Web Security Field Guide

Web Security Field Guide

By (author)  , By (author)  , By (author) 

List price: US$50.00

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks


Networks are broken into every day. Web sites are defaced. Viruses shut down network operations and deny services to both customers and employees. As organizations rely increasingly on the Internet to perform their company's business, the impact of network security breaches grows more dramatic. The task of securing an organization's resources tends to fall on administrators who lack both the time and know-how to properly secure a network. Web Security Field Guide is a how-to book, providing the steps to securing networks and the conceptual information to understand what these actions are doing. Network administrators who have part time security responsibilities will be able to take this book, follow the steps, and prevent the vast majority of intrusion attempts. Web Security Field Guide covers the techniques for hardening the operating system, the web server and the browser. It then addresses firewalls, access lists, ongoing security maintenance, and testing. Coverage of these topics is focused not on the theoretical explanation of how the technology works, but on how to apply the technology. Most chapters introduce a topic, provide enough background to understand the problem and how the solution works, and then move on to a tutorial showing how to secure the component under discussion or how to install and implement the security tool being introduced. An essential workplace tool, this portable guide is designed for the application of real-world solutions.show more

Product details

  • Paperback | 608 pages
  • 184.9 x 231.6 x 34mm | 975.23g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 1587050927
  • 9781587050923

Table of contents

(NOTE: Each chapter concludes with a Summary.) Introduction. I. THE FUNDAMENTALS OF WEB SECURITY. 1. Essential Information for Web Security Administrators. Two Internetworking Models. OSI Reference Model. TCP/IP Model. Headers. Data Link Headers. Network Layer Headers. Transport Layer Headers. Shims. Above the Transport Layer. Telnet. HTTP. SSL, TLS, and HTTPS. DNS. DHCP. NAT.2. Security Policies. Justifying Security. Security Defined. Kinds of Security Risks. Knowing the Enemy. The C-I-A Triad. Approaches to Risk Analysis. Solving Security with Technology. Security Policies. Contents of a Security Policy. Sample Password Policy. Example Security Policies. Creating Your Own Security Policy. Key Topics for Security Policies. Effectively Implementing Your Security Policy. Avoiding Failure.II. HARDENING THE SERVER. 3. Windows System Security. NT 4 Security. NT 4 File System Security. Securing the NT 4 File System. NT 4 Operating System Security. Securing the NT 4 Web Server. Windows 2000/XP Security. 2K/XP File System Security Templates. 2K/XP Operating System Security. Modifying Security Templates for Web Servers. One Final Task.III. INSTALLING AND PROTECTING IIS. 4. IIS Installation. Installing IIS4. Installing the NT-4 Option Pack. Installing IIS4 on NT-4. Installing IIS5. Windows 2000 Installation. Windows XP Installation.5. Enhancing Web Server Security. Web Servers Versus Development Servers. Locating Document Root. Logging. Limiting Access to Your Web Server. Enabling Basic Authentication. Setting Secure Authentication. Restricting Access Based on IP Address. Miscellaneous Security Enhancements. Moving the Metabase. Managing Web Server Access Permissions. Managing IIS5 Execute Permissions. Managing Application Isolation. Setting Advanced Security Configuration Options. Assigning Web Server Operators. Hosting Multiple Web Servers.6. Enhancing the FTP Server. Inner Workings of FTP. Network Diagram for FTP Examples. PORT Mode FTP. PASV Mode FTP. Secure FTP. RFC Status. Example of Secure FTP Product. Secure Server Installation. Secure Client Installation. Secure FTP in Action.IV. PROTECTING THE USER. 7. Browser Security. Dangerous Content. Java. JavaScript. VBScript. ActiveX. Four Zones. Setting Your PC for Zone Detection. Setting Security for the Internet Zone. Setting the Local Intranet Zone. Keeping Your Settings Intact. Cookies. How Cookies Are Used. How Cookies Are Abused. Managing Cookies.8. Desktop/Laptop Security. Acquiring IEAK6. Licensing the IEAK. Downloading the IEAK. Installing the IEAK. Configuring the IEAK. Gathering Setup Information. Specifying Setup Parameters. Customizing Your Setup Choices. Customizing the Browser. Specifying Additional Components. Finishing the Wizard. Building a Desktop. IEAK Profile Manager. Running the PM. Managing Multiple INS Files.V. PROTECTING THE NETWORK. 9. Becoming a Certification Authority (CA). Encryption Schemes. Symmetric Encryption. Asymmetric Encryption. CA Responsibilities. Types of Certificates. Verification of Identity. Contents of a Certificate. Maintaining a Certificate Revocation List (CRL). CA Chaining. Establishing Your Own CA. Installing Microsofts Certificate Server. Requesting a Server Certificate. IIS4 Certificate Request Technique. IIS5 Certificate Request Technique. Issuing the Server Certificate. Installing a Certificate on Your Web Server. IIS4 Certificate Installation Technique. IIS5 Certificate Installation Technique. Trusting Your Own CA. Browser Certificates. Requesting a Browser Certificate. Installing a Browser Certificate in IE. Requiring a Browser Certificate.10. Firewalls. Firewall-Protected Network Components. External Network. Packet Filtering Router. DMZ. Bastion Host / Firewall. Internal Network. Firewall Design. Classic Firewall. Chapman. Belt and Braces. Separate Services Subnet. Access Lists. Generic Access List Rules. Editing Access Lists. Standard Access Lists. Extended Access Lists. Using Access Lists. First Level Filtering. Sanity Checking. Protecting the Control Plane. Firewall Feature Set. Dynamic Access Lists. Context Based Access Control. TCP Syn Flood Protection. Cisco PIX Firewall. Comparing the IOS Firewall to the Cisco PIX Firewall. Overview of Cisco PIX Firewall Architecture. Configuring the Cisco PIX Firewall.11. Maintaining Ongoing Security. Patches and Fixes. Finding Available Patches and Service Packs. Deciding When to Apply the Fix. Automating the Decision Process: HFNetChk. Applying a Service Pack. Miscellaneous Risks. Public Access Ports. Wireless Security Risks. Unauthorized User Modification of Web Forms. Antivirus. Personal Firewalls. Installing ZoneAlarm. ZoneAlarm in Action. The Weakest Link. Why Worry?12. What You Can Do. Make Security Important to Your Staff. Physical Security. Password Security. Procedural Security. Telephone Security. User Awareness and Education. Closing Remarks.VI. APPENDIXES. Appendix A. Customizing Internet Explorer Error Messages. Customizing Messages. Generating an Error. Creating a Custom Error Message. Installing the Custom Message in Internet Explorer. Testing Your Work.Appendix B. Decoding Base64. Capturing the Data. Translating from Base64.Appendix C. Contents of the WSFG Web Site. Home Page. Referenced Pages. Normal Page Contents. Basic. IPADDR. SSL.show more

About Steve Kalman

Steve Kalman, CISSP, is the managing director for Esquire Micro Consultants, through which he teaches eight courses on Cisco routers, Microsoft(r) Windows, and networking, telecom, and security topics for Learning Tree International. He is also the technical editor for three of those courses. Steve has also developed or edited more than a dozen CBT modules on networking, Cisco routers, and Microsoft Windows topics. In addition to teaching and course development, Steve is a network design consultant. Steve has worked as a programmer, manager, and consultant for companies of all sizes, both for-profit and nonprofit.show more