Hardening Apache

Book Description

Hardening Apache explains how to configure Apache safely, and secure an existing installation. It covers the most important issues--like downloading, logging, and administration, as well as the most important security-oriented web sites. This book even discusses advanced system administration techniques, such as jailing Apache and securing third-party modules, and web-related RFC details.

If you are already familiar with computer security, this book will help you gain specific knowledge about Apache. Already acquainted with the problems and issues discussed, you will sharpen your understanding about how normal configuration problems apply to Apache and HTTP.

Even if your knowledge about computer security is insubstantial, you will still gain broad insight on secure system administration. You will be able to apply this knowledge base towards other daemons--and will see how important it is to configure daemons securely.

Customer Reviews:

Assumes *nix?!.......2007-05-07

To be honest I have only made it perhaps 1/3 of the way into this book. I found it to be interesting, but what had not been clear or even mentioned in the book description was that the book seems to assume you are running Apache on Linux. For the rest of us, that is a huge bummer. I'm sure I will plow on, but the enthusiasm is somewhat gone, I wish authors or publishers would mention that sort of thing in the writeups.

super.......2007-03-08

Thanks a lot, we are very happy to have this book in our library!

To the point!.......2006-07-03

Hardening Apache by Tony Mobily is a book for server administrators who want to learn how to secure the Apache web server. On 260 pages, in a loosely howto-like fashion, the author covers all aspects of keeping intruders out of your web server.

In constrast to other books which appear to but usually fail in covering all aspects of Unix/Linux security, this volume explicitly takes on one program only: the Apache web server. After discussing installation and configuration as well as covering common attacks on the server, Mobily introduces logging and its security issues, and he presents some very interesting ideas for solutions. XSS is given its own chapter as are the Apache security modules: half a dozen server modules are described.

Apache goes to jail in chapter 6. Here the author describes setting up a chroot environment for the server and details how to get both Perl & PHP to work. The last chapter presents a number of useful shell scripts that can help a systems administrator to keep a watchful eye on her servers.

Together with the Apache documentation this book is an essential eye-opener for anybody who puts up an Apache web server to face a public network. I will be applying some of what I learnt from the book to our servers very quickly indeed! Even though it was published in 2004, Hardening Apache goes on my list of recommended books.

Your return will exceed the price in a very short time.......2005-02-01

Computer security is hard, very hard. Any reasonable attempt to make a system secure has to involve more than a choice between {none, some security features, unusable}. There are so many different things that we want to do with our software and there are probably just as many ways in which it can be attacked. In order to be able to fend off attacks, it is necessary to know what kind of attacks can occur. Finally, many security procedures must be automated, which requires generic defense strategies that are capable of recognizing an attack when it differs slightly from one that has already been planned for.
This book about the Apache server does all of that, starting with which version to use and how to install it with security enabled at the appropriate level. After these topics are covered in chapter one, Mobily moves on to descriptions of the most common attacks in chapter two and logging the interesting events in chapter three. If you are versed in security, most of the material in chapter two will be familiar, but it is hard to overstate the importance of chapter three. Being able to read an account of what has happened on a system is the only way to prove that your security measures are working and the only way to learn when you are successfully attacked. Mobily also shows you the critical steps in testing to determine if your log system is actually working properly.
Chapter four is devoted to explanations of cross-site scripting attacks (XSS). This is an attack where a web page is designed to accept input, but that input may be used to drive erroneous results. A simple, yet excellent demonstration of how this can be done is presented. While it is not sophisticated, it demonstrates how careful you must be when accepting even the most basic of inputs from a web page.
Chapters five and six deal specifically with security in the Apache server. Five explains the security modules available in Apache and six describes how you can lock down Apache by "putting it in jail." These specifics, of which there are many, should be required reading for anyone who has any hand in managing an Apache server. The last chapter shows you how to automate the security functions, clearly necessary if you are ever to get any sleep.
There is a great deal of source code used to describe how the features are implemented. Demo code is in Perl, but XML, HTML and database access commands are used when appropriate.
All around this country, companies and organizations are quietly paying out large sums of money to settle issues when their computer security was lax. Sometimes that payment is through the legal system, but the vast majority does not appear on the books. Reduced efficiency of the server, dropped and misplaced orders and greater effort by the staff are just some of the consequences of security problems. This book should be mandatory reading for all people who manage an Apache server, at $29.99 a copy it will probably pay for itself in less than 24 hours.

An excellent book filling a huge gap.......2004-09-06

Understanding how to configure Apache from a security standpoint properly is not easy since the related information is sparse and fragmented. This could be the reason why many web administrators are pretty clueless when it comes to Apache security and why so many web servers are vulnerable.

In this sense I think this book fills a huge gap, providing web administrators with a concise and yet complete guide aimed at taking them from the very beginning of the installation process through to the final steps of server configuration.

Information throughout the book is very well focused and is presented with a clean and friendly writing style. The book provides a clear and detailed walkthrough of the process of securing an Apache installation, covering both versions 1.3.x and 2.x and thus providing long lasting information. The book has lots of references and pointers to resources on the web, and - more importantly - instructions on how to read them.

Sure enough, the book requires some familiarity with Unix and Apache - this is not the kind of book you would buy to learn the very basics of *nix and web site administration.

I totally agree with what I've read before: every serious system administrator should have this book.

