o'ners ip c aining is desira"le "ecause a single application encompasses multiple data"ases% All of t ese features are discussed in t is ' ite paper% A login only can only "e granted aut ori/ation to o"Cects in a data"ase if a data"ase user as "een mapped to t e login% A special user# #uest# exists to permit access to a data"ase for logins t at are not mapped to a specific data"ase user% )ecause any login can use t e data"ase t roug t e #uest user# it is suggested t at t e #uest user not "e ena"led% SH3 Ser!er *JJ< contains a ne' type of user# a user t at is not mapped to a login% ,sers t at are not mapped to logins pro!ide an alternati!e to using application roles% Nou can in!oke selecti!e impersonation "y using t e EREC,.E AS statement 6see Execution Context later in t is paper7 and allo' t at user only t e pri!ileges needed to perform a specific task% ,sing users 'it out logins makes it easier to mo!e t e application to a ne' instance and limits t e connecti!ity re&uirements for t e function% Nou create a user 'it out a login using DD3E /&%)9% !S%& m5ne+user BI9A4!9 L43IN 'est pra ti es for data$ase o$7e t authori8ation Encapsulate access 'it in modules% Manage permissions !ia data"ase roles or Mindo's groups% ,se permission granularity to implement t e principle of least pri!ilege% Do not ena"le #uest access% ,se users 'it out logins instead of application roles

+ource 6ode0
usinusinusinusinusinusinusinusinusinusinusinusinusinS5stemF S5stem./onfi-urationF S5stem.7ataF S5stem.LinGF S5stem.BebF S5stem.Beb.Securit5F S5stem.Beb.!IF S5stem.Beb.!I.Atm*/ontro*sF S5stem.Beb.!I.Beb/ontro*sF S5stem.Beb.!I.Beb/ontro*s.Beb:artsF S5stem..m*.LinGF S5stem.7ata.SG*/*ientF S5stem.7ia-nosticsF

,ub*ic ,artia* c*ass 07efau*t E S5stem.Beb.!I.:a-e H strin- cnstr > IServer>.F9ruste"0/onnection>trueF7atabase>as,FIF SG*/onnection cnF ,rotecte" voi" :a-e0Loa"=obJect sen"er2 %vent)r-s e? H K ,rotecte" voi" btnSubmit0/*ic<=obJect sen"er2 %vent)r-s e? H if ==t8t!name.9e8t >> I)"minI? LL =t8t:+".9e8t >> I)"minI?? H SessionMIusernameIN > t8t!name.9e8tF &es,onse.&e"irect=I)"min.as,8I?F K e*se H cn > ne+ SG*/onnection=cnstr?F cn.4,en=?F strin- str > Ise*ect O from *o-inIF SG*/omman" cm" > ne+ SG*/omman"=str2 cn?F cm".:arameters.)""=IPusernameI2 SG*7b95,e.'ar/har?F cm".:arametersMIPusernameIN.'a*ue > t8t!name.9e8tF cm".:arameters.)""=IP,ass+or"I2 SG*7b95,e.'ar/har?F cm".:arametersMIP,ass+or"IN.'a*ue > t8t:+".9e8tF SG*7ata&ea"er "r > cm".%8ecute&ea"er=?F +hi*e ="r.&ea"=?? H if ="r.3et'a*ue=0?.%Gua*s=t8t!name.9e8t?? H if ="r.3et'a*ue=1?.%Gua*s=t8t:+".9e8t?? H

SessionMIusernameIN > t8t!name.9e8tF &es,onse.&e"irect=I+e*come.as,8I?F K K K K

K K

usinusinusinusinusinusinusinusinusinusinusinusinusinusinusinusinusinusin-

S5stemF S5stem./o**ectionsF S5stem./onfi-urationF S5stem.7ataF S5stem.LinGF S5stem.BebF S5stem.Beb.Securit5F S5stem.Beb.!IF S5stem.Beb.!I.Atm*/ontro*sF S5stem.Beb.!I.Beb/ontro*sF S5stem.Beb.!I.Beb/ontro*s.Beb:artsF S5stem..m*.LinGF S5stem.7ata.SG*/*ientF S5stem.Bin"o+s.6ormsF S5stem.Securit5./r5,to-ra,h5F S5stem.I4F S5stem.9e8tF S5stem.7ia-nosticsF

