The Nuts and Bolts of Internet Security.
This interactive workbook will get you started right away with real-world applications for Web server security and maintenance. Demand for these skills is sky-high, as businesses everywhere are moving toward e-commerce and full online presence.
Learn from the experts in easy, step-by-step lessons. Every section includes reviews to help you check your work and assess your progress at every stage, and practical labs to reinforce what you're learning as you go along. Administrating Web Servers, Security, and Maintenance helps you master:
Suitable for classroom use or self-paced learning, Administrating Web Servers, Security, and Maintenance is the fast, easy, certified way to master Web server administration and security.
About the Foundations of Web Site Architecture Series.
Endorsed by WOW, the World Organization of Webmasters, these fully interactive workbooks-and their companion websites at www.phptr.com/phptrinteractive —give you the core skills you need to manage content, business, and technology on the World Wide Web. They are building blocks in Prentice Hall's comprehensive curriculum for professional Webmaster certification.
The World Organization of Webmasters is a professional organization with thousands of members and affiliates worldwide. Started as a non-profit organization, WOW was created to enhance the role and position of those individual who create, manage, maintain and market Web sites. This support is provided through membership in WOW. For more information on becoming a member, please visit www.joinwow.org
Click here for a sample chapter for this book: 0130225347.pdf
From the Editor.
About the Authors.
I. WEB SERVER ADMINISTRATION.1. What Is a Web Server?
Client/Server Basics. Electronic Publishing. HTTP Overview. Other Web-Related Servers.2. Planning Your Server.
Hosting Your Site. Hosting Your Own Server. UNIX vs. NT. Sizing Your Server. Domain Names.3. Users and Documents.
Server Users and Directories. Server Administrators. Document Hierarchy. Directory Indexing. File and Directory Names. Transferring Files.4. Server Configuration.
Choosing Web Server Software. Customizing Your Web Server. Controlling Access. Secure Sockets Layer Configuration. Virtual Hosts.5. Server-Side Programming.
Dynamic Documents. CGI and Forms. Server-Side Includes. Active Server Pages. Servlets and Java Server Pages.6. Log Files.
Log File Formats. Referrers. Being Proactive. Statistics.7. Search Engines, Robots, and Automation.
Search Engines. Publicizing Your Site. Robots and Spiders. Automation.
II. WEB SECURITY.8. Introduction to Security.
Why We Need Security. Types of Attacks and Vulnerabilities. Security Resources. Security Basics.9. Network Security.
Networking Basics. Packet Sniffing. Other Network Vulnerabilities. Firewalls and Proxies.10. Web Server Security.
Host/OS Hardening. Who to Run a Web Server As. File Permissions and Ownership. Other Configuration Concerns.11. CGI Security.
Who to Run CGI As. Poor CGI Programming. Tainted CGI Variables. Buffer Overflows. Other CGI Risks.12. Web Client Security.
Encryption. Secure Socket Layer. Certificate Authorities. Access Control Lists.14. Intrusion Detection and Recovery.
Detecting an Attack. Recovering from an Attack.Appendix A: Answers to Self-Review Questions.
The goal of this book is to give you a solid understanding of what is going on behind the scenes of a Web site. We try to give you the tools and skills you need to start your own Web site and keep things running smoothly. This book is broken down into two parts: Web server administration and Web security. Although the book is written for new webmasters, there is plenty of information here to satisfy even seasoned Web veterans.
This book is an attempt to bridge the gap between textbook and reference manual. Reference manuals tend to be frustrating to new students unfamiliar with the content, and the typical textbook may not engage readers to try real-world exercises. This book is certainly not the definitive reference for all things server and security related, but it is a general overview of many technical skills required of a webmaster. Since there are so many different companies selling products related to Web servers and security, we try to stay as "platform neutral" as possible. We attempt to show you important basic techniques, not lots of small details. Most of the exercises can be done with freely available software. Even if you don't have a huge lab full of expensive equipment, the exercises will be useful.
This book can be used by anyone starting or administrating a Web site or anyone interested in computer security. Aspiring webmasters and managers alike will find plenty of information here to help you "talk the talk" and learn how to "walk the walk" of the webmaster.
The numerous exercises and questions are meant to help you learn by experimenting. The self-review questions are not meant to be a testgetting the wrong answers doesn't mean you fail. They are meant to make you think. Although most of the questions will have obvious answers made apparent from the reading, there are many trick questions, so think carefully about the questions and answers.
Although the exercises are not harmful, it is wise to save all of your work or have a backup before trying them. This is especially the case with the exercises dealing with Web security. Make every attempt to try them on a test machine or one of less importance and never on a production host critical to your business.