Average customer rating:

Nice to get you up to speed, but lacking...
Very Practical and Potent
Excellent book on securing Windows
A good overview of Windows Security
Invaluable Information For Windows Administrators

Hardening Windows Systems (Hardening)
Roberta Bragg
Manufacturer: McGraw-Hill Osborne Media
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

Networking | Microsoft | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Operating Systems | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Windows Security | Security & Encryption | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0072253541

Book Description

“The definitive tool to learn what’s proper for Microsoft Windows systems. Roberta’s excellent guidance will easily help you build secure, resiliant systems.” --Steve Riley, Security Business and Technology Unit, Windows Division, Microsoft Corporation

Take a proactive approach to network security by hardening your Windows systems against attacks before they occur. Written by security evangelist Roberta Bragg, this hands-on resource provides concrete steps you can take immediately as well as ongoing actions to ensure long-term security. Whether you have one Windows server or one hundred, you’ll get complete details on how to systematically harden your network from the ground up, as well as strategies for getting company-wide support for your security plan. With coverage of Windows 95/98/NT 4.0/2000/XP and Windows Server 2003, this book is an essential security tool for on-the-job IT professionals.

Features a four-part hardening methodology:

Do This Now!--Checklist of immediate steps to take to lockdown your system from further attack
Take It From The Top--Systematic approach to hardening your enterprise from the top down, focusing on authentication, access controls, borders, logical security boundaries, communications, storage, and administrative authority
Once Is Never Enough!--Ongoing monitoring and assessment plan to keep your network secure, including patch management and auditing
How to Succeed At Hardening Your Windows Systems--Strategies for getting budget approval, management buy-in, and employee cooperation for your security program

Roberta Bragg, CISSP, MCSE: Security, Security+, co-author of Network Security: The Complete Reference, instructor, and consultant, focuses on how to proactively deploy proven security principles to defend Windows systems from possible attack. Roberta is the Security Advisor columnist for MCP magazine, the Security Expert for searchWin2000.com, and writes for the Security Watch newsletter. Roberta is the series editor of McGraw-Hill/Osborne’s Hardening security series.

Customer Reviews:

Nice to get you up to speed, but lacking..........2007-03-30

Ok, so you want to secure your current, already (maybe poorly) implemented Windows networking environment. This may be the right book for you to get you on the path to better security. Note I did not say good security, I said better.

I bought the book Hardening Linux by James Turnbull published by APress. That book has what I wish Hardening Windows Systems would have: a comprehensive security strategy.

Instead, this book is nothing more than an overly wordy To-Do list with not a lot of information to tell you how to accomplish the To-Do list nor why you would even want to do the To-Do list to begin with (except for maybe chapter one, which was quite good, but still lacking).

If you have an existing, insecure Windows 2000/2003/XP networing environment and want to get started tightening up the ship, this book may be good to get you more secure quickly.

If you really want to lock down your existing installation, or you are starting a new Microsoft nework installation and want a comprehensive strategy for deploying a secure environment from the get-go, this book is NOT for you.

Very Practical and Potent.......2005-11-22

I've looked into a few Hardening Windows type of books and I was not satisfied. I found Unix/Linux equivalents to be very practical and valuable, and most to the Windows books to be just general guides of common obvious solutions mentioned in core MSCE training. Where is the real tangible stuff?

Well, I am happy to say that this book sets itself apart in having very potent and practical solutions. To detail all the chapters and their qualities would make this review humungous, so I'll mention one chapter...

One chapter that I found was really profound was "Harden Windows Using PKI" in chapter 12. It introduces the idea of having an offline root-CA and a subordinate "Enterprise CA", so in case your private key gets stolen, so that you can more easily rebuild the infrastructure. This is important as an "Enterprise CA" is integrated into Active Directory, making replacing it unfathomable. The instructions for how to do this were just awesome, but I do wish there was some further explanations as to why certain steps are needed. Some group of instructions are just plopped down without any explanations as to what these set of instructions are for. Beside that bit, this chapter is inspirational, and after this, one can delve into securing mail traffic (IMAPS, POPS, S/MIME, Exchange OWA), web traffic (HTTPS), and general TCP/IP (IPSec, VPNs).

Bottom line, anyone concerned about security for Windows, cannot pass up this book.

Excellent book on securing Windows.......2005-03-02

Does a week ever go by without a major Windows vulnerability coming to light? It is evident that, prior to Windows XP Service Pack 2, the operating system was geared to file and printer sharing, not security. Among security professionals, the common view is that the best way to secure Windows is to use a more secure operating system such as Linux.

Windows isn't going away, however, and probably millions of businesses will continue to use that platform. These systems should be hardened against attack, a task made easier by this resourceful and practical book.

Hardening Windows Systems provides users a solid guide to implementing security on various Windows operating systems, attempting to close the many holes that have plagued Windows. Chapters cover infrastructure, physical security, communications, security policies, and more.

Valuable security-setting tables and checklists are offered for a vast number of different Windows security services, settings, and parameters. These tables and checklists ensure a systematic approach to system hardening.

Some readers might be overwhelmed by the prodigious number of modifications needed to ensure that a Windows host is indeed secure. Making those modifications is a dirty job, but this book makes it a lot less messy.

A good overview of Windows Security.......2005-02-13

I was very pleased with this book. One of the problems I've had with most books on network security is that they go on and on about theory and then leave it to you to turn their high level discussion into actual practice.

That's not the case with this book, this is a book where you can literally sit down with it open, and configure a system step by step using what is provided. The author's style is very matter of fact in that there is very little of the "chatty tone" that (in my opinion) takes up so much valuable space in other books. This book is straightforward: This is the problem - This is how you fix it.

