Home

Protecting Your Web Site with Firewalls

Issue 48

From Issue #48
April 1998

Apr 01, 1998  By Leam Hall
 in
The author provides good, basic information on what the security needs may be and how to balance cost of security against availability of services.

  • Author: Marcus Goncalves

  • Publisher: Prentice Hall PTR

  • URL: http://www.prenhall.com/

  • Price: $49 US

  • ISBN: 0-13-628207-5

  • Reviewer: Leam Hall

If you can configure a DNS nameserver on your coffee break, this book is not for you. However, if you need a platform-independent general overview of Internet/Intranet security issues, Mr. Goncalves uses a conversational tone and an abundance of resources to help you get a firm grasp of the basics.

There are many web sites that are unprotected and unsecured. This may be due to a system administrator who is over tasked and does not have enough research time, who is new to a particular operating system or who just does not know how important security is. The author provides good, basic information on what the security needs may be and how to balance cost of security against availability of services. Individual chapters give introductions to financial issues, strategies for different web site platforms and implementing services like conferencing, e-mail, FTP, NNTP and HTTP.

There is also plenty of material written in non-technical language. This can be very useful when trying to educate upper management on basic security issues and why they need to be funded. The whole book provides many information sites, including 77 pages of appendices giving resources for firewall products, web server products, authentication, password and other administrative tools. This may be the best part of the book, to help you quickly see what sort of material is available for your operating system.

There are a few things I did not like about the book. The editing and proofreading could have been better. I generally read too quickly to find spelling or grammatical errors, but I found some here. Also, several sections left me wondering what I was supposed to have learned. My most abundant gripe is the nondifferentiation between “hackers” and “crackers”. I consider myself a junior hacker, yet one of the most law abiding people I know. Hackers play with code and try to create; crackers intrude—hopefully the media will soon understand the difference. There is also the ubiquitous CD-ROM; this one contains an evaluation copy of an NT-based logging and reporting system. Nothing for the Unix/Linux crowd.

The book's target audience is those who need a very basic introduction with a lot of resources. It meets that market well, but most Linux Journal readers will be somewhat more advanced. For $49 US, get this book only if you are certain it meets your particular needs. Otherwise, do a lot of web surfing and find a book tailored to your specific operating system and level of expertise.

Leam Hall considers his wife and faith to be the cornerstones of his success. He stewards a Promise Keepers group, calls getting beat up “martial arts training” and considers Linux the mental tool of the sophisticate. Leadership mentoring and feeding Catbert are major daily tasks. He can be reached at gershom@spidernet.it.

______________________

Webcast
More Resources
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions