The .NET Framework configuration for all applications on your server is maintained in Machine.config. For the purposes of the security review, this section examines the settings in Machine.config from top to bottom and considers only those settings that relate to security.
The majority of security settings are contained beneath the <system.web> element, with the notable exception of Web service configuration and .NET Remoting configuration. The review process for Web services and .NET Remoting configuration is presented later in this chapter.
For more information and background about the issues raised by the following review questions, see Chapter 19. The following elements are reviewed in this section: