Internet Site Security (Paperback)

by Erik Schetina (Author), Ken Green (Author), Jacob Carlson (Author)

Editorial Reviews

Amazon.com Review
Keeping an Internet server safe from bad guys is a serious undertaking. For one thing, the server's very mission--providing access to information to legitimate users across the Internet--makes it hard to provide security transparently. On top of that, the hacker universe is extremely large and diligent and can devote all kinds of time to devising new attacks. Just keeping up with software publishers' patches and recommended procedures can be a serious drain on your time. Internet Site Security aims to make the server security mission a little easier by briefing its readers on general risks and recommended security strategies. The team of three authors focuses on TCP/IP generically, with a little bit of extra information on HTTP and SNMP. Other Web services, such as mail transport, FTP, and distributed applications, aren't well covered.

The authors--all engineers from the same security consultancy, one of whom has his Certified Information Security Systems Professional (CISSP) rating--do a good job of explaining some of the ways in which nefarious types come after your servers. Readers learn what a denial-of-service attack is, and how a man-in-the-middle scheme works. It's all accurate and fairly comprehensive, though there's nothing really revolutionary about it. This is just solid coverage of the security issues surrounding servers that provide Internet services to a wide and generally unsecured audience. If you've not read about that before, this book is a decent choice. --David Wall

Topics covered: The sorts of attacks to which Internet-connected servers are subject, explained in a TCP/IP-centric and generally operating-system-neutral way.

From the Back Cover

In this book you'll learn all the fundamental techniques and technologies needed to develop a secure connection to the Internet. Before selecting a firewall, VPN, or intrusion detection system, you must define exactly what your information assets are, who needs to get to them, and what the external and internal threats to those assets are. Internet Site Security walks you through the process of assessing your Internet environment and developing the procedural and technical policies required to protect your critical information and network resources.

After helping you develop an information security program, this book details the technologies required to implement network and server security measures. You will learn about the real-world details (and "gotchas") of firewalls, virtual private networks, authentication, and intrusion detection. You'll then put the pieces together using several architectures suitable for the enterprise and for small business networks. Finally, the book examines the common mistakes that custom Internet application developers often make and provides solutions that all software developers should know to ensure that their code can weather the harsh environment of the Internet.

In Internet Site Security you will

• Learn how to develop a complete strategy for deploying a secure Internet site
• Examine typical Internet site architectures and security considerations using real-world examples
• Learn strategies for justifying a security budget to management
• Understand how to secure Windows NT^®/2K and Unix^® operating systems
• Develop secure Internet applications
• Create secure Internet site architectures that integrate firewalls, intrusion detection,
• networking components, and policy
• Build an Incident Response Plan and learn how to conduct forensic investigations

0672323060B03282002

See all Editorial Reviews

Product Details

• Paperback: 432 pages
• Publisher: Pearson Education; 1st edition (March 11, 2002)
• Language: English
• ISBN-10: 0672323060
• ISBN-13: 978-0672323065
• Product Dimensions: 9.2 x 7.4 x 1 inches
• Shipping Weight: 1.6 pounds
• Average Customer Review: 4.8 out of 5 stars See all reviews (5 customer reviews)
• Amazon.com Sales Rank: #903,607 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

6 of 6 people found the following review helpful:

5.0 out of 5 stars practical and intuitive, April 25, 2002

By	Jake Luck (New York, NY USA) - See all my reviews

This book covers the subject of Internet Security in a comprehensive manner. It contains excellent coverage on modern penetration/exploitation techniques as well as proper forensic procedures. The book shows you how to build a secure infrastructure and how to proactively deploy security policies, something that should be emphasized in every organization. It offers valuable insight on integration of a security infrastructure into an existing enterprise environment, covering both technical and political ramifications. The book discusses in-depth the strengths and weaknesses of various Intrusion Detection Systems and FireWall architectures. It also provides excellent coverage on IPSec and PAM; better than any documents that I have read on the Internet. The book provides both breadth and depth. It is neither a book all about theories and policies nor just another compilation of internet articles and mailing list discussions. Many insight gleaned from the authors' industry experience have shined through this book. It is a worth read even for a senior security engineer.

4 of 4 people found the following review helpful:

5.0 out of 5 stars A completely "user friendly" instructional guide, December 7, 2002

By	Midwest Book Review (Oregon, WI USA) - See all my reviews

Collaboratively written by Erik Schetina (CTO for TrustWave Corporation), and TrustWave Corporation senior security engineers Ken Green and Jacob Carlson, Internet Site Security is a much-needed and completely "user friendly" instructional guide to implementing solid and reliable security measures for a personal or professional internet site. Individual chapters provide an informationally useful overview of basic types of security, and address specific issues such as network and application protocols (TCP/IP), operating system and server software issues from Windows NT and 2000 to Linux and Unix, Intrusion-Detection Systems, common security mistakes in internet applications, and much, much more. Internet Site Security is a very highly recommended (if not downright indispensable) resource for surviving in today's era of cyber-crime.

2 of 2 people found the following review helpful:

5.0 out of 5 stars Superb practical book, July 26, 2002

By	Roy Madden (Dublin, Ireland) - See all my reviews

This really is a superb book. The evidence that the authors are hands on types who have implemented what they describe is very apparent, and take it from someone who has been doing security for years, the problems they describe are what you experience in real life. It's a refreshing change from other books which describe the products/technologies as if they were reading a feature list - it's hard to find a book packed with real life experience.

I'd describe it as a 'mid level' book, i.e. if you need detailed knowledge of x509 etc you need a seperate tome - but if you want a fairly detailed overview of the majority of risks affecting your web site, this is the book to choose.