Article ID: 815143 - View products that this article applies to.
This step-by-step article describes how to audit the security of the Microsoft .NET Framework configuration.
The security of a system decreases as new elements are added to the ideal system configuration. New application installations, software updates, temporary configuration changes, and troubleshooting change aspects of the configuration of a security system. Whether intentional or unintentional, these changes may cause the system to no longer meet security requirements. The .NET Framework is no exception to this issue.
The .NET Framework is designed to permit applications to run on the system in a security-enhanced environment. This environment grants to applications only those rights that the administrator specifically permits. Changes to the configuration of the .NET Framework may cause applications to be granted too many rights. To keep your applications from receiving too many rights, perform regular audits of the system security configuration. Document and then evaluate any changes to the .NET Framework configuration that you introduce to the system. When you must, reverse the changes.
This article describes the key configuration settings that affect the .NET Framework. Document these settings when you first configure your system in the clean state. Perform regular audits to compare the current settings against the original settings. These audits help you to prevent the degradation of system security over time. This article does not describe how to configure these settings.
For additional information about auditing security configuration items that are related to ASP.NET applications, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/815144/EN-US/ )HOW TO: Audit the Security of an ASP.NET Web Application or Web Service
The details of the configuration of the various trust levels are defined in the following three files. The files are located in the \System Root\Microsoft.NET\Framework\Version\CONFIG\ folder:
Note The Full trust level does not allow customization. The Full trust level also does not have a file that you can change.
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/315736/EN-US/ )HOW TO: Secure an ASP.NET Application by Using Windows Security
(http://support.microsoft.com/kb/315588/EN-US/ )HOW TO: Secure an ASP.NET Application Using Client-Side Certificates
(http://support.microsoft.com/kb/818014/ )HOWTO: Secure Applications That Are Built on the .NET Framework