There’s a popular proverb among chess players: “A man surprised is half beaten.” A classic game of defense and offense, tactics and strategy–in which both analytical and intuitive thinking come into play and knowing your enemy is tantamount to winning–chess has many lessons for those who are responsible for network security. Chess player or system administrator, neither can afford to be caught with his guard down.
It’s surprising, then, that in the existing profusion of documentation for installing, configuring, and maintaining the Apache server–the dominant server in the world today–only a small fraction is dedicated to the complex subject of securing it. Ivan Ristic’s new book, “Apache Security” (O’Reilly), tackles the subject exhaustively, providing a valuable new resource for those charged with keeping their servers secure.
According to Ristic, the book aims to be a comprehensive resource for Apache security. “Ultimately, what I tried to do was create one book that contains all the information a person needs to secure an Apache-based system,” explains Ristic. “My goal was to write a book I could safely recommend to anyone who is about to deploy on Apache, so I would be confident they would succeed provided they followed the advice in the book. This book is the result of that effort.”
Written for system administrators, programmers, system architects, and web security professionals, “Apache Security” covers the full range of web security topics, with detailed recommendations for all aspects of securing both the 1.3 and 2.0 version of Apache. When read sequentially, the book examines how a secure system is built from the ground up, adding layer upon layer of security. However, since each chapter was written to cover a single subject in its entirety, readers can also go directly to specific issues that interest them. Topics in the book include:
-Installation and secure configuration of the server
-Prevention, recognition, and handling of denial of service and other types of attacks
-Infrastructural and architectural issues and their impact on overall security
-Shared web-hosting security issues
-Web application security
-How to assess the security of a web system
-Secure configuration and use of the PHP web-scripting language
-Logging facilities and strategies for catching and addressing security breaches
-Web intrusion detection and prevention
-The use of mod_security and other security-related modules
-Cryptography concepts, various authentication methods, and use of SSL/TLS
Although much of the book’s content is at the intermediate and advanced level, Ristic says that readers with previous Apache experience will have no trouble jumping to any part of the book straight away. “If you are completely new to Apache, you will probably need to spend a little time learning the basics first,” advises Ristic. The book does not assume any previous knowledge of security; security concepts relevant for discussion are introduced and described where necessary.
The book includes usage examples for a large number of timesaving tools to make the reader’s life easier, including several written by the author to automate daily administrative tasks, such as log monitoring, log analysis, and defending against denial of service attacks. Covering everything you need to defend your server, “Apache Security” ensures that you won’t be taken by surprise.
Early praise for “Apache Security”:
“In a time when security is more and more important, everyone running Apache needs this book. Ivan’s coverage will give you a broad understanding of the nasty things that can happen, as well as a practical knowledge of what you can do about it.” -Rich Bowen, author of “Apache Cookbook”
The author’s companion web site to the book:
Chapter 2, “Installation and Configuration,” is available online at:
For more information about the book, including table of contents, index, author bio, and samples, see:
For a cover graphic in JPEG format, go to:
ISBN: 0-596-00724-8, 396 pages, $34.95, £24.95, 31