This specific ISBN edition is currently not available.View all copies of this ISBN edition:
62820-6 The complete Webmaster's guide to Website security. Whether you have a Website, an intranet, or both, Protecting Your Website with Firewalls is your end-to-end resource for maximizing security. This highly readable, hands-on book covers all the security choices associated with virtually every Internet resource, including: *WWW/HTTP. *Conferencing. *E-mail. *FTP. *News gateways/NNTP. *Telnet. Learn how firewalls, packet filtering, and proxy servers work-and how you can use them to protect your site with minimum cost, disruption, and complexity. Explore the leading HTTP security protocols, Secure-HTTP, and Secure Sockets Layer (SSL), as well as today's advanced authentication and encryption solutions. Then, walk step-by-step through planning, implementing, and maintaining your firewall and related security technologies. Protecting Your Website with Firewalls includes detailed checklists, step-by-step instructions, and case studies to help you identify common security gaps at your site-and systematically close them. Learn how to decide which resources are worth protecting-and which may not be worth the trouble.Finally, if you do have a break-in, the book shows you what to do next-both to improve security and to pursue the intruder. The accompanying CD-ROM includes the comprehensive TIS security toolkit for Windows NT servers. Protecting Your Website with Firewalls also contains comprehensive, up-to-date resource listings for: *Tools that can identify weaknesses and improve authentication and passwords. *Firewall products, resellers, and consultants. *Software patches to enhance security. Your Internet connection places your most critical business secrets at risk. With this conversational, thorough guide, you can dramatically reduce those risks now -and for years to come.
"synopsis" may belong to another edition of this title.
MARCUS GONCALVES is Systems Manager for Process Software Corporation, a leading supplier of TCP/IP network solutions. At Process Software, he manages and analyzes both Windows NT networks and Web servers. He has consulted on internetworking issues for nearly a decade, and is co-author of The Web Site Administrator's Survival Guide and Web Security Through Firewalling.Excerpt. © Reprinted by permission. All rights reserved.:
Protecting Your Web Site with Firewalls
This book was designed to be a sort of "night-table" book for Webmasters, Web site administrators, and systems administrators involved with Web site security. It is a practical guide to protecting a Web site utilizing firewalls. It is not a high-level technical book, although it will be very useful for veterans as it serves as a practical guide, being objective, yet very broad.
This book was written for all sorts of Information Systems and Technology (IS&T) professionals who are becoming more and more involved with Cyberspace, either by opinion, or . . . by condition! I know that many systems and Local-Area Network (LAN) administrators, as well as systems managers, generally involved with LAN administration and networks, are now inheriting all aspects of Web site setup and administration, as well as security. This book is for those who do not have enough time to dig into the more technical aspects of Web security but need reliable alternatives for Web site protection. It offers quality information, with lots of practical examples and illustrations, step-by-step instructions, and most important, in a conversational and comprehensive way.
Protecting Your Web Site with Firewalls will help you to design and implement security using firewalls and proxy servers as an alternative. Of course, a firewall alone will not guarantee this protection, even for Web sites. Even though Web security can be a complex task, with a realistic security policy and planning you can have a fairly secure site.
Of course, there is no way you can have a 100 percent secure site. Still, just as in a symphony, a lot will depend on the instruments (or hardware) that will play (or interact) together, the concert (or operating system) you will be playing, and the arrangement (or networking) you are presenting at your site. Also, what you want your audience (or users) to be able to do, and not do, will make a lot of difference.
If you have ever attended a concert, you know they can vary in size and shape. This book provides you with enough case studies, rules, examples, do's and don'ts, as well as of lots of resources for you to understand how this "symphony" is supposed to work, select the best model, and be able to maintain it.
Before we go any further you need to understand what a firewall is and how it can help you protect your Web assets and the interests of your users. Basically, a firewall allows you to restrict unauthorized access between the Internet and your internal network. It exists to work as a blockage to keep unauthorized connections and outside attackers from penetrating your internal network as well as prevent inside connections from reaching the Internet without any authorization. By monitoring inside users, firewalls can prevent them from sending dangerous information, such as unencrypted passwords or sensitive corporate data, to the "wild Internet."
According to the American National Security Agency (NSA), attacks to systems connected to the Internet are becoming more and more complex, thus much more dangerous. For instance, hackers today have the ability to penetrate computer systems using "logic bombs," which are coded devices that can be remotely detonated, electromagnetic pulses, and "high emission radio frequency guns," which blow a devastating electronic "wind" through a computer system.
In order to protect your Web site and keep such attacks from threatening your systems, you must rely on effective security systems, which are not limited to password encryption or proxies but extend beyond them, combining firewalling hardware and software, as well as a designed security policy adoption and implementation.
Before implementing firewalls at your site, it is important to establish a security policy that takes into consideration services to be blocked and allowed. It should also consider implementation of authentication and encryption devices and the level of risk you are willing to undertake in order to be connected to the Internet.
This book will discuss all of these topics and the issues involved when dealing with Web site security and administration. It will go over all the services, such as TELNET, FTP, e-mail, news,-services you can (and cannot) offer through the Web and the security implications and limitations of each one of them.
This book is divided into four parts and ten appendixes. Part I, "Planning for Web Security," is composed of four chapters discussing the need for setting up a security plan for your Web site and what it involves. It addresses the threats and risks a Web site incurs once connected to the Internet and the basic requirements demanded by a Web site. It also covers the financial issues associated with the lack of security, as well as its implementation and some of the strategies for protecting your site. You will have the opportunity to review case studies addressing these issues.
