Discusses how to master the compelling Web infrastructure from Microsoft and investigate their comprehensive tools for developing secure business applications that are deployed on the public internet or across a private intranet/extranet. Softcover. CD-ROM included. DLC: Computer networks--Security measures.
"synopsis" may belong to another edition of this title.
Without doubt, the World Wide Web is currently causing major excitement in business, but the challenges that abound are also probably giving a lot of sleepless nights to many senior company personnel. The rapid changes in information processing and networking technology are compressing time--time that is desperately needed for businesses to adapt to the many opportunities offered by the new generation of Internet solutions. The speed at which companies adopt Internet technologies will dictate to what extent they thrive or survive.
The Web now offers business the opportunity to innovate and achieve exceptional growth by reducing costs, increasing sales, and improving customer services. But if businesses ignore the Internet now, they will definitely pay later. Large companies will widen their portfolio of services, and new startup companies will appear, perhaps halfway around the world and with a very small workforce, and these will poach upon the core business of the traditional, "stone age" companies. Customers will have little loyalty and will move to other companies that offer convenient, compelling, cost-effective services.In addition, many organizations are now using Web technology over private internal networks to create Intranets. Senior managers have long recognized that an effective information technology strategy is required to provide productivity improvements, access to new and enhanced revenue streams, and increased customer satisfaction. A distributed computing framework based on Web technologies is now providing the key to fulfilling these requirements. The use of platform-independent browser technology accessing server-based applications avoids the costly and complex distribution tasks previously required with networked computers. The rapid adoption of Internet standards by every major IT vendor has made possible the integration of the various distributed environments and different infrastructures within organizations.
Forward-looking businesses now wish to automate and streamline their various business processes to reduce costs and provide new opportunities for marketing advantage. As an example, consider the manufacturing supply chain. Before the goods reach the end-customer, numerous organizations are involved along the chain, from handling the raw materials, through the manufacturing process, and on to distribution and retail. Each of these organizations can achieve faster delivery times and reduce inventory costs if it handles its business processes electronically. Business-to-business electronic commerce involves the secure trading of goods and information between partners, and this involves businesses opening up their networks to form Extranets that allow external organizations to integrate their systems to form virtual enterprises.
It is now expected that the next hugely successful companies will be the ones that quickly enable the next generation of business systems that exploit the convergence of computers and networking for business advantage. But what are the perils of working in this new Internet age?
Break-ins at high-profile Internet sites, attacks on vital Internet services, impersonation of important organizations, invasion of personal privacy, and tales of electronic commerce fraud produce attractive headlines and scare stories about Internet security for the computer industry press. From this it is not surprising that one of the biggest concerns businesses have about using Internet technologies pertains to the security of their systems.Fortunately, many of these stories could have been avoided if the organization involved had not made elementary mistakes. Without doubt, the biggest security threat from the Internet comes from within--from organizations that do not fully understand how to use the available security software technology .
In this book we shall put the risks of using Internet technologies into perspective by investigating the various threats that abound and discussing what levels of protection are available. We shall then build on this knowledge to learn how to deploy a secure infrastructure for the Web.
How This Book Is Organized
ASP/MTS/ADSI Web Security is primarily for software deveelopers and system architects who are building business-critical Web solutions where security is paramount. However, everyone involved in a Web solution must be fully aware of the security issues, and thus many parts of the book will be very useful to other members of the Web team, such as administrators, Web authors, systems support, and so on.
The book focuses on the comprehensive set of Web technologies from Microsoft that is enabling companies to build secure business applications for deployment over the Internet/Intranet/Extranet. The book has been divided into two distinct sections. These are: "Security Fundamentals and Core Technologies" and "Web Security Programming." Before we dive into the design and development of any Web solution, it is vital that we fully understand the key issues. So in the first section of the book we shall discuss the fundamental concepts upon which Web security is based and the core security technologies that Microsoft has provided to enable us to create a secure infrastructure for our Web applications. In addition, we shall see that strong Web security is achieved with a combination of software technology and the consistent employment of a number of operating practices.