There's also a healthy dose of screen shots which never hurts.

I didn't give it 5 stars for two, fairly benign reasons. (1) It covers all versions of Windows including Windows 98, Windows NT 4, Windows 2000, Windows 2003, and Windows XP. So, any given reader is bound to find a good chunk of the book doesn't apply to them. (2) A little more of the theoretical side might have been good. It's great that this book is so task oriented but I think that someone who hadn't read other security books in the past might not grasp why the book suggests certain things.

Nonetheless, I'd recommend this book to anyone interested in Windows Security.

Invaluable Information For Windows Administrators.......2005-01-29

A trip to the local book store will quickly show you that there is no shortage of books on the subject of network security. In fact, Roberta Bragg, the author of Hardening Windows Systems, has written some of the other contributions to this genre as well. So, why another one?

Osborne / McGraw-Hill publishing, publishers of the Hacking Exposed series, introduced the Hardening Series of books, to add a fresh perspective and approach to network security books. Rather than simply regurgitating the same theoretical material and security best practice details, these books provide more nitty-gritty, action-oriented information.

In the first chapter, Bragg provides a list of ten things you should do immediately to secure your Windows systems. This helps get you very quickly from cracking the cover to getting actionable information you can implement now.

Working in I.T. though, I think that the last section is possibly more valuable than the information about securing the system. Getting budget approval, management support and user cooperation are all essential to securing the network and this information is invaluable.

I like the structure and approach of this book and recommend it for anyone supporting a Windows-based network.

(...)

Average customer rating:

Great topics
Excellent. Couldn't ask for more.
In-depth explanations with step-by-step techniques for securing Linux and common applications.
Needed, practical advice
The basics that Linux users must understand

Hardening Linux
James Turnbull
Manufacturer: Apress
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

General | Operating Systems | Computers & Internet | Subjects | Books

Systems Analysis & Design | Computer Science | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Linux Security | Security & Encryption | Computers & Internet | Subjects | Books
Similar Items:

Accessories:

ASIN: 1590594444

Book Description

"Hardening" is the process of protecting a system and its applications against unknown threats. And Hardening Linux will explain the main steps that any Network or Systems Administrator needs to take, to protect his computers that run on Linux. This book discusses security of mail servers, web servers, and file servers, as well as hardening IP tables and remote access functionality.

Written in a similar manner to Hardening Windows and Hardening Apache, complete with checklists and reference-style chapters, Hardeing Linux shows Apress’ commitment to publishing books that appeal to the security professional.

Customer Reviews:

Great topics.......2006-05-03

After reading this book, I think it is going to be the mandatory companion I hand out to new Linux administrators, along with Essential System Administration. The first 6 chapters are exceptional. I can't say enough good things about them. The coverage of PAM is better than anything I have seen. The coverage of authentication, groups, users and best practices surrounding them was very good as well. The logging chapter alone is probably worth the purchase of the book.

After the first section, the book covers more specific topics that are of less interest to me. I realize that a lot of people use email, of all kinds. Chapter 7, 8 and 9 cover email, and I just wasn't that excited about it.

Chapter 10 covered securing FTP, which is nice, and 11 covers Bind. I guess I wonder why some of the topics were chosen. There are whole books on email and bind, available, but there isn't always good material for some other services, like CUPS, maybe some web-based administration tools, or SELinux. The coverage of topics that made the table of contents are very good.

I would say if you are new to Linux Security, or a seasoned player looking for just another reference, this book is great.

Excellent. Couldn't ask for more........2005-08-13

I haven't run a Linux box since 2002. Some time ago, realizing that I'd soon have a chance to migrate to using Linux for everyday work, I decided I should start refreshing my *NIX commands and shell scripting. Then, I saw "Hardening Linux". Rather spontaneously, I decided to start with this security-focused title instead of the perhaps more intuitive path of installing the latest distro, setting up a bunch of daemons, installing databases, etc. That proved to be an excellent decision. "Hardening Linux" is not a small book. Yet, I read the 500 pages more or less cover to cover. Even though we're talking about a book of which purpose is to help you to secure your Linux server, I felt like I learned more about Linux reading this book than I've learned during the last year at work.

Turnbull kick starts the book by explaining user and group management, basics of the Linux file system security, how to verify downloaded packages, which tools and packages you probably should remove from a production server. By page 50, he had also shown how to compile your kernel with security flags and the Openwall project.

After the rather intense first chapter, the rest of the book's chapters each focus on a certain aspect of a system or a specific product, showing how to secure your system from that particular perspective. Most of these chapters are really top-notch compared to most of the online material I've resorted to in the past. For example, Turnbull presents the most intuitive tutorial on configuring the iptables firewall I've seen so far.

Another excellent description is the chapter on file system security. In my experience, the majority of developers dealing with Linux -- myself included -- don't really know much about Linux file system security beyond the basic file permission attributes. Thanks to chapter 4, I know twice as much about what's possible and what to look out for with regards to file permissions and ownership, and all those mysterious "special" characters that don't have to do with the basic read-write-execute stuff.

The author also covers the topics of syslog (and syslog-ng), secure remote connections (including SSL/TLS and SSH among other things), and gives a broad overview of common security analysis tools such as NMAP, Nessus, Ethereal, and tcpdump. Beyond those I already mentioned, Turnbull has written excellent chapters explaining how to secure your email servers (both sendmail and postfix), putting your FTP server into a chroot jail, and how to set up your DNS server and protect yourself from common attacks such as cache poisoning.

