Web Security Field Guide

To really understand Web security, you need to know how TCP/IP networks function, thoroughly understand the concept of network layering, and then fully grasp or as Heinlein would say "groc" the important details such as port numbers, etc., found in the IP and TCP headers. Kalman shows his understanding of these areas by starting off with a concise discussion of these valuable items. This form the basis for the later Chapters.To achieve computer security, you need a security policy. Kalman moves to this indespensible area next, covering the basics of this easy to understand, but difficult to implement, concept.Achieving Web Security means securing your WEB browsers, hardening your operating systems on your Web Servers, hardening your WEB servers, securing the dataflow between browser and server, and finally, taking care of the entire Web environment.Most writers seem to think that Web security is only about items such as hardening a WEB server, using something like the Microsoft LockDown tool for IIS. This book goes much farther; it follows the tried and true perscription noted above to generated a more secure Web environment.First off, for the Microsoft sites, a good discussion of the IEAK took for the Internet Explorer is found. Using this tool, you can completely customize your IE Web Browser. This will eliminate a number of hacks that many have faced in recent years. Very few books discuss IEAK.Of course, the issues involved in securing or hardening a web server are presented in good detail. Following that is a goodpresentation of the fundamentals of securing Microsoft servers, using the Microsoft Security Configuration toolkit follows. Many who use Microsoft do not use this valuable toolset. Kalman has done a good job explaining this valuable toolset so that a wider audience can benefit from using its many features.It also handles the tricky matters with the Certificate Server scenarios as well.I also like the coverage of Cisco ACL's and the PIX firewall. Most whom I have met have experienced great difficulty in setting up properly functioning ACLs for their Cisco border routers. And of course, properly setting up a PIX is as, if not more challenging than setting up router security. Kalman shows his breadth in the field by including these seldomly included topics in his Field Guide. After all this, Kalman pursues the day to day management issues that must be dealt with by those responsible for securing their environments.Every chapter has excellent material. It is not a book filled with fluff, but rather an excellent compendium of time proven techniques to provide better security. Securing a web environment is a challenging, time-consuming task, that must be done day after day. Kalman has written the exact kind of "Field Guide" to help novices and even experienced security personnel in many ways.If you are looking for a great guide that is both thorough and easy to read with many graphics, this book is for you. I think so muc