Alik Levin's

Clarity, Technology, and Solving Problems | PracticeThis.com

Browse by Tags

Tagged Content List
  • Blog Post: Configuring Application Data Access and Network Protocols for SQL Server

    The notes taken while reading MCITP Self-Paced Training Kit (Exam 70-442): Designing and Optimizing Data Access by Using Microsoft SQL Server 2005 (Self-Paced Training Kits) . When application access the SQL Server instance make sure those three configurations are in sync: Network protocols...
  • Blog Post: Software Release Management - The Questionnaire

        Have you been involved with Application Lifecycle Management consulting? Have you helped to build solid Release Management process? If so I need your insights. I started my research with a quick search and I have stumbled on the following article that perfectly matched my online search...
  • Blog Post: Use FREE Tools From IIS Resource Kit To Warm Up Your ASP.NET 1.1 Application By Batch Compilation

    Have you noticed that when ASP.NET web application is accessed for the first time the response is slow? The reason for such behavior is batch compilation that occurs on the first hit. ASP.NET batch compilation is the process of compiling ASP.NET markup (content of aspx files) into temporary dll’s. Compilation...
  • Blog Post: Performance Sin - Chatty Database Access And Loops (Plus Another Free Performance Tool)

    Chatty database access is the surefire way for slow performance caused by  resources starvation that might  even lead to denial of service. Following is a real world case. Customer Service Unavailable message is consistently observed when there are more than 150 users access the web site. We...
  • Blog Post: Securing IIS7 - Windows Server 2008 Security Guide

    Windows Server 2008 Security Guide is out. It covers many crucial aspects but my favorite of course is IIS7 chapter: Chapter 6: Hardening Web Services This chapter provides prescriptive guidance for hardening the Web Server role. The chapter discusses how the Web server role installs Microsoft®...
  • Blog Post: ASP.NET 2.0 Internet Security Reference Implementation - Have It Handy

    JD Meier writes in his blog : The ASP.NET 2.0 Internet Security Reference Implementation is a sample application complete with code and guidance. Our purpose was to show patterns & practices security guidance in the context of an application scenario. We used Pet Shop 4 as the baseline application...
  • Blog Post: Composite Application Block (CAB) Programming Essentials - Crucial For CAB Performance

    Rich Newman posted awesome guides for Composite Application Block (CAB) programming: Table of Contents: Introduction to CAB/SCSF Part 1 Modules and Shells Part 2 WorkItems Part 3 Introduction to Dependency Injection Part 4 An Aside on Inversion of Control, Dependency Inversion and Dependency Injection...
  • Blog Post: Examining WCF Diagnostic Traces Using Service Trace Viewer Tool (SvcTraceViewer.exe)

    Service Trace Viewer Tool (SvcTraceViewer.exe) tool comes with Microsoft® Windows® Software Development Kit for Windows Vista™ and .NET Framework 3.0 Runtime Components . It allows to view WCF diagnostics traces in very convenient way. " Using Service Trace Viewer for Viewing Correlated Traces and Troubleshooting...
  • Blog Post: Authentication And Identity Flow When ASP Page Consumes ASP.NET Web Service

    "Classic" ASP has application isolation that is different from ASP.NET. Here is one of the real world scenarios where it might matter. There is a legacy web application written in ASP and hosted on Win2K3 box (IIS 6.0). It is of course in the process of migration to ASP.NET. As part of the migration...
  • Blog Post: Client Certificates Authentication - Dirty Trick To Disable CRL Check. For Demos Only!

    My lab domain has MS CA installed in it so I am able to issue certificates to the left and to the right. Recently I spent some time to understand why client certificates authentication does not work. More precisely the certificates dialog box was offering no client certificate to chose, as depicted below...
  • Blog Post: Web Services Over SSL - Is It Really That Slow Like They Say?

    My answer is "no" . I am working on solution where there is no Windows Active Directory Domain so we cannot utilize our beloved Kerberos and Windows Integrated Authentication saving big on configuration and management while taking advantage of increased security it offers. Other technique that we thought...
  • Blog Post: Man-In-The-Middle-Attack: Protecting Http Traffic With SSL Might Be Not Enough - Consider Protecting SQL Traffic Too

    Think configuring SSL for your web site is enough to protect against prying eyes? Here is how the sensitive data can be exposed by sniffing your SQL traffic. Consider common simple 3 tier web architecture for data driven web site. The Web and DB server (it really does not matter what vendor it is) are...
  • Blog Post: WCF Security In Intranet Scenario : Thoughts On Cons and Pros

    I am researching on best practices with WCF security in terms of "YOU SHOUD" vs "YOU CAN". While it is great to have "How to" stuff I am also interested in "Why" angle. I have common simple scenario of WinForms client consuming WCF service inside corp walls with Active Directory deployed. Here is what...
  • Blog Post: Ubuntu And Apache Web Server Join My Lab Network

    I have my lab network, my playground Active Directory Domain( more on it here - How I Setup Lab Domain Using VPC 2007 ). I have customers who explore on interoperability between .Net applications and Java application that run on Windows/Linux. They seek for help. To get started I decided that I...
  • Blog Post: T-Shooting Kerberos

    I was delivering "Authentication Explained" session for Security User Group. First off - thanks for attending the session! The session was based on "Authentication Explained" workshop . During the session I was demoing the following topics: Identity Flow Through Physical Tiers - Impersonation...
  • Blog Post: IIS 7 Configuration File - applicationHost.config - Password Management

    From my learning of IIS7 I understand that IIS7's metabase is actually XML configuration file very familiar to me and similar to ASP.NET's web.config. It is called applicationHost.config and sits in C:\Windows\System32\inetsrv\config My first interest was to see how it manages passwords when specifying...
  • Blog Post: IIS 6.0 Was True Love, New Romance Is About To Begin - IIS 7

    I just could not hold it back - it is midnight and I am watching Richard Turner's screencast - New Screencast: How to configure IIS7 for Windows CardSpace sites It was humiliatingly :) easy to set up test server cert, so I've done it, here is the prove: Next he talks about how to configure it for CardSpace...
  • Blog Post: Who Access My File?

    In my post File Access Auditing - I Am Not Afraid Of GPO I've digested technet documentation on how to set Active Directory Group Policy Object (AD GP) to enable file access auditing as security measure to prevent repudiation. It is heavy weight techniques for scenarios where developer just needs to...
  • Blog Post: Security Deployment Inspection Using Office.

    I am a big fun of small time savers to be more productive. JD has the whole category for Effectiveness tag - worth checking on these gems. So I am looking always how to reuse my practices across disciplines I am trying to combine my security engineering practice with MS Office productivity tool...
Page 1 of 1 (19 items)