All in all, an excellent book on not just Linux security but also on Linux fundamentals. Highly recommended reading if you're running a Linux box you wouldn't want getting "0wn3d."

In-depth explanations with step-by-step techniques for securing Linux and common applications........2005-08-12

Hardening Linux by James Turnbull, stands out in my mind as a vitally important text that clearly lays out how to make your Linux boxes as secure as possible. Mr. Turnbull has done a remarkable job in delineating the potential vulnerabilities, and how to mitigate them. Each chapter covers a particular focus area in depth, with carefully worded and easy-to-follow examples. In the cases where you need to install some other piece of software to provide the extra security, he gives you the step-by-step details, leaving nothing for misinterpretation. This is one of those books that, as you finish each chapter, you'll want to apply your new-found knowledge to the machines at your disposal.

As each subsequent chapter unfolds, James explains very carefully how to tighten remote administration, files and file systems, mail, ftp, and DNS/BIND. Additional information is given on how to log important information securely, and efficiently monitor the data collected. In addition, tools for testing the security of your hosts is described very clearly, from the inside-out and the outside-in, along with explanations of how to detect penetrations and recover from them.

Writing about securing a computer system can be written on a few different levels, from the general suggestions which apply to just about any program, to the specific which apply to just one. Mr. Turnbull has chosen to pick commonly used programs and provide step-by-step procedures for locking them down. For example, if you are hardening a mail server, you will find descriptions of Sendmail and Postfix, but not of Qmail or Courier. While this might limit the appeal of the book to just those using the more common programs, it allows a depth that would be otherwise unavailable.

The only quibble I have is that his book does not go far enough. While the chosen types of applications are covered in great depth, some applications are missing. There is no coverage for a web server, such as Apache, or a database server, such as MySQL. I can only hope that a future edition of the book includes chapters on these and other categories of programs.

I definitely recommend Hardening Linux by James Turnbull to anyone who installs and maintains Linux servers. The information packed in this book is easy to follow, and will help you configure your systems very securely. The additional insights into why the configurations are important is extremely valuable in its own right. This book belongs on any Linux sysadmin's bookshelf.

Needed, practical advice.......2005-05-12

I strongly recommend this book for systems administrators and those running personal Linux systems. This book covers all of the basics of locking down a Linux system, and presents it in a way that is easy to understand and follow. In particular I was pleased with the sections on securing connections to the machine and the file system.

The basics that Linux users must understand.......2005-04-30

The book starts with the basics of hardening a Linux system to prevent purposeful attack as well as the inadvertently harm some users may cause. This basic section includes booting securely, securing virtual consoles, passwords, groups, users, authentication modules, package management, hardening your kernel, and removing development tools that are not needed.

Of course no book on hardening a system would be complete without discussing how to build an effective firewall. The section on firewalling is excellent and strikes a solid balance between a technical presentation and a user level presentation.

Other important areas include securing connections, secure remote administration, public-key encryption, securing files and file systems, mounting drives securely, securing removable drives, encrypting the file system, and file integrity using tripwire.

Of course setting all of that security up helps a lot but you still need to test the system to see that it works the way you want it to. The author examines several security testing tools to scan your system for root kits and weak passwords as well as using packet sniffers, the Snort intrusion detection system, and other tools.

The book assumes some very basic familiarity with Linux including a file editor, the grep utility, file permissions and ownership, user administration, package management, the purpose and layout of init and init scripts, the basics of networking (TCP/IP, subnetting, etc.), and mounting and unmounting a partition. Hardening Linux is a highly recommended book and provides a better overall view of Linux security than most similar choices.

Average customer rating:

super
The single best Apache security book in print
Excellent book...
Review of "Apache Security" by Ivan Ristic
Used every morning with coffee

Apache Security
Ivan Ristic
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Hacking | Business & Culture | Computers & Internet | Subjects | Books

Security | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Databases | Computers & Internet | Subjects | Books

Web Administration | Web Development | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books
Similar Items:

ASIN: 0596007248

Book Description

With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one. To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it--whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site. Our new guide, Apache Security, gives administrators and webmasters just what they crave--a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general. But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions. Administrators and programmers will learn how to:

install and configure Apache
prevent denial of service (DoS) and other attacks
securely share servers
control logging and monitoring
secure custom-written web applications
conduct a web security assessment
use mod_security and other security-related modules

And that's just the tip of the iceberg, as mainstream Apache users will also gain valuable information on PHP and SSL/ TLS. Clearly, Apache Security is packed and to the point, with plenty of details for locking down this extremely popular and versatile web server.

Customer Reviews:

super.......2007-03-08

Thanks a lot, we are very happy to have this book in our library!

The single best Apache security book in print.......2006-09-28

I recently received copies of Apache Security (AS) by Ivan Ristic and Preventing Web Attacks with Apache (PWAWA) by Ryan Barnett. I read AS first, then PWAWA. Both are excellent books, but I expect potential readers want to know which is best for them. The following is a radical simplification, and I could honestly recommend readers buy either (or both) books. If you are more concerned with a methodical, comprehensive approach to securing Apache, choose AS. If you want more information on offensive aspects of Web security, choose PWAWA.

Before I go further, I must mention that Ivan Ristic cites me and my books twice, on pages 2 and 229. While humbling, I tried not to let this fact influence my review.

AS is an extremely well-thought-out book. My favorite aspect of AS is the decision to start with a blank httpd.conf file, rather than accepting the file packaged with Apache and making edits as needed. By building up httpd.conf from scratch, the author shows exactly what components are needed in a very clear manner. This was not the approach used by PWAWA. I would like to see other technical books adopt this teaching method.