The second section of the book builds on this foundation to discuss building secure Web solutions using application-level security with the following Microsoft development technologies: Active Server Pages (ASP), Microsoft Transaction Server (MTS), and Active Directory Service Interface (ADSI). This section will enable the reader to explore the many hidden capabilities, and to fully exploit this new and exciting software technology. Lots of examples are provided to illustrate the various techniques, and they are written in a manner suitable for adaptation and inclusion in the reader's own Web projects.A summary of the book's contents follows.
Security Fundamentals and Core Technologies
Chapter 1, "Security Is a Journey, Not a Destination," explains what we mean by security, the risks of operating with Internet technologies, and how to manage these risks. It shows that security has several facets and explains the issues that need to be addressed to create a trusted system. Security is not something that is turned on and then forgotten; it is an ongoing task to keep one step ahead of the Internet bandits.
Chapter 2, "The Windows NT Security Environment," investigates the security features that form the bedrock of Microsoft's Windows NT architecture. It shows that Windows NT security encapsulates the processes, algorithms, and techniques to provide a defense against unauthorized access to the system's resources, and it allows security to be applied in various combinations and layers to provide a flexible solution to address the different security requirements demanded by organizations.
Chapter 3, "Network Security," looks at the problems of networked computers and shows how to protect systems from malicious attacks. It includes discussions of firewalls, proxy servers, secure channels, and virtual private networks.
Chapter 4, "IIS Web Server Security," investigates the security features of Microsoft's latest standards-based commercial Web application server. It looks at the key concepts in the configuring of a IIS Web site to keep the content and applications secure, and it explains how to identify and authenticate Web users. It also discusses the security model offered by the server extensions used by the Microsoft development tools FrontPage and Visual Studio.
Chapter 5, "Secure Channels," expands on Chapter 3 to discuss secure channels in detail. It explains how to use them to establish a point-to-point network connection that offers end-point authentication, nonrepudiation, message encryption, and message authentication. It also discusses digital certificates and cryptography, which are fundamental in the operation of secure channels.
Chapter 6, "Establishing Trust . . . Protecting the Desktop," considers the issues of protecting client systems operating on the Internet from malicious code and distasteful Web content. It explains the risks of using downloaded code and investigates the mechanisms available to determine whether downloaded code can be trusted. It also discusses the differences between the Java and ActiveX approaches to security.
Web Security Programming
Chapter 7, "ASP Security Fundamentals," introduces application-level security and explains how such techniques must be used in combination with the core security offered by Windows NT and IIS. It takes the reader on a quick crash course in ASP and the key concepts needed for subsequent security-related topics. It also discusses how ASP handles sessions using cookies and the potential for an attack by someone hijacking an ASP session.
Chapter 8, "Application-Level Security with ASP," gets our hands dirty with lots of programming code and some examples of application-level security using ASP service-side scripting. It shows how to enable site access controls, enforce a user to register its personal details before being given site access, audit the Web site access, determine the information stored in a client's digital certificate, and provide additional assurances against an ASP session being hijacked.
Chapter 9, "Creating Our Own Public Key Infrastructure with Microsoft Certificate Server," investigates how to create and deploy an IT infrastructure that makes it possible to achieve high levels of security using strong authentication and encryption technologies, and discusses such issues as certificate hierarchy, certificate enrollment, and certificate revocation. It looks at the internal architecture of Microsoft Certificate Server and illustrates how to extend the base product to handle nonstandard requirements.
Chapter 10, "MTS Security Fundamentals," discusses how to integrate ASP with software components that are installed into the Microsoft Transaction Server (MTS) environment. It concentrates on the security implications of MTS and shows how security can be applied by either configuration or within the programming logic.
Chapter 11, "Web Database Security with MTS," shows how to protect a Web database so that access is provided at suitable levels appropriate to the particular Web visitor. It illustrates how to use the security features provided by MTS Roles.
