Web Security Field Guide
暫譯: 網路安全實務指南

Hands-on techniques for securing Windows(r) servers, browsers, and network communications

• Create effective security policies and establish rules for operating in and maintaining a security- conscious environment
• Learn how to harden Windows multi-user platforms, including NT, 2000, and XP
• Understand secure installation options for Windows web servers and how to enhance security on existing web and FTP server installations
• Improve security at the end user's workstation, including web browsers, desktops, and laptops
• Evaluate the pros and cons of installing a certificate server and becoming your own Certification Authority
• Learn the Cisco PIX Firewall and Cisco IOS Firewall architecture and how to apply Cisco standard and extended access lists
• Discover ways to test the current state of security and keep it up to date
• Learn to engage end users as part of the overall network security solution

While the Internet has transformed and improved the way we do business, this vast network and its associated technologies have opened the door to an increasing number of security threats. The challenge for successful, public web sites is to encourage access to the site while eliminating undesirable or malicious traffic and to provide sufficient levels of security without constraining performance or scalability. The more reliant organizations become on the Internet to perform daily jobs or conduct transactions, the greater the impact a breach of network security has. Just as Cisco Systems has been an innovator in using the Internet to conduct business, so too is it a market leader in the development and sale of products and technologies that protect data traveling across the Internet. Yet a network security solution is only as strong as its weakest link. Network attacks can occur at any point, including the network connection, the firewall, the web server, or the client. Hardening the defenses at all these points is key to creating an effective, all-encompassing network security solution.

Web Security Field Guide provides you with hands-on, proven solutions to help patch the most common vulnerabilities of Windows(r) web servers and browsers within the context of an end-to-end network security architecture. Avoiding conceptual discussions of underlying technologies, the book spends little time discussing how each application works. Using plain language and lots of step-by-step examples, the book instead focuses on helping you secure your web servers and prevent the majority of network attacks. Divided into five parts, the book opens with an overview of essential background information and helps you establish working network security rules and policies. Parts II through IV teach you the techniques for hardening the operating system, the web server, and the browser. Part V of the book addresses overall network security, focusing on preventing and controlling access. Topics such as becoming a Certification Authority, Cisco PIX(r) Firewall, Cisco IOS(r) Firewall, access lists, ongoing security maintenance, and testing are all examined in-depth, providing an overall network security plan that can drastically reduce the risk to your business systems and data.

Full of diagrams, screen captures, and step-by-step instructions for performing simple tasks that can radically improve the security of your Internet business solutions, Web Security Field Guide is a practical tool that can help ensure the integrity and security of your business-critical applications.

Table of Contents

Introduction.

I. THE FUNDAMENTALS OF WEB SECURITY.

1. Essential Information for Web Security Administrators.
2. Security Policies.

II. HARDENING THE SERVER.

3. Windows System Security.

III. INSTALLING AND PROTECTING IIS.

4. IIS Installation.
5. Enhancing Web Server Security.
6. Enhancing the FTP Server.

IV. PROTECTING THE USER.

7. Browser Security.
8. Desktop/Laptop Security.

V. PROTECTING THE NETWORK.

9. Becoming a Certification Authority (CA).
10. Firewalls.
11. Maintaining Ongoing Security.
12. What You Can Do.

VI. APPENDIXES.

Appendix A. Customizing Internet Explorer Error Messages.
Appendix B. Decoding Base64.
Appendix C. Contents of the WSFG Web Site.