AS includes better coverage of several topics which I believe are core to securing Apache. I liked AS' discussion of chroot environments and jails, although the author should distinguish between chroot on Linux or BSD and jail on BSD alone. AS features a whole chapter on proper PHP deployment (Ch 3), and a whole chapter on SSL/TLS (Ch 4). AS devotes another chapter to explaining how to host multiple Web sites on one host (Ch 6), which is critical to many Apache environments. AS' chapter on Web infrastructure (CH 9) also covers topics not found in PWAWA.

AS is also less explicitly Linux-centric than PWAWA. As a primary FreeBSD user, I found AS' approach more applicable to my environment. PWAWA seemed to assume everyone was running Red Hat Linux. It's fine to use a single OS for all examples, but I had to personally identify tools and techniques that would probably only work on Red Hat.

I had very little trouble with any of the text in AS. My main concerns involve Ch 1, where the author spends time on certain security concepts. I would consider the following with regards to threat modeling on p. 5: (asset) what might be compromised; (motivation) why compromise; (vulnerabilities) where compromised; (attack) how compromised; (threat) who compromised you; (risk) threat X vulnerability X asset value. On pp 9-10 the author should also have used the risk equation just mentioned.

Overall, I really liked AS. The book really is about Apache security, so if you are more interested in attacking Apache you might prefer PWAWA. If you want to learn about Web application hacking in general, your best bets are probably Hacking Exposed: Web Applications, 2nd Ed, and Professional Pen Testing for Web Applications. I will read and review those two books shortly.

Excellent book..........2006-08-01

This book is worth every single dollar. The examples are very clear and also provide invaluable information about security.

A must have for everybody using Apacge.

Review of "Apache Security" by Ivan Ristic.......2006-03-02

Excellent book. The chapters on PHP and logging are especially useful.

Used every morning with coffee.......2006-02-05

I recently heard about a new book out that is just about Apache Security written by Ivan Ristic. I haven't ever really found many books on this topic and wondered why since its such a widely popular web server. Ivan Ristic is well known for being the single man behind an invaluable tool for web servers called mod_security.

So many security related books are very expensive and thousands of pages long, which is great if you have lots of time but no system admin does. Apache Security is both thorough and quick to get through while walking you through the most imporant issues you'll encounter or never thought about until now.

First off go buy the book, don't bother to read this review at http://www.webhostgear.com/313.html It's really that good. I use it on a daily basis and keep a copy at the office and at home. I advise anyone that owns a server or works with Apache to get this book, you won't be disappointed. It's not
for somoene that's completely a newbie to web servers, I recommend it more for someone with a bit of experience or advanced user of Linux. Since this isn't a book on dummy installations but about security so you need a basic understanding of file permissions and so on.

Hardening Network Infrastructure (Hardening)

Average customer rating:

VERY good book on network security!!!
Must have security book
Just what the DR ordered...
Good resource
A must have!!

Hardening Network Infrastructure (Hardening)
Wes Noonan
Manufacturer: McGraw-Hill Osborne Media
ProductGroup: Book
Binding: Paperback

General | Certification Central | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0072255021

Book Description

Customer Reviews:

VERY good book on network security!!!.......2004-10-29

Practical, hands-on 'guide' to securing your environment. Even includes securing those pesky wireless network upstarts! Very nuts-&-bolts. Real world applications, as shown by Mr. Noonan's inclusion of various network equipment and its operations. From implementations of firewall ACLs, AAA, routers & switches command line/GUI consoles, to deployment of VLANs, DMZs and intrusion detection systems - this book has got it all!!! No network admin should not have this on their book shelf!

Must have security book.......2004-06-02

It is evident that the author has real world knowledge and experience. His writing style is clear and easy to read but he still keeps it too a high technical level. The author isn't afraid to get into specifics on how to secure your infrastructure. Too many authors today seem to write their security books with vague suggestions on security but don't really give you anything really solid. I began using this book as a reference immediately for a big project I had coming up it gave me the info I needed. This book should be on anybody's shelf that's serious about security

Just what the DR ordered..........2004-05-24

I have been reading networking and infrastructure books for over 15 years and there are a few that make the grade as a keeper.. (one that ends up on ebay or sold in a garage sale is NOT a keeper :) I have this as my new 'keeper' and it will stay by my side and make a few trips up and down the west coast in my trusty laptop bag.
The fact that there are examples of each 'fix' or procedure that is important is a goldmine of information. My favorite line was early in the book when Wes made the statement.

"If you don't have a firewall, stop reading this book right now and go buy or build one and implement it on your network."

Now, how many books actually tell you to put it down and go do something then show you HOW to if you run into problems or have some questions.
Wes really wants to help you in beginning those first steps to protecting your data and network all the while being able to talk to all levels who touch or SHOULD be touching security.
From the CIO/CTO/IS Manager all the way down to the guy sitting in from of a Cisco command prompt. They are all taken care of with this book in clear concise explanations and very easy to grasp diagrams..

Rating: Buy...

rob in kirkland

Good resource.......2004-05-24

This is a good resource that serves as a starting point for anyone in the unenviable position of needing to get a network into a more secure posture. If this is your role it is a must have. It covers a lot of ground in a "how-to" manner, instead of the normal books of theory. There are lots of screen prints and step by step instructions for setting up things like TACACS, IPSEC, firewalls, ACL's etc...

A must have!!.......2004-05-21

If you are a LAN administrator you NEED this book for the section entitled, "Do This Now!", and you'll find the later sections informative as well. If you are involved in network planning or security design this is a must have. The book is laid out well and easy to read with a good logical flow from one topic to another. The language the author chose to use makes it a much easier read than some of the other stuff out there I've seen. I'm definitely glad I picked this one up!

Hardening Cisco Routers (O'Reilly Networking)

Average customer rating:

Great Thing in a Small Package
Hardening Cisco Router
Excellent filler to your library, maybe not essential though
A little thin
"The facts Ma'am, just the fact".

Hardening Cisco Routers (O'Reilly Networking)
Thomas Akin
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Hacking | Business & Culture | Computers & Internet | Subjects | Books

Security | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Certification Central | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Web Programming | Programming | O'Reilly | By Publisher | Books

General | Programming | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books
Similar Items:

ASIN: 0596001665

Amazon.com

To harden a router is to render it more heavily defended and more difficult to attack. Because routers (by definition) serve as points of entry into your network, it makes sense to devote extra effort to their security. Hardening Cisco Routers shows how to make adjustments to the configurations of routers from Cisco Systems to improve their resistance to attack, particularly external attack. This is essentially a book of specialized Internetwork Operating System (IOS) commands, as well as explanations of their behavior. It'll appeal to the router administrator--employed either by an organization's internal network staff, an outside consultancy, or a service provider--who wants to know which IOS commands he or she should add to routers' configuration files to tighten their security without a lot of hassle.

The great thing about this book is that you can approach it in either of two ways. If you just want to clamp down on your routers' security weaknesses as soon as possible, you can begin with the checklists at the end of each chapter (each of which focuses on a particular area, like SMTP) or the big one in an appendix, which is comprehensive. These checklists include both "how" and "why" information, as exemplified by "Disable ICMP broadcasts with the no ip directed-broadcast command." If you want more information on the big picture, or want to prepare for a specific kind of attack, read the individual chapters for detailed advice on how to set IOS to behave as you want. --David Wall

Topics covered: Internetwork Operating System (IOS) commands you can use to protect Cisco Systems routers from a variety of attacks. Specialized sections deal with security assessment, auditing, access control, privileges, optional services, and the legal importance of your login banners' contents.

Book Description

As a network administrator, auditor or architect, you know the importance of securing your network and finding security solutions you can implement quickly. This succinct book departs from other security literature by focusing exclusively on ways to secure Cisco routers, rather than the entire network. The rational is simple: If the router protecting a network is exposed to hackers, then so is the network behind it. Hardening Cisco Routers is a reference for protecting the protectors. Included are the following topics:

The importance of router security and where routers fit into an overall security plan
Different router configurations for various versions of Cisco?s IOS
Standard ways to access a Cisco router and the security implications of each
Password and privilege levels in Cisco routers
Authentication, Authorization, and Accounting (AAA) control
Router warning banner use (as recommended by the FBI)
Unnecessary protocols and services commonly run on Cisco routers
SNMP security
Anti-spoofing
Protocol security for RIP, OSPF, EIGRP, NTP, and BGP
Logging violations
Incident response
Physical security

Written by Thomas Akin, an experienced Certified Information Systems Security Professional (CISSP) and Certified Cisco Academic Instructor (CCAI), the book is well organized, emphasizing practicality and a hands-on approach. At the end of each chapter, Akin includes a Checklist that summarizes the hardening techniques discussed in the chapter. The Checklists help you double-check the configurations you have been instructed to make, and serve as quick references for future security procedures. Concise and to the point, Hardening Cisco Routers supplies you with all the tools necessary to turn a potential vulnerability into a strength. In an area that is otherwise poorly documented, this is the one book that will help you make your Cisco routers rock solid.

Customer Reviews:

Great Thing in a Small Package.......2007-08-13

Read it leisurely on Monday & Tuesday night. Write out your action plans & change controls on Wednesday & Thursday. Have a more secure network on Friday.

I bought this book with the Cisco Cookbook, and found this to be one of the most important books in a network admin's library. This is the security book that doesn't get mired down in endless pages of white papers. It simply points out major security flaws and holes, and why they should be covered.

What good is an Access List if you don't log what is or isn't stopping?
What good are your logs if you don't have timestamps backed up by NTP time sources?
What good is a complex password if 10 admins know it, and no one has individual logins?

The problems and solutions are quickly addressed with enough information to explain to your boss why this needs to be done. Then use the Cisco Cookbook or other guide to fine-tune your own solution that fits your needs.

Hardening Cisco Router.......2006-07-20

If you are new with cisco router's security I could suggest this book. However if you are advanced user, it would be wasted money.Overall I did not like the book...

Excellent filler to your library, maybe not essential though.......2005-08-22

No nonsense. No mucking around. Here's the problem, here's the solution. Have to say though, you probably wont find anything new to you inside this book; but its dead handy for checking you've covered most of your bases (then you'll write a common config script and probably never look at it again!! :) )

A little thin.......2004-06-24

It's nice to have all of this information in one place. A lot of it is available elesewhere but not all. The checklists are nice. But there's not so much to it. It doesn't cover any common hacks or vulnerabilities and is quite redundant to fill out the pages.

"The facts Ma'am, just the fact"........2004-06-02

Intended audiences: network administrators, security advisors/auditors, system architects.

This book is, pound for pound, among the best in my technical library.

Having almost no previous knowledge in router hardening (although I was aware of the basics of Cisco routers) a few hours with this book enabled me to review the "hardening" plan submitted by a highly paid security consultant, and provide useful comments on improving the proposal.

