IIS Security
This work provides coverage of Web security threats and vulnerabilities on the Internet and on intranets. It gives advice on how to detect and respond to security breaches. It also covers the basic security tools that come with IIS and are managed with the IIS Administration console, shows the weaknesses of these tools, and provides more sophisticated tools that can be utilized to protect the IIS server. Included are implementation techniques on multiple security methods, such as authentication, encryption, authorization, filtering and restrictions to protect against hacking and loss.
1006273748
IIS Security
This work provides coverage of Web security threats and vulnerabilities on the Internet and on intranets. It gives advice on how to detect and respond to security breaches. It also covers the basic security tools that come with IIS and are managed with the IIS Administration console, shows the weaknesses of these tools, and provides more sophisticated tools that can be utilized to protect the IIS server. Included are implementation techniques on multiple security methods, such as authentication, encryption, authorization, filtering and restrictions to protect against hacking and loss.
61.0 In Stock
IIS Security

IIS Security

IIS Security

IIS Security

Overview

This work provides coverage of Web security threats and vulnerabilities on the Internet and on intranets. It gives advice on how to detect and respond to security breaches. It also covers the basic security tools that come with IIS and are managed with the IIS Administration console, shows the weaknesses of these tools, and provides more sophisticated tools that can be utilized to protect the IIS server. Included are implementation techniques on multiple security methods, such as authentication, encryption, authorization, filtering and restrictions to protect against hacking and loss.

Product Details

ISBN-13: 9780072224399
Publisher: McGraw-Hill/Osborne Media
Publication date: 07/29/2002
Series: Security Ser.
Pages: 468
Product dimensions: 7.60(w) x 9.24(h) x 1.05(d)

Table of Contents

Acknowledgmentsxvii
Introductionxix
Part IExposure, Risk, and Prevention
1Web Security Threats3
Security Incidents4
Defensive Objectives7
Hacker Strategies7
Security Is Interdependent9
Hacking Methodology12
Checklist of Threats17
2Defacing, Damage, and Denial19
The Source of the Problem20
An Internet Protocol Primer21
Known Vulnerabilities25
Opportunistic Scanning32
Vulnerability Exploits38
Checklist of Known Vulnerabilities51
3Preparing and Hardening Your Web Server53
Plan Ahead54
Secure Installation Requirements55
Hardening the System65
Secure Physical, Boot, and Media Settings88
Installation Planning Checklist91
Hardening Recommendations Checklist91
4Accounts, Authorization, and Security Policy93
Applying Security Policy94
Windows 2000 and IIS Security Concepts95
Tools for Local Security Management99
Configuring Web Server Access Control for Windows 2000107
Configure IIS Site Attributes and Properties127
Checklist for Windows 2000 Account Authorization135
Checklist for IIS Site Properties136
5Security Auditing and Logging137
Site Monitoring Overview138
Logging Setup and Maintenance Procedures143
Auditing159
Logging and Auditing Checklist170
Part IIAdministration
6Deployment Issues175
Recovery Plan176
Network Layout and Filtering on an Intranet187
Securing the Network Perimeter194
Securing Remote Management197
Deployment Preparation Checklist201
7The Security Management Lifecycle203
Lifecycle Methodology204
Vulnerability Assessments and Proactive Monitoring205
Incident Response219
Management Lifecycle Checklist222
8Using Encryption223
The Basics of Encryption225
Using IIS Secure Communications231
Checklist for Configuring SSL244
9Third-Party Security Enhancements245
Firewalls248
Intrusion Detection Systems255
Log Analyzers259
Virus Scanners260
Security Awareness Training263
Change Control264
Performance and Access-Control Hardware266
Additional Recommended Security Enhancements270
Checklist276
Part IIIAdvanced Topics
10Securing FTP, NNTP, and Other IIS Services281
Installing IIS Subcomponents282
FTP (File Transfer Protocol) Service283
NNTP (Network News Transport Protocol) Service293
Microsoft Index Server and the Content Index Service302
SMTP (Simple Mail Transport Protocol) Service306
Starting and Stopping Services313
Windows Media Services313
Simple TCP/IP Services315
Checklist316
11Active Content Security319
Active Content Technologies320
Common Gateway Interface321
Folder Structures for Active Content324
Application Mappings327
Source Control330
Validating User Input333
ISAPI Filters340
Additional Methods for Securing Access to Web Content343
Debugging Active Content347
Code Signing353
FrontPage Server Extensions354
Robots and Spiders362
Checklist365
12Web Privacy367
What Is Web Privacy?368
Privacy Principles and Practice374
Privacy Laws380
Tools for Building and Implementing Privacy Policies388
Web Privacy and Liability396
Web Privacy and E-mail399
Final Thoughts404
Checklist405
Part IVAppendixes
ASecurity Resources409
Security Web Sites410
Hacker Web Sites411
BGlossary413
CReference Tables431
Suggested Directory Permissions for Windows 2000 and IIS432
Local Security Policy Settings434
Packet Filtering Protocol Numbers443
DMicrosoft IIS Authentication Methods449
Anonymous Authentication450
Basic Authentication450
Integrated Windows Authentication451
Client Certificate Mapping451
Index453
From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Home & Garden
Internet & World Wide Web
House & Home
Networking & Telecommunications
Web Programming/Development
Internet & World Wide Web - General & Miscellaneous
Security - Computer Networks
Web Servers
Home Safety & Security
Internet->Security measures
Computers
Home & Garden
Internet & World Wide Web
House & Home
Networking & Telecommunications
Web Programming/Development
Internet & World Wide Web - General & Miscellaneous
Security - Computer Networks
Web Servers
Home Safety & Security
Internet->Security measures

Customer Reviews