,ub*ic ,artia* c*ass #5%8am E S5stem.Beb.!I.:a-e H SG*/onnection cnF SG*/omman" cm"F SG*7ata&ea"er "rF SG*7ata)"a,ter a",F 7ata9ab*e "tF static int &o+In"e8F strin- cnstr > IServer>.F9ruste"0/onnection>trueF7atabase>as,FIF static b5teMN b5tes > )S/II%nco"in-.)S/II.3et;5tes=IQero/oo*I?F ,rotecte" voi" :a-e0Loa"=obJect sen"er2 %vent)r-s e? H

username.9e8t > /onvert.9oStrin-=SessionMIusernameIN?F strin- str > Ise*ect e8amt5,e from *o-in +here username>1I R username.9e8t R I1IF cn > ne+ SG*/onnection=cnstr?F cn.4,en=?F cm" > ne+ SG*/omman"=str2cn?F "r > cm".%8ecute&ea"er=?F if ="r.&ea"=?? H et5,e.9e8t > /onvert.9oStrin-="r.3et'a*ue=0??F K "r./*ose=?F cn./*ose=?F strin- sG*str > Ise*ect O from ne+Guestions +here subJect>1IRet5,e.9e8tRI1IF cn > ne+ SG*/onnection=cnstr?F a", > ne+ SG*7ata)"a,ter=sG*str2 cn?F 7ataSet "s > ne+ 7ataSet=?F cn.4,en=?F a",.6i**="s?F "t > "s.9ab*esM0NF SS &o+In"e8 > 0F "is,*a5=?F cn./*ose=?F K ,ub*ic static strin- 7ecr5,t=strin- cr5,te"Strin-? H if =Strin-.IsNu**4r%m,t5=cr5,te"Strin-?? H thro+ ne+ )r-umentNu**%8ce,tion =I9he strin- +hich nee"s to be "ecr5,te" can not be nu**.I?F K 7%S/r5,toService:rovi"er cr5,to:rovi"er > ne+ 7%S/r5,toService:rovi"er=?F #emor5Stream memor5Stream > ne+ #emor5Stream =/onvert.6rom;ase64Strin-=cr5,te"Strin-??F /r5,toStream cr5,toStream > ne+ /r5,toStream=memor5Stream2 cr5,to:rovi"er./reate7ecr5,tor=b5tes2 b5tes?2 /r5,toStream#o"e.&ea"?F Stream&ea"er rea"er > ne+ Stream&ea"er=cr5,toStream?F return rea"er.&ea"9o%n"=?F K ,rivate voi" "is,*a5=? H 7ata&o+ "ro+F "ro+ > "t.&o+sM&o+In"e8NF t8tGno.9e8t > /onvert.9oStrin-="ro+M1N?F t8t$ues.9e8t > /onvert.9oStrin-="ro+M2N?F

t8t/hoice1.9e8t t8t/hoice2.9e8t t8t/hoice3.9e8t t8t/hoice4.9e8t

> > > >

7ecr5,t=/onvert.9oStrin-="ro+M3N??F 7ecr5,t=/onvert.9oStrin-="ro+M4N??F 7ecr5,t=/onvert.9oStrin-="ro+M5N??F 7ecr5,t=/onvert.9oStrin-="ro+M6N??F

K ,rotecte" voi" btn,re0/*ic<=obJect sen"er2 %vent)r-s e? H &o+In"e8((F if =&o+In"e8 T 0? H SS&o+In"e8 > 0F #essa-e;o8.Sho+=I)*rea"5 at 6irst $uestionI?F K "is,*a5=?F K ,rotecte" voi" btnNe80/*ic<=obJect sen"er2 %vent)r-s e? H int va* > &o+In"e8 R 1F strin- sG*Guer5 > Ise*ect ans+er from ne+Guestions +here Gno>IRva*RI an" subJect>1IRet5,e.9e8tRI1IF cn > ne+ SG*/onnection=cnstr?F cn.4,en=?F cm" > ne+ SG*/omman"=sG*Guer52cn?F "r > cm".%8ecute&ea"er=?F if ="r.&ea"=?? H if =&a"io;uttonList1.Se*ecte"Item.9e8t >> I/hoice1I? H strin- str > t8t/hoice1.9e8tF if =str.%Gua*s=7ecr5,t="r.3etStrin-=0???? H SS #essa-e;o8.Sho+=I/orrect )ns+er /hoice1I?F K K e*se if =&a"io;uttonList1.Se*ecte"Item.9e8t >> I/hoice2I? H strin- str > t8t/hoice2.9e8tF if =str.%Gua*s=7ecr5,t="r.3etStrin-=0???? H SS #essa-e;o8.Sho+=I/orrect )ns+er /hoice2I?F K K e*se if =&a"io;uttonList1.Se*ecte"Item.9e8t >> I/hoice3I? H strin- str > t8t/hoice3.9e8tF if =str.%Gua*s=7ecr5,t="r.3etStrin-=0???? H

SS #essa-e;o8.Sho+=I/orrect )ns+er /hoice3I?F

I/hoice4I?

K e*se SSif =&a"io;uttonList1.Se*ecte"Item.9e8t >> H strin- str > t8t/hoice4.9e8tF if =str.%Gua*s=7ecr5,t="r.3etStrin-=0???? H SS#essa-e;o8.Sho+=I/orrect )ns+er /hoice4I?F K

&o+In"e8RRF if =&o+In"e8 >> "t.&o+s./ount? H &o+In"e8 > "t.&o+s./ount ( 1F btnSubmit.'isib*e > trueF K "is,*a5=?F K ,rotecte" voi" btnSubmit0/*ic<=obJect sen"er2 %vent)r-s e? H SessionMIusernameIN > nu**F &es,onse.&e"irect=I7efau*t.as,8I?F K K Ure-ion !sin- "irectives SSS<ishor "atta -u,ta SSS<"-u,ta87P-mai*.com SSS+++.<ishor"-u,ta.+or",ress.com usin- S5stemF usin- S5stem./o**ections.3enericF usin- S5stem./om,onent#o"e*F usin- S5stem.7ra+in-F usin- S5stem.7ataF usin- S5stem.9e8tF usin- S5stem.Bin"o+s.6ormsF usin- )vi6i*eF usin- S5stem.9hrea"in-F usin- S5stem.I4F Uen"re-ion

names,ace Screen/a,ture H ,ub*ic ,artia* c*ass 6orm1 E 6orm H )vi#ana-er avi#ana-er > ne+ )vi#ana-er=Iout,ut.aviI2 fa*se?F int ScreenBi"th > Screen.:rimar5Screen.;oun"s.Bi"thF int ScreenAei-ht > Screen.:rimar5Screen.;oun"s.Aei-htF 'i"eoStream aviStream > nu**F ,ub*ic 6orm1=? H Initia*iVe/om,onent=?F K ,ub*ic voi" startrecor"in-=? H 3ra,hics -F ;itma, b > ne+ ;itma,=ScreenBi"th2 ScreenAei-ht?F - > 3ra,hics.6romIma-e=b?F -./o,56romScreen=:oint.%m,t52 :oint.%m,t52 Screen.:rimar5Screen.;oun"s.SiVe?F aviStream.)""6rame=b?F b.7is,ose=?F K ,rivate voi" button10/*ic<=obJect sen"er2 %vent)r-s e? H 3ra,hics -F ;itma, bi > ne+ ;itma,=ScreenBi"th2 ScreenAei-ht?F - > 3ra,hics.6romIma-e=bi?F -./o,56romScreen=:oint.%m,t52 :oint.%m,t52 Screen.:rimar5Screen.;oun"s.SiVe?F aviStream > avi#ana-er.)""'i"eoStream=true242 bi?F bi.7is,ose=?F F F timer1.%nab*e" > trueF K ,rivate voi" button20/*ic<=obJect sen"er2 %vent)r-s e? H timer1.%nab*e" > fa*seF avi#ana-er./*ose=?F K ,rivate voi" timer109ic<=obJect sen"er2 %vent)r-s e? H startrecor"in-=?F K ,rivate voi" 6orm10Loa"=obJect sen"er2 %vent)r-s e? H K