Book Description

Take a proactive approach to network security by implementing preventive measures against attacks--before they occur. Written by a team of security experts, this hands-on resource provides concrete steps you can take immediately as well as ongoing actions to ensure long-term security. Get complete details on how to systematically harden your network from the ground up, as well as strategies for getting company-wide support for your security plan.

Features a four-part hardening methodology:

Do This Now!--Checklist of immediate steps to take to lockdown your system from further attack
Take It From The Top--Systematic approach to hardening your enterprise from the top down
Once Is Never Enough!--Ongoing monitoring and assessment plan to keep your network secure, including patch management and auditing
How to Succeed--Strategies for getting budget approval, management buy-in, and employee cooperation for your security program

Customer Reviews:

Thorough overview of security improvement, but beware some details.......2006-02-04

As a security consultant I am sometimes asked for reference books for new security managers. These individuals need help bringing their enterprise under control. Hardening Network Security is a good book for this sort of problem, although it is important to recognize a few technical errors outlined below.

My favorite part of the book is Ch 1 ("Do these seven things before you do anything else"). The seven are (1) change default account settings; (2) use administrator accounts for administrator tasks only; (3) identify unused or unnecessary ports; (4) disable/shut down/remove unused and unnecessary services and daemons; (5) remove rogue connections; (6) set up filters for malicious content; and (7) test backup and restore procedures. Ch 1 was the most helpful section, in my opinion. The author should have mentioned Windows tools from SysInternals, however, and warned that rootkits obscure processes, files, and other information reported by compromised operating systems.

Part II gives hardening recommendations for the enterprise. Segmentation, identity management, authentication, Web services, mobile devices, stored data, databases, OS access control, encrypting transport, remote access, wireless, UNIX, IDS and incident response, malware, and "wetware" appear in Part II. Part III discusses operational issues like assessments, change management, patching, and security reviews. Part IV finishes with management politics and "security apathy."

A great deal of the material is helpful. Most of the book takes a high-level approach to enterprise security. Some sections (like the Web services chapter) are far too complex for managers; their eyes will cross while reviewing SOAP headers. Some sections have a dated feel, like the mention of standard and extended Cisco ACLs (Ch 2) without discussion of reflexive or other modern ACLs. The same chapter says routers filter at layer 3, ignoring the fact that the extended ACLs just mentioned operate at layer 4 (where TCP and UDP ports appear). Page 54 in Ch 2 says "circuit-level firewalls work at Layer 6, the presentation layer...[and] verify the handshaking process of each connection (SYN,ACK,SYN-ACK)." Ouch, that is wrong on multiple levels. One note on a typo -- in Figure 11.3, Zone 1 and Zone 3 should be interchanged.

Ch 6 mentions Bluetooth, but says Bluetooth attacks are "relatively close proximity" problems where "attacks on these types of devices [are] limited to 10 meters." We know this is not true. Ch 14 covers intrusion detection and response, which I reviewed closely. Page 369 makes the following odd statement: "Spanning and mirroring have inherent weaknesses, as they will not forward 100 percent of the traffic to the NIDS port. In addition, the mirrored switch can produce collisions, and the operation of the switch begins to approach the same functionality of a hub." That is a really bizarre claim, especially because the author's "solution" to this problem is worse than a SPAN port. He advocates using taps (on each "resource to monitor", which is expensive), and shows in Figure 14-1 connecting the tap outputs to a hub, where the IDS also listens. That configuration is guaranteed to drop traffic due to collisions; please see my blog for details.

There is a lot of good material in Hardening Network Security, so I didn't want to lower my rating for the several serious technical shortcomings I previously identified. Rather, buy the book, cross out the incorrect material listed, and enjoy the rest.

Common sense advice.......2005-02-23

This book is a useful compilation of common sense, practical security recommendations and procedures for the everyday manager or administrator. It is written in a way that covers a variety of critical topics without getting overly technical or talking of the sake of talking.

There are frequent references to additional resources you can use to drill down in any of the topic areas. The use of several authors to share their stronger areas makes this a better resource. The book does a good job of approaching timely security risks such as database and application security, as well as devoting several chapters to management issues of great use to technical staff and management.

The recurring "HEADS UP!" type of reference boxes are overly annoying, but I assume this is a publisher issue and they really don't detract from the content.

Good book with solid topic coverage.......2005-02-23

This book has some really good coverage. A lot of it is kindof high level, but good information none the less. This would be an ideal book for a technical manager to gain a broad understanding of the covered topics.

Professional Windows Desktop and Server Hardening (Programmer to Programmer)

Average customer rating:

Effectively Using Windows Internal Security
THE ONLY BOOK you need for Windows security
Security techniques for the novice and experienced

Professional Windows Desktop and Server Hardening (Programmer to Programmer)
Roger A. Grimes
Manufacturer: Wrox
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

Networking | Microsoft | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Windows Security | Security & Encryption | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

ASIN: 0764599909

Customer Reviews:

Effectively Using Windows Internal Security.......2006-07-04

Microsoft Windows is by far the most popular operating system, therefore it attracts the most attention from the bad guys that want to run their programs on your machine.

Microsoft has designed its operating systems to be easy to use, easy to customize. At first this was the way to go. Now, however, the bad guys have found that these very features make it easy to attack computer systems running Microsoft code.

While making their software easy to use, Microsoft has also provided a whole range of options and perameters that can be set to allow you the full functionality you need while tightening up a lot of ways the bad guys can get into your system.