Chapter 12, "Directory Services," discusses the fundamentals of directory services and shows the advantages they provide when managing a community of Web users. It investigates the industry standards and in particular discusses the increasingly popular Lightweight Directory Access Protocol that is used for accessing directory services over a TCP/IP network. It also introduces a programmatic interface called ADSI that makes it easy for application programmers to support a directory environment within their applications.
Chapter 13, "Implementing Membership with ADSI," puts together all of the pieces we have seen so far and illustrates how to use ASP, MTS, and ADSI in a comprehensive example that demonstrates a "members only" Web site.
Chapter 14, "Membership Server," focuses on the membership components provided by Microsoft Site Server. It shows how to build large-scale systems that use Membership Server to track and profile millions of users, automate the identification of users by means of cookies, and protect areas of the site that have subscription-only/confidential content.
Chapter 15, "Active User Objects," discusses a major element of Microsoft Site Server that can be used to automatically identify a Web user and provide easy access to its associated personnel attributes located in a number of different datastores. It also illustrates how to use the information in the user's profile in order to enable customized Web content and make the available information more fitting by providing personalized pages.
The Appendix, "Microsoft and the Active Platform," focuses on the Microsoft platform, and through we assume that the reader understands Microsoft's Internet strategy and has a reasonable grasp of its software products. The appendix is provided for readers who are not fully up to speed with this topic, and it acts as a reference guide to key Microsoft software products and tools used to build multi-tier Internet and Intranet applications.
Build secure Web solutions using the Microsoft Internet technologies.
ASP/MTS/ADSI Web Security shows how to master the compelling Web infrastructure from Microsoft and investigate their comprehensive tools for developing secure business applications that are deployed on the public Internet or across a private Intranet/Extranet.
The latest Web-based technologies are making distributed computing a reality for companies all over the world, but ensuring reliability and security for a global user community remains a challenge. Microsoft's Windows NT®, Active Server Pages (ASP), Microsoft Transaction Server (MTS) and Active Directory Services Interface (ADSI) combine to offer a flexible and trusted environment that enables companies to have the confidence to conduct business-critical operations over TCP/IP networks.
You'll discover how good security is achieved by the creation of sound policies, the employment of appropriate security technologies, the consistent monitoring of all practices and a general awareness of trends in the security arena. In addition, you'll also learn how to implement the Microsoft Web technologies and development tools to support users on all levels and in all kinds of relationships.
Practical examples throughout the book illustrate the various techniques and are written so they can be adapted for inclusion in your own Web projects. With the tools and skills covered in ASP/MTS/ADSI Web Security, you'll be able to create a secure infrastructure that will let your business evolve right along with the World Wide Web for years to come.
"About this title" may belong to another edition of this title.
Book Description Prentice Hall Ptr 1999-03-11, 1999. PAPERBACK. Book Condition: New. 0130844659 BRAND NEW. Includes unopened CD-ROM. A portion of your purchase of this book will be donated to non-profit organizations. Over 1,000,000 satisfied customers since 1997! We ship daily M-F. Choose expedited shipping (if available) for much faster delivery. Delivery confirmation on all US orders. Bookseller Inventory # Z0130844659ZN
Book Description Prentice Hall Ptr, 1999. Paperback. Book Condition: New. Bookseller Inventory # DADAX0130844659
Book Description Paperback. Book Condition: BRAND NEW. BRAND NEW. Fast Shipping. Prompt Customer Service. Satisfaction guaranteed. Bookseller Inventory # 0130844659BNA
Book Description Book Condition: Brand New. Book Condition: Brand New. Bookseller Inventory # 97801308446511.0
Book Description Prentice Hall Ptr, 1999. Paperback. Book Condition: New. book. Bookseller Inventory # 0130844659
Book Description Prentice-Hall. Book Condition: New. pp. 450. Bookseller Inventory # 4691910
Book Description Prentice Hall Ptr, 1999. Paperback. Book Condition: New. New item. Bookseller Inventory # QX-005-95-0756100