Product Description
Web Security eschews lengthy discussions of security theory in favor of a practical step-by-step approach. Each section is built around a "checklist" of items that readers can use to evaluate the security of their existing Web site and take action to improve it. In addition to protecting against intruders, readers will learn how to protect a Web site from other hostile Web sites. Readers will learn which resources require protection, and how they may currently be at risk. Stein explains basic strategies for protecting an existing Web site with as little cost and disruption as possible. Also covered are the risks and security solutions associated with implementing Internet services on a Web site - including http, conferencing, email, ftp, and news gateways.
From the Author
Web Security: What's to Worry About? Unfortunately, there's a lot to worry about. If you are an end user, you might think that Web surfing is safe and entirely anonymous. It's not. Active content, such as ActiveX controls and Java applets, introduces the possibility that Web browsing will introduce viruses and other types of malicious software into your system. Even without active content, the very act of browsing leaves an electronic record of your surfing history from which unscrupulous individuals can reconstruct a very accurate profile of the your tastes and habits.
If you are a Webmaster, an attack on your site can threaten your job security. Whether motivated by thrills or financial gain, Internet vandals break into Web sites with unnerving regularity. The results can range from the merely embarassing (when you discover one morning that your site's home page has been replaced by an obscene parody), to the acutely damaging (when you suffer the theft of your entire database of customer information.)
If you are the network administrator, a Web server represents yet another way that your local network's security can be compromised. A poorly configured Web server can punch a hole in the most carefully designed firewall system. Conversely, a poorly configured firewall can make a Web site impossible to use. Things are particularly complicated in intranet environments, where the Web server must be configured to recognize and authenticate various groups of users, each with distinct access privileges. Active content also has implications for network administrators, as Web browsers provide a pathway by which malicious software can bypass the firewall system and enter the local area network.
Finally, both end users and Webmasters need to worry about the confidentiality of the data transmitted across the Web. The TCP/IP protocol was not designed with security in mind; hence it is vulnerable to network eavesdropping. When confidential documents are transmitted from the Web server to the browser, or when the end-user sends private information back to the server inside a fill-out form, someone may be listening in.
This book started out life some years ago as the World Wide Web Security FAQ (Frequently Asked Questions -- with answers), a practical on-line list of do's and don'ts for Webmasters. It was an instant hit, and soon grew to cover the topics of end user privacy, safe CGI scripting, cryptography, site access control, operating system security, certificate server management, remote authoring, firewall configuration and an ever-expanding list of security holes in popular Web servers and authoring tools. When the FAQ got too large to easily maintain in on-line form, I transformed it into this book, which still retains the down to earth flavor of the original.
Table of Contents:
Preface
1. What Is Web Security?
2. Basic Cryptography
3. SSL, SET, and Digital Payment Systems
4. Using SSL
5. Active Content
6. Web Privacy
7. Server Security
8. UNIX Web Servers
9. Windows NT Web Servers
10. Access Control
11. Encryption and Certificate-Based Access Control
12. Safe CGI Scripting
13. Remote Authoring and Administration
14. Web Servers and Firewalls
Index
See all Product Description
With an Amazon.co.uk 
