Yesterday Keith Brown's new security book arrived in my letter box:
The book has 6 parts with 75 "items" (chapters) that covery every security aspect of .NET applications.
The first part of the book shows the big picture of security: countermeasure, threat modeling, principle of least privilege, principle of defence in depth... It also covers "How to Develop Code as a Non-Admin" that would help finding security issues with the application very early.
Part 2 is about the security context (SID, tokens, logon sessions, privileges, identities...), part 3 about access control (ACL, role-based security, security descriptor, authorization manager...).
Part 4 of this book covers security with Enterprise Services.
Network security is covered with 12 items in part 5: delegation, Kerbeross, protocol transition, SSPI, CIA and .NET Remoting, IPSEC.
Part 6 rounds up security topics: storing secrets on a machine, prompt for a password, group policies and the final item "How to deploy software securely via Group Policy".
A book that's definitely worthwhile!