This book concentrates on using these Windows features to enhance the security of the operating system. The author has been working in this area for twenty years or so, has published a hundred and fifty or so articles in magazines on security issues. Now he has compiled these previously scattered articles into a single book. It is, as best I can tell, the most complete book on Windows security. Fortunately it is also well written which tends to keep you from going to sleep. Let's face it, computer books are probably just as effective as those sleep aids you see advertised on TV.

THE ONLY BOOK you need for Windows security.......2006-06-26

This book is what it says:
Professional - goes way beyond what Joe Homebody needs, but Joe will enjoy the casual style, the unexpected humor, and the unfailingly complete wealth of security knowledge imparted by Mr. Grimes concise delivery. This is not just a theory book, though the theory is explained, it is a "doing" book, complete with instruction lists and screen shots to guide you through the steps.
Windows Desktop and Server - if you own a Windows-based computer of any kind, this book will help you secure it. It includes not only basic Windows security concepts that would help you with troubleshooting problems on Windows 9X machines at home, but also the latest and most current security techniques to be employed in securing Windows XP, Windows 2000, and Windows 2003 Server for the most demanding DoD, Private Sector, or Homeland Security environments. The strategies discussed will be just as useful on the new Vista operating system currently under development by Microsoft.
Hardening - Every Windows computer is installed with minimum security so that we idiots won't be accidentally locked out of our own stuff. This book guides us from vulnerability to vulnerability and explains:
- 1. What is the vulnerability?
- 2. What is the theory behind minimizing the vulnerability?
- 3. What steps must be taken to perform the preventive measure?
- 4. How can I automate this preventive measure to secure a domain or even an enterprise-wide network?
On this last point, it is noteworthy that the book guides you through the areas of the Active Directory and particularly through the use of Group Policy Objects (GPO's) that will allow an enterprise administrator the ability to replicate a strong and consistent security policy throughout the enterprise from the top down. There is no area of vulnerability that is not discussed.
Finally, Mr. Grimes's 30-page list of "Where Malware Hides" is the only complete listing of its kind ever published - AND THIS LIST ALONE IS WORTH THE COST OF THE BOOK. The way I look at it, the other 540 pages are a bonus thrown in just for free!

Security techniques for the novice and experienced.......2006-06-01

Professional Windows Desktop and Server Hardening is by far one of the best security books written for Windows, hands down. The authors grasp on the internal workings of both client and server operating systems come through in his writing. One of the most important aspects of the book is it's an easy read.

Roger ensures that the reader is aware of some of the simpler security techniques before diving into areas that the average IT professional may not have thought of, but hackers and malicious code writers do. In addition to the over 500 pages of valuable information Roger includes web site addresses for further research into a vulnerability, technique or story.

I will definitely be recommending this to my colleagues and hope others will purchase this book. If all IT professionals followed the advice in this book, the networks of the world (and the Internet as a whole) would be a much more secure place.

Greg Pastorelli
MCSE:Security, MCDST, C|EA, Security+, Network+, A+

Average customer rating:

Secure Your Network for Free
Eric Seagren
Manufacturer: Syngress
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Certification Central | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 1597491233

Book Description

This is the only book to clearly demonstrate how to get big dollar security for your network using freely available tools. This is a must have book for any company or person with a limited budget.

Network security is in a constant struggle for budget to get things done. Upper management wants thing to be secure but doesnt want to pay for it. With this book as a guide, everyone can get what they want. The examples and information will be of immense value to every small business. It will explain security principles and then demonstrate how to achieve them using only freely available software.

* Teachers you how to implement best of breed security using tools for free
* Ideal for anyone recomending and implementing new technologies within the company
* Companion Web site contains dozens of working scripts and tools

Average customer rating:

Minimum skills required of review "writer"-->Valdez Ladd
Hardening Linux

Hardening Linux (Hardening)
John Terpstra , Paul Love , Ronald P. Reck , and Tim Scanlon
Manufacturer: McGraw-Hill Osborne Media
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

General | Operating Systems | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Linux Security | Security & Encryption | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0072254971

Book Description

Bulletproof your system before you are hacked! From the publisher of the international best-seller, Hacking Exposed, here is a brilliant new offering written with a passion for security that will help you make the necessary upgrades and take the essential steps to secure your Linux systems. The concise and consistent approach breaks down security into logical parts, giving you actions to take immediately, information on hardening your system from the top down, how to plan and maintain an interative security strategy and finally, how to navigate the "soft issues" of how to garner management and employee support for your security strategy. Features examples in the most frequently used enterprise Linux distributions, Red Hat Enterprise Server 3.0, SuSE SLES 8.1 and a sneak preview of SuSE SLES 9.0

Customer Reviews:

Minimum skills required of review "writer"-->Valdez Ladd .......2006-03-03

People in glass houses shouldn't throw rocks. One would expect people providing criticisms of written works have the ability themselves to construct at least a single grammatical sentence.

The "dating" of the book should come as no surprise to individuals who check what operating systems it covers before purchasing it.

Hardening Linux .......2005-09-28

This book is badly dated.

Worse it shows configs for new to Linux administrators and leaves the harder configurations missing time after time. No SELinux just cron, SSH, password and file permissions utilities.

Fortunately I brought both the Linux Troubleshooting Bible and the Network Security Bible. I recommend both for those starting Linux security administration.

(...)
Center for Internet Security

Valdez Ladd
CCNA, CIW-SP, CCSA, CWNA, I-NET+

Books:

Books Index

Books Home

Recommended Books