5
1
![IIS Security](http://img.images-bn.com/static/redesign/srcs/images/grey-box.png?v11.9.4)
![IIS Security](http://img.images-bn.com/static/redesign/srcs/images/grey-box.png?v11.9.4)
Paperback
$61.00
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
61.0
In Stock
Overview
This work provides coverage of Web security threats and vulnerabilities on the Internet and on intranets. It gives advice on how to detect and respond to security breaches. It also covers the basic security tools that come with IIS and are managed with the IIS Administration console, shows the weaknesses of these tools, and provides more sophisticated tools that can be utilized to protect the IIS server. Included are implementation techniques on multiple security methods, such as authentication, encryption, authorization, filtering and restrictions to protect against hacking and loss.
Product Details
ISBN-13: | 9780072224399 |
---|---|
Publisher: | McGraw-Hill/Osborne Media |
Publication date: | 07/29/2002 |
Series: | Security Ser. |
Pages: | 468 |
Product dimensions: | 7.60(w) x 9.24(h) x 1.05(d) |
Table of Contents
Acknowledgments | xvii | |
Introduction | xix | |
Part I | Exposure, Risk, and Prevention | |
1 | Web Security Threats | 3 |
Security Incidents | 4 | |
Defensive Objectives | 7 | |
Hacker Strategies | 7 | |
Security Is Interdependent | 9 | |
Hacking Methodology | 12 | |
Checklist of Threats | 17 | |
2 | Defacing, Damage, and Denial | 19 |
The Source of the Problem | 20 | |
An Internet Protocol Primer | 21 | |
Known Vulnerabilities | 25 | |
Opportunistic Scanning | 32 | |
Vulnerability Exploits | 38 | |
Checklist of Known Vulnerabilities | 51 | |
3 | Preparing and Hardening Your Web Server | 53 |
Plan Ahead | 54 | |
Secure Installation Requirements | 55 | |
Hardening the System | 65 | |
Secure Physical, Boot, and Media Settings | 88 | |
Installation Planning Checklist | 91 | |
Hardening Recommendations Checklist | 91 | |
4 | Accounts, Authorization, and Security Policy | 93 |
Applying Security Policy | 94 | |
Windows 2000 and IIS Security Concepts | 95 | |
Tools for Local Security Management | 99 | |
Configuring Web Server Access Control for Windows 2000 | 107 | |
Configure IIS Site Attributes and Properties | 127 | |
Checklist for Windows 2000 Account Authorization | 135 | |
Checklist for IIS Site Properties | 136 | |
5 | Security Auditing and Logging | 137 |
Site Monitoring Overview | 138 | |
Logging Setup and Maintenance Procedures | 143 | |
Auditing | 159 | |
Logging and Auditing Checklist | 170 | |
Part II | Administration | |
6 | Deployment Issues | 175 |
Recovery Plan | 176 | |
Network Layout and Filtering on an Intranet | 187 | |
Securing the Network Perimeter | 194 | |
Securing Remote Management | 197 | |
Deployment Preparation Checklist | 201 | |
7 | The Security Management Lifecycle | 203 |
Lifecycle Methodology | 204 | |
Vulnerability Assessments and Proactive Monitoring | 205 | |
Incident Response | 219 | |
Management Lifecycle Checklist | 222 | |
8 | Using Encryption | 223 |
The Basics of Encryption | 225 | |
Using IIS Secure Communications | 231 | |
Checklist for Configuring SSL | 244 | |
9 | Third-Party Security Enhancements | 245 |
Firewalls | 248 | |
Intrusion Detection Systems | 255 | |
Log Analyzers | 259 | |
Virus Scanners | 260 | |
Security Awareness Training | 263 | |
Change Control | 264 | |
Performance and Access-Control Hardware | 266 | |
Additional Recommended Security Enhancements | 270 | |
Checklist | 276 | |
Part III | Advanced Topics | |
10 | Securing FTP, NNTP, and Other IIS Services | 281 |
Installing IIS Subcomponents | 282 | |
FTP (File Transfer Protocol) Service | 283 | |
NNTP (Network News Transport Protocol) Service | 293 | |
Microsoft Index Server and the Content Index Service | 302 | |
SMTP (Simple Mail Transport Protocol) Service | 306 | |
Starting and Stopping Services | 313 | |
Windows Media Services | 313 | |
Simple TCP/IP Services | 315 | |
Checklist | 316 | |
11 | Active Content Security | 319 |
Active Content Technologies | 320 | |
Common Gateway Interface | 321 | |
Folder Structures for Active Content | 324 | |
Application Mappings | 327 | |
Source Control | 330 | |
Validating User Input | 333 | |
ISAPI Filters | 340 | |
Additional Methods for Securing Access to Web Content | 343 | |
Debugging Active Content | 347 | |
Code Signing | 353 | |
FrontPage Server Extensions | 354 | |
Robots and Spiders | 362 | |
Checklist | 365 | |
12 | Web Privacy | 367 |
What Is Web Privacy? | 368 | |
Privacy Principles and Practice | 374 | |
Privacy Laws | 380 | |
Tools for Building and Implementing Privacy Policies | 388 | |
Web Privacy and Liability | 396 | |
Web Privacy and E-mail | 399 | |
Final Thoughts | 404 | |
Checklist | 405 | |
Part IV | Appendixes | |
A | Security Resources | 409 |
Security Web Sites | 410 | |
Hacker Web Sites | 411 | |
B | Glossary | 413 |
C | Reference Tables | 431 |
Suggested Directory Permissions for Windows 2000 and IIS | 432 | |
Local Security Policy Settings | 434 | |
Packet Filtering Protocol Numbers | 443 | |
D | Microsoft IIS Authentication Methods | 449 |
Anonymous Authentication | 450 | |
Basic Authentication | 450 | |
Integrated Windows Authentication | 451 | |
Client Certificate Mapping | 451 | |
Index | 453 |
From the B&N Reads Blog
Page 1 of