Maximum Apache Security - Timothy Anonymous

Maximum Apache Security

Buch | Softcover
696 Seiten
2002
Sams Publishing (Verlag)
978-0-672-32380-5 (ISBN)
45,90 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
A complete guide to securing the worlds most popular Web server, written by the original Maximum Security author.
Many of the high-profile attacks on prominent Web sites of the last couple years are a direct result of poor Web site or Web application security.

With more than 65 percent of Web sites using the Apache Web server and the Apache-based open source Web development environment and with the risk of sabotage greater than ever Apache administrators and developers need to know how to build and maintain secure Web servers and Web applications.

Yet most of the currently available Apache books lack detailed information on important Web administration topics like security. Maximum Apache Security details the complex security weaknesses and risks of Apache, and provides hands-on solutions for keeping a Web site secure and buttressed against intruders. It includes up-to-date coverage of both Apache 2.0 as well as Apache 1.3.

Anonymous is a self-described Unix and Perl fanatic who lives in southern California. He currently runs an Internet security consulting company, and is at work building one of the worldÕs largest computer security archives. He also moonlights doing contract programming for several Fortune 500 firms. Anonymous is also the author of the acclaimed Maximum Security and Maximum Linux Security books.

(NOTE: Each chapter concludes with a Summary.)

Introduction.


Why Did I Write This Book? What This Book Will Tell You. System Requirements. This Book's Organization. About Examples in This Book.

I. GETTING STARTED.

1. How Apache Handles Security.


Generic HTTP Security Considerations. Apache Security Facilities. Apache Extensibility. Things Apache Can't Defend Against.

II. CREATING A SECURE APACHE HOST SERVER.

2. The Risks: Cracking Apache.


Inherent Risks of Running a Web Server. Sobering Statistics to Consider. How Security Disasters Develop.

3. Establishing Minimum Server Security.


Physical Security Concepts. Server Location and Physical Access. Network Topology. BIOS and Console Passwords. Media and Boot Security. Anti-Theft Devices.

4. Environmental Hazards: Apache and Your Operating System.


Apache and Your Underlying Operating System. Environmental Risks Common to Unix. Environmental Risks Common to Windows. Other Environmental Risks.

5. Apache, Databases, and Security.


Apache Database Support. Apache and Proprietary Databases. Apache and MySQL. PostgreSQL. Apache and Commercial SQL Packages. General Database Security Measures.

III. HACKING APACHE'S CONFIGURATION.

6. Apache Versions and Security.


Brief History of Apache Versions. Security Issues Common to Apache Releases. Patch Maintenance and Other Measures.

7. Version 2.0 IPv6 Support.


What Is IPv6? IPv6 and Security. Why Does Apache Support IPv6? Apache and IPv6 Addressing. IPv6 Address Issues in Development. Listen, NameVirtualHost, and VirtualHost. IPv6 Implementations.

8. Overlording Apache Server: General Administration.


Permissions and Apache Server. URL Mapping and Security. Resource Usage. Apache Server Tools.

9. Spotting Crackers: Apache Logging Facilities.


What Is Logging, Exactly? How Apache Handles Logging. httpd Logs. Some Security Caveats About Logs. Piped Logs. The SetEnvIf Directive and Conditional Logging. Other Interesting Apache-Related Logging Tools. Other Interesting Logging Tools Not Specific to Apache.

IV. RUNTIME APACHE SECURITY.

10. Apache Network Access Control.


What Is Network Access Control? How Apache Handles Network Access Control: Introducing mod_access. Using Network Access Control in Apache (httpd.conf). Virtual Hosts and Network Access Control.

11. Apache and Authentication: Who Goes There?


What Is Authentication? How Apache Handles Basic Authentication: Introducing mod_auth. Htpasswd. Weaknesses in Basic HTTP Authentication. DBM File-Based Authentication: Introducing mod_auth_dbm. HTTP and Cryptographic Authentication. SSL-Based Authentication. Other Tools for Extending Apache's Authentication. Holes in Apache Authentication: Historical Perspective.

12. Hacking Secure Code: Apache at Server Side.


Apache Language Support. What Is Server-Side Programming? General CGI Security Issues. Spawning Shells. Buffer Overruns. Paths, Directories, and Files. PHP. Interesting Security Programming and Testing Tools. Other Online Resources.

13. Hacking Secure Code: Apache at Client Side.


What Is Client-Side Programming? General Client-Side Security Issues. JavaScript. VBScript.

V. ADVANCED APACHE.

14. Apache Under the Hood: Open Source and Security.


Security Contexts in Apache's Source Tree. Files That Deal with Passwords. Files That Deal with General Security. Key Apache C Source Files and What They Do. Include File Cross-Reference.

15. Apache/SSL.


What Is SSL? How Secure Is SSL? mod_ssl. What is Apache-SSL? Installing Apache-SSL. Certificate Authorities. Commercial SSL Packages.

16. Apache and Firewalls.


What Is a Firewall? Apache as a Proxy Server. Other Network Access Control Tools. tcpd: TCP Wrappers. IP Filtering in Windows. Proxy Tools That Work with Apache. Commercial Firewalls.

17. Apache and Ciphers.


What Is a Cipher? MD5. SSL. Other Ciphers.

18. Hacking Homegrown Apache Modules.


Your Process Model. mod_fortress: An Example. mod_auth_ip: Another Example. mod_random. mod_python. Module Development Considerations.

VI. APPENDIXES.

Appendix A. Apache Security-Related Modules and Directives.


. . . AccessFileName. AllowOverride. Anonymous. Anonymous_Authoritative. Anonymous_LogEmail. Anonymous_MustGiveEmail. Anonymous_NoUserID. Anonymous_VerifyEmail. AuthAuthoritative. AuthDBMAuthoritative. AuthDBMUserFile. AuthDBUserFile. AuthGroupFile. AuthLDAPAuthoritative. AuthName. AuthType. AuthUserFile. CookieExpires. CookieLog. CookieTracking. CustomLog. IdentityCheck. LimitRequestBody. LimitRequestFields. LimitRequestFieldsize. LimitRequestLine. LimitXMLRequestBody. LockFile. LogFormat. mod_access. mod_auth. mod_auth_anon. mod_auth_db. mod_auth_dbm. mod_auth_digest. mod_auth_ldap. mod_cgi. mod_cgid. mod_env. mod_include. mod_log_config. mod_suexec. mod_unique_id. mod_user_track. PassEnv. PidFile. ProxyBlock. ProxyDomain. ProxyReceiveBufferSize. ProxyRemote. ProxyRequests. ProxyVia. ServerAdmin. ServerAlias. ServerName. ServerPath. ServerRoot. ServerSignature. User. UserDir.

Appendix B. Apache Security Advisories and Bugs.


Apache Security Issues. Bug Report Structure. The Critical Listings.

Appendix C. Apache Security Resources.
Appendix D. Apache API Quick Reference.


Anatomy of an Apache Transaction. Configuration. Handlers. Resource Allocation. Apache API Constants.

Appendix E. Glossary.
Index.

Erscheint lt. Verlag 12.6.2002
Verlagsort Indianapolis
Sprache englisch
Maße 232 x 187 mm
Gewicht 1161 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
Mathematik / Informatik Informatik Web / Internet
ISBN-10 0-672-32380-X / 067232380X
ISBN-13 978-0-672-32380-5 / 9780672323805
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00