Apache Security (Paperback)
Ivan Ristic
- 出版商: O'Reilly|英文2書85折
- 出版日期: 2005-04-05
- 售價: $1,390
- 貴賓價: 9.5 折 $1,321
- 語言: 英文
- 頁數: 432
- 裝訂: Paperback
- ISBN: 0596007248
- ISBN-13: 9780596007249
-
相關分類:
資訊安全
海外代購書籍(需單獨結帳)
買這商品的人也買了...
-
$650$514 -
$690$587 -
$590$466 -
$590$466 -
$780$663 -
$480$379 -
$750$593 -
$580$493 -
$680$537 -
$700$686 -
$990$782 -
$650$553 -
$650$507 -
$450$405 -
$550$468 -
$590$460 -
$580$452 -
$620$527 -
$780$702 -
$520$442 -
$600$474 -
$650$507 -
$980$774 -
$760$600 -
$880$616
相關主題
商品描述
Description:
With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one.
To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it--whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site.
Our new guide, Apache Security, gives administrators and webmasters just what they crave--a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general.
But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions. Administrators and programmers will learn how to:
- install and configure Apache
- prevent denial of service (DoS) and other attacks
- securely share servers
- control logging and monitoring
- secure custom-written web applications
- conduct a web security assessment
- use mod_security and other security-related modules
And that's just the tip of the iceberg, as mainstream Apache users will also gain valuable information on PHP and SSL/ TLS. Clearly, Apache Security is packed and to the point, with plenty of details for locking down this extremely popular and versatile web server.
Table of Contents:
Preface
1. Apache Security Principles
Security Definitions
Essential Security Principles
Common Security Vocabulary
Security Process Steps
Threat Modeling
System-Hardening Matrix
Calculating Risk
Web Application Architecture Blueprints
User View
Network View
Apache View
2. Installation and Configuration
Installation
Source or Binary
Static Binary or Dynamic Modules
Folder Locations
Installation Instructions
Configuration and Hardening
Setting Up the Server User Account
Setting Apache Binary File Permissions
Configuring Secure Defaults
Enabling CGI Scripts
Logging
Setting Server Configuration Limits
Preventing Information Leaks
Changing Web Server Identity
Changing the Server Header Field
Removing Default Content
Putting Apache in Jail
Tools of the chroot Trade
Using chroot to Put Apache in Jail
Using the chroot(2) Patch
Using mod_security or mod_chroot
3. PHP
Installation
Using PHP as a Module
Using PHP as a CGI
Choosing Modules
Configuration
Disabling Undesirable Options
Disabling Functions and Classes
Restricting Filesystem Access
Setting Logging Options
Setting Limits
Controlling File Uploads
Increasing Session Security
Setting Safe Mode Options
Advanced PHP Hardening
PHP 5 SAPI Input Hooks
Hardened-PHP
4. SSL and TLS
Cryptography
Symmetric Encryption
Asymmetric Encryption
One-Way Encryption
Public-Key Infrastructure
How It All Falls into Place
SSL
SSL Communication Summary
Is SSL Secure?