You should have a networked computer with access to the Internet. Access to a server (either Windows NT or UNIX) is most ideal. Many of the exercises require you to run commands and install software as the super-user or administrator. If it is not possible to have a dedicated machine to experiment with, that's OK, you should still be able to do most of the exercises. You might consider installing Linux (
http://www.redhat.com/ download/) on a PC if you don't currently have NT Server or a UNIX machine.
You should also install a web browser for viewing online documentation and examples.
In this book and the others in this series you are presented with a series of interactive labs. Each lab begins with learning objectives that define what exercises (or tasks) are covered in that lab. This is followed by an overview of the concepts that will be further explored through the exercises, which are the heart of each lab.
Each exercise consists of either a series of steps that you will follow to perform a specific task or a presentation of a particular scenario. Questions that are designed to help you discover the important things on your own are then asked of you. The answers to these questions are given at the end of the exercises, along with more in-depth discussion of the concepts explored.
At the end of each lab is a series of multiple-choice self-review questions, which are designed to bolster your learning experience by providing opportunities to check your absorption of important material. The answers to these questions appear in Appendix A. There are also additional self-review questions at this book's companion Web site, found at
Finally, at the end of each chapter you will find a "Test Your Thinking" section, which consists of a series of projects designed to solidify all the skills you have learned in the chapter. If you have completed all the labs successfully, you should be able to tackle these projects with few problems. There are not always answers to these projects, but where appropriate, you will find guidance and/or solutions at the companion Web site.
The final element of this book actually doesn't appear in the book at all. It is the companion Web site, and it is located at:
This companion Web site is closely integrated with the content of this book, and we encourage you to visit often. It is designed to provide a unique interactive online experience that will enhance your education. As mentioned, you will find guidance and solutions that will help you complete the projects found in the "Test Your Thinking" section of each chapter.
You will also find additional self-review questions for each chapter, which are meant to give you more opportunities to become familiar with terminology and concepts presented in the publications. In the Author's Corner, you will find additional information that we think will interest you, including updates to the information presented in these publications, and discussion about the constantly changing technology that webmasters must stay involved in.
Finally, you will find a Message Board, which you can think of as a virtual study lounge. Here, you can interact with other Foundations of Website Architecture Series readers, sharing and discussing your projects.
This publication and the others in the Foundations of Website Architecture series are endorsed by the World Organization of Webmasters. The series comprises a training curriculum designed to provide aspiring webmasters with the skills they need to perform in the marketplace. The skill sets included in the series were collected and defined by this international trade association to create a set of core competencies for students, professionals, trainers, and employers to utilize.
Chances are that you are a pioneer in the education field whether you want to be one or not. Due to the explosive nature of the Internet's growth, very few webmaster training programs are currently in existence. But while you read this, many colleges, community colleges, technical institutes, corporate, and commercial training environments will be introducing the material into curriculums worldwide.
Chances are, however, that you are instructing new material in a new program. But don't fret, this publication and series are designed as a comprehensive introductory curriculum in this field. Students completing this program of study successfully will be fully prepared to assume the responsibilities of a webmaster in the field or to engage in further training and certification in the Internet communications field.
Each chapter in the book is broken down into sections. All questions and projects have answers and discussions associated with them. The labs and question/answer formats used in the book provide excellent opportunities for group discussions and dialog among and between students, instructors, and each other. In addition, many answers and their discussions are abbreviated because of limitations of space. Any comments, ideas, or suggestions regarding this text or series will be greatly appreciated.
We hope you enjoy this book. If you would like to send us e-mail, drop us a note at
Eric and Brian
Eric Larson is currently a research engineer at Sun Microsystems in Burlington, Massachusetts. He is currently doing technical research and software development for Sun's Enterprise Services Division. When he's not experimenting with the latest Java technologies at Sun, he teaches several courses in the webmaster curriculum at Merrimack College.
Eric received a B.S. in computer science from Rensselaer Polytechnic Institute in Troy, New York. He has been working with Internet-related technologies for nearly ten years and has been doing WWW development since 1993. In addition to playing with the latest high-tech toys, Eric also enjoys traveling and writing, recording, and performing his own music.Brian Stephens currently works for Sun Microsystems, Inc. as a backline network support engineer. In addition to handling escalated network issues, he serves as a member of Sun Microsystems' CCC Security Team. When he is not troubleshooting TCP/IP-related problems for Sun, Brian teaches classes on Web security and internetworking at Merrimack College. Brian holds a B.S. in computer science from the University of Massachusetts, Amherst and has been working with computers all his life. In his free time, when not obsessed by computers, Brian enjoys driving fast and jumping out of perfectly good airplanes.