Chapter 1, "Why Protect Your Web Site?," addresses what you should be protecting (e.g., information, your clients and users, transactions, privacy) and why. It also addresses some forms of threats you should be aware of, such as spoofing, e-mail fraud, and breaking of confidentiality. Finally, it presents case studies and some of the alternatives in protecting your Web site and the role of firewalls in doing so.
Chapter 2, "Web Security Requirements," outlines the basic requirements for having a safe Web site. It addresses requisites, such as confidentiality being your responsibility, the need for transactions, and data integrity. It explains the importance of integrating security through proxies, gateways, and firewalls, the advantages of monitoring traffic and number of hits as a security aid, and the importance of having a quality transmission service.
Chapter 3, "Financial Issues," explores the financial implications associated with security. It looks at the potential costs associated with a break-in into your site, the protection of financial transactions, and other financial issues related to the preservation of customers.
Chapter 4, "Strategies for Protecting a Web Site," explores basic security strategies. It describes how to recognize weaknesses in your site and presents defense options and ways to keep it simple.
Part II, "Implementing Web Services," describes how to implement Internet services on the Web in light of security. It lists some of the most common implemented services and discusses the risks associated with each one of them.
Chapter 5, "Conferencing," discusses some of the conferencing technologies available and provides a configuration checklist for implementing them as well as a security checklist to check against.
Chapter 6, "Electronic Mail," reviews some of the industry's standard protocols, their characteristics, and how they interact with the Web. It also provides a configuration checklist, with loopholes to watch for, and a security checklist for your review.
Chapter 7, "File Transfer Protocols," describes the file transfer protocols available and their applicability to the Web, as well as security holes to be aware of.
Chapter 8, "News Gateways," describes how news gateways work and interact with the Web. It looks closely at the Network News Transfer Protocol (NNTP) and its security issues and provides a list of recommendations, with do's and don'ts, when implementing it.
Chapter 9, "The Web and HTTP Protocol," based on the Web security requirements discussed on Chapter 2, shows how to build a security policy using Hypertext Transmission Protocol (HTTP). It discusses the proxing characteristics of HTTP and its security concerns. It explores the Secure HTTP (S-HTTP) as well as the use of the Secure Sockets Layer (SSL) for enhanced security.
Part III, "Administration: Securing Your Web Site with Firewalls," discusses how to set a firewall through authentication systems and encryption. It outlines preventive and curative planning and explains routine maintenance and how to keep track of it as well as ways of recycling your firewall. It also prepares you to deal with a break-in, providing a to-do list of actions that should be taken, including trying to catch an intruder and the revision of security. This section explores what the legal system has to say about pursuing the intruder, and what laws are available, in terms of "cyberlaw," to protect your interests.
Chapter 10, "Firewall Design and Implementation," describes in detail what a firewall is and how packet filtering works. It discusses proxy servers and socks implementation and presents the TIS toolkit and a sample configuration for basic protection of a site using these tools and firewalling schemes. Lastly it introduces the concept of a bastion host, its design, and implementation, as well as management.
Chapter 11, "When Things Don't Go Well: The System Perspective," describes how to deal with an incident and how to prepare a to-do list in case one happens. It also explores what can be done when trying to catch an intruder and the importance of reviewing security afterwards.
Chapter 12, "Pursuing Intruders: The Legal Perspective," describes what the legal system has to say by introducing a new term: cyberlaw. It looks at ways to protect your Web site from the legal perspective and what can be done today to prosecute a hacker.
Part IV, "Appendixes," consists of ten appendixes.
Appendix A, "Resellers and Firewall-Related Resources," contains a list of major resellers you can contact for information and help with Web security. Appendix B, "Firewall Products," lists a number of the firewall products available and where to get them. Appendix C, "Web Server Products," contains a list of the main Web server products available on the market and makes a comparison between them and where to get them. Appendix D, "Internal Vulnerability Scanning Tools," provides a list of tools designed to check for internal vulnerabilities such as easy passwords, configuration problems, and misbehaving domains. Appendix E, "Patches and Replacements," discusses patches designed to increase security and robustness of servers. Appendix F, "Advanced Authentication and Password Enhancing Tools," describes tools to enhance security such as applications that check for bad passwords. Appendix G, "Auditing and Intrusion Detection Tools," provides a list of tools to aid auditing and intrusion detection. Appendix H, "Password Breaking Tools," provides a list of most of the password breaking tools available. It is intended for reference only! It is a good idea to be aware of these tools and how they work. Appendix I, "Access Control Tools," describes tools to enhance access control. Appendix J, "Glossary of World Wide Web Terms," provides a collection of terms acronomes and specifications generally used on the Internet and Web.
This book is aimed primarily to those involved with the management and security of Web sites. However, it is a useful book for everyone concerned with Web security.
For the most part, this book focuses on Windows NT and Windows 95-based servers. However, it does mention and briefly discuss Novell and UNIX-based Web servers as well as Macintosh. Some of the tools listed in the appendixes are intended for UNIX-based servers as well. Nevertheless, much of the information provided in this book is applicable to any platform.
Still, most of the examples and screenshots are oriented to either Windows NT or Windows 95 as there is clearly an increasing demand for them, as more and more Web sites are being powered by software developed for these platforms. We must acknowledge that most of the tools and resources are UNIX oriented, as presently the freely available tools are still part of the UNIX world. Also, I must say, my own experience with Web technologies is mainly in the Windows NT/95 world.
Comments and Questions
Comments and questions should be addressed to Marcus Goncalves at goncalves@ process.com.
"About this title" may belong to another edition of this title.
Book Description Prentice-Hall. Condition: New. pp. 320. Seller Inventory # 5799665
Book Description Prentice Hall PTR, 1997. Textbook Binding. Condition: New. Seller Inventory # DADAX0136282075