OpenSSL
Apache and SSL
Installing mod_ssl
Generating Keys
Generating a Certificate Signing Request
Signing Your Own Certificate
Getting a Certificate Signed by a CA
Configuring SSL
Setting Up a Certificate Authority
Preparing the CA Certificate for Distribution
Issuing Server Certificates
Issuing Client Certificates
Revoking Certificates
Using Client Certificates
Performance Considerations
OpenSSL Benchmark Script
Hardware Acceleration
5. Denial of Service Attacks
Network Attacks
Malformed Traffic
Brute-Force Attacks
SYN Flood Attacks
Source Address Spoofing
Distributed Denial of Service Attacks
Reflection DoS Attacks
Self-Inflicted Attacks
Badly Configured Apache
Poorly Designed Web Applications
Real-Life Client Problems
Traffic Spikes
Content Compression
Bandwidth Attacks
Cyber-Activism
The Slashdot Effect
Attacks on Apache
Apache Vulnerabilities
Brute-Force Attacks
Programming Model Attacks
Local Attacks
PAM Limits
Process Accounting
Kernel Auditing
Traffic-Shaping Modules
DoS Defense Strategy
6. Sharing Servers
Sharing Problems
File Permission Problems
Dynamic-Content Problems
Sharing Resources
Same Domain Name Problems
Information Leaks on Execution Boundaries
Distributing Configuration Data
Securing Dynamic Requests
Enabling Script Execution
Setting CGI Script Limits
Using suEXEC
FastCGI
Running PHP as a Module
Working with Large Numbers of Users
Web Shells
Dangerous Binaries
7. Access Control
Overview
Authentication Methods
Basic Authentication
Digest Authentication
Form-Based Authentication
Access Control in Apache
Basic Authentication Using Plaintext Files
Basic Authentication Using DBM Files
Digest Authentication
Certificate-Based Access Control
Network Access Control
Proxy Access Control
Final Access Control Notes
Single Sign-on
Web Single Sign-on
Simple Apache-Only Single Sign-on
8. Logging and Monitoring
Apache Logging Facilities
Request Logging
Error Logging
Special Logging Modules
Audit Log
Performance Measurement
File Upload Interception
Application Logs
Logging as Much as Possible
Log Manipulation
Piped Logging
Log Rotation
Issues with Log Distribution
Remote Logging
Manual Centralization
Syslog Logging
Database Logging
Distributed Logging with the Spread Toolkit
Logging Strategies
Log Analysis
Monitoring
File Integrity
Event Monitoring
Web Server Status
9. Infrastructure
Application Isolation Strategies
Isolating Applications from Servers
Isolating Application Modules
Utilizing Virtual Servers
Host Security
Restricting and Securing User Access
Deploying Minimal Services
Gathering Information and Monitoring Events
Securing Network Access
Advanced Hardening
Keeping Up to Date
Network Security
Firewall Usage
Centralized Logging
Network Monitoring
External Monitoring
Using a Reverse Proxy
Apache Reverse Proxy
Reverse Proxy by Network Design
Reverse Proxy by Redirecting Network Traffic
Network Design
Reverse Proxy Patterns
Advanced Architectures
10. Web Application Security
Session Management Attacks
Cookies
Session Management Concepts
Keeping in Touch with Clients
Session Tokens
Session Attacks
Good Practices
Attacks on Clients
Typical Client Attack Targets
Phishing
Application Logic Flaws
Cookies and Hidden Fields
POST Method
Referrer Check Flaws
Process State Management
Client-Side Validation
Information Disclosure
HTML Source Code
Directory Listings
Verbose Error Messages
Debug Messages
File Disclosure
Path Traversal
Application Download Flaws
Source Code Disclosure
Predictable File Locations
Injection Flaws
SQL Injection
Cross-Site Scripting
Command Execution
Code Execution
Preventing Injection Attacks
Buffer Overflows
Evasion Techniques
Simple Evasion Techniques
Path Obfuscation
URL Encoding
Unicode Encoding
Null-Byte Attacks
SQL Evasion
Web Application Security Resources
General Resources
Web Application Security Resources
11. Web Security Assessment
Black-Box Testing
Information Gathering
Web Server Analysis
Web Application Analysis
Attacks Against Access Control
Vulnerability Probing
White-Box Testing
Architecture Review
Configuration Review
Functional Review
Gray-Box Testing
12. Web Intrusion Detection
Evolution of Web Intrusion Detection
Is Intrusion Detection the Right Approach?
Log-Based Web Intrusion Detection
Real-Time Web Intrusion Detection
Web Intrusion Detection Features
Using mod_security
Introduction
More Configuration Advice
Deployment Guidelines
Detecting Common Attacks
Advanced Topics
Appendix: Tools
Index