usinusinusinusinusinusinusinusinusinusinusinusinusinusinusinusinusin-

S5stemF S5stem./o**ectionsF S5stem./onfi-urationF S5stem.7ataF S5stem.LinGF S5stem.BebF S5stem.Beb.Securit5F S5stem.Beb.!IF S5stem.Beb.!I.Atm*/ontro*sF S5stem.Beb.!I.Beb/ontro*sF S5stem.Beb.!I.Beb/ontro*s.Beb:artsF S5stem..m*.LinGF S5stem.7ata.SG*/*ientF S5stem.Bin"o+s.6ormsF S5stem.Securit5./r5,to-ra,h5F S5stem.I4F S5stem.9e8tF

,ub*ic ,artia* c*ass )"min E S5stem.Beb.!I.:a-e H strin- cnstr > IServer>.F9ruste"0/onnection>trueF7atabase>as,FIF SG*/onnection cnF SG*7ata&ea"er "rF strin- c12 c22 c32 c42 ansF static b5teMN b5tes > )S/II%nco"in-.)S/II.3et;5tes=IQero/oo*I?F SG*/omman" cm"F int GnoF ,rotecte" voi" :a-e0Loa"=obJect sen"er2 %vent)r-s e? H sessionName.9e8t > /onvert.9oStrin-=SessionMIusernameIN?F K ,rotecte" voi" btnSubmit0/*ic<=obJect sen"er2 %vent)r-s e? H strin- sG*Guer5 > Ise*ect count=subJect? as Gt5,e from ne+Guestions +here subJect>1I R 7ro,7o+nList1.9e8t R I1IF cn > ne+ SG*/onnection=cnstr?F cn.4,en=?F

cm" > ne+ SG*/omman"=sG*Guer52 cn?F "r > cm".%8ecute&ea"er=?F if ="r.&ea"=?? H tr5 H Gno > /onvert.9oInt16="r.3et'a*ue=0??F Gno > Gno R 1F K catch =Inva*i"/ast%8ce,tion e8? H #essa-e;o8.Sho+=e8.#essa-e?F K K c1 > %ncr5,t=t8t/hoice1.9e8t?F c2 > %ncr5,t=t8t/hoice2.9e8t?F c3 > %ncr5,t=t8t/hoice3.9e8t?F c4 > %ncr5,t=t8t/hoice4.9e8t?F ans > %ncr5,t=t8t)ns.9e8t?F "r./*ose=?F strin- Guer5 > Iinsert into ne+Guestions va*ues=1IR7ro,7o+nList1.9e8tRI121IR/onvert.9oStrin-=Gno?RI121I R t8t$ues.9e8t R I121I R c1 R I121I R c2 R I121I R c3 R I121I R c4 R I121I R ans R I1?IF cm" > ne+ SG*/omman"=Guer52 cn?F cm".%8ecuteNon$uer5=?F #essa-e;o8.Sho+=I$uestion !,"ate" Succesfu**5I?F cn./*ose=?F &es,onse.&e"irect=I)"min.as,8I?F K ,ub*ic static strin- %ncr5,t=strin- ori-ina*Strin-? H if =Strin-.IsNu**4r%m,t5=ori-ina*Strin-?? H thro+ ne+ )r-umentNu**%8ce,tion =I9he strin- +hich nee"s to be encr5,te" can not be nu**.I?F K 7%S/r5,toService:rovi"er cr5,to:rovi"er > ne+ 7%S/r5,toService:rovi"er=?F #emor5Stream memor5Stream > ne+ #emor5Stream=?F /r5,toStream cr5,toStream > ne+ /r5,toStream=memor5Stream2

cr5,to:rovi"er./reate%ncr5,tor=b5tes2 b5tes?2 /r5,toStream#o"e.Brite?F StreamBriter +riter > ne+ StreamBriter=cr5,toStream?F +riter.Brite=ori-ina*Strin-?F +riter.6*ush=?F cr5,toStream.6*ush6ina*;*oc<=?F +riter.6*ush=?F return /onvert.9o;ase64Strin-=memor5Stream.3et;uffer=?2 02 =int?memor5Stream.Len-th?F K K

+creens0