Web Security - A Step by Step Reference Guide / Edition 1

Web Security - A Step by Step Reference Guide / Edition 1

by Lincoln D. Stein
     
 

View All Available Formats & Editions

ISBN-10: 0201634899

ISBN-13: 9780201634891

Pub. Date: 12/19/1997

Publisher: Addison-Wesley

Written for Web site administrators, developers, and end users, this book is a readable, real-world guide to securing your Web site with the latest in security technology, techniques, and tools. Lincoln D. Stein, keeper of the official Web Security FAQ, addresses your most pressing concerns and tells you exactly what you need to know to make your site more secure.

Overview

Written for Web site administrators, developers, and end users, this book is a readable, real-world guide to securing your Web site with the latest in security technology, techniques, and tools. Lincoln D. Stein, keeper of the official Web Security FAQ, addresses your most pressing concerns and tells you exactly what you need to know to make your site more secure. He offers concise explanations of essential theory; helps you analyze and evaluate the risks that threaten your site and the privacy of your clients; and provides concrete, step-by-step solutions, checklists of do's and don'ts, on-line and off-line resources, and hardware and software tools that guard your site against security breaches.

Web Security approaches the topic from three different points of view--protecting the end user's confidentiality and the integrity of his or her machine, protecting the Web site from intrusion and sabotage, and protecting both from third-party eavesdropping and tampering.

You will learn about

  • securing credit card transactions with the SET protocol
  • document encryption with the SSL protocol
  • how to guard end users against the dangers of active content and cookies
  • monitoring and log tools
  • controlling access with passwords, client certificates, and advanced login protocols
  • remote authoring
  • firewalls

In addition, the book offers practical advice on configuring the operating system securely and eliminating unnecessary features that increase vulnerability. CGI scripts introduce many of the security problems that plague the Web, and this book shows how to avoid these breaches with safe CGI-scripting techniques. You will also learn how to avoid denial-of-service attacks and prevent LAN break-ins through the Web server.

After reading this book, you will have the practical knowledge you need to ensure that your Web site, and your clients' interests, are safe from attack.

0201634899B04062001

Product Details

ISBN-13:
9780201634891
Publisher:
Addison-Wesley
Publication date:
12/19/1997
Pages:
448
Product dimensions:
7.30(w) x 9.10(h) x 1.20(d)

Table of Contents

Preface.

1. What Is Web Security?

The Three Parts of Web Security.

Risks.

The Layout of This Book.

I. DOCUMENT CONFIDENTIALITY.

2. Basic Cryptography.

How Cryptography Works.

Symmetric Cryptography.

Public Key Cryptography.

Online Resources.

Printed Resources.

3. SSL, SET, and Digital Payment Systems.

Secure Sockets Layer.

SET and Other Digital Payment Systems.

Checklist.

Online Resources.

SET and Other Digital Money Systems.

II. CLIENT-SIDE SECURITY.

4. Using SSL.

SSL at Work.

Personal Certificates.

Checklist.

Online Resources.

Printed Resources.

5. Active Content .

Bad by Design or Bad by Accident? .

Traditional Threats .

Helper Applications and Plug-Ins .

Java .

ActiveX.

JavaScript and VBScript.

The Browser as a Security Hole.

Exotic Technologies.

What Can You Do?

Changing Active Content Settings.

Checklist.

Resources.

6. Web Privacy.

What Web Surfing Reveals.

Server Logs.

Cookies.

PICS.

Advice for Users.

Advice for Webmasters.

Policy Initiatives.

Checklist.

Resources.

III. SERVER-SIDE SECURITY.

7. Server Security.

Why Are Websites Vulnerable?

Frequently Asked Questions about Web Server Security.

Overview: Steps to Securing a Website.

Online Resources.

8. UNIX Web Servers.

Hardening a UNIX Web Server.

Configuring the Web Server.

Monitoring Logs.

Monitor the Integrity of System Files and Binaries.

Back Up Your System.

Checklist.

Online Resources.

Printed Resources.

9. Windows NT Web Servers.

NT Security Concepts.

Windows NT Security Risks.

Securing a Windows NT Web Server.

Configuring the Web Server.

Checklist.

Online Resources.

Printed Resources.

10. Access Control.

Types of Access Control.

Access Control Based on IP Address or Host Name.

Access Control Based on User Name and Password.

Other Types of Access Control.

Access Control and CGI Scripts.

Checklist.

Online Resources.

11. Encryption and Certificate-Based Access Control.

SSL-Enabled Web Servers.

Using Client Certificates for Access Control.

Using Client Certificates for Web Server Access Control.

Becoming Your Own Certifying Authority.

Final Words.

Checklist.

Online Resources.

Printed Resources.

12. Safe CGI Scripting.

Introduction to CGI Scripts and Server Modules.

Common Failure Modes.

Other Advice.

Safe Scripting in Perl.

CGI Wrappers.

Checklist.

Online Resources.

Printed Resources.

13. Remote Authoring and Administration.

Degrees of Trust.

Controlling Access to the Web Server Host.

Remote Authoring Via FTP.

Microsoft FrontPage.

The HTTP PUT Protocol.

An Upload Staging Area.

Administering the Web Server Remotely.

Access to the Server for Web Developers.

Checklist.

Online Resources.

Printed Resources.

14. Web Servers and Firewalls.

What Is a Firewall?

Selecting a Firewall System.

Configuring a Firewall.

Automatic Proxy Configuration for Browsers.

Examining Firewall Logs for Signs of Server Compromise.

Checklist.

Online Resources.

Printed Resources.

Bibliography.

Index.

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >