There’s a popular proverb among chess players: “A man
surprised is half beaten.” A classic game of defense and offense, tactics
and strategy - in which both analytical and intuitive thinking come into
play and knowing your enemy is tantamount to winning - chess has many
lessons for those who are responsible for network security. Chess player
or system administrator, neither can afford to be caught with his guard
down.

It’s surprising, then, that in the existing profusion of documentation for
installing, configuring, and maintaining the Apache server - the dominant
server in the world today - only a small fraction is dedicated to the
complex subject of securing it. Ivan Ristic’s new book, Apache Security, tackles the subject exhaustively, providing a
valuable new resource for those charged with keeping their servers secure.

According to Ristic, the book aims to be a comprehensive resource for
Apache security. “Ultimately, what I tried to do was create one book that
contains all the information a person needs to secure an Apache-based
system,” explains Ristic. “My goal was to write a book I could safely
recommend to anyone who is about to deploy on Apache, so I would be
confident they would succeed provided they followed the advice in the
book. This book is the result of that effort.”

Written for system administrators, programmers, system architects, and Web
security professionals, Apache Security covers the full range of Web
security topics, with detailed recommendations for all aspects of securing
both the 1.3 and 2.0 version of Apache. When read sequentially, the book
examines how a secure system is built from the ground up, adding layer
upon layer of security. However, since each chapter was written to cover a
single subject in its entirety, readers can also go directly to specific
issues that interest them. Topics in the book include:

• Installation and secure configuration of the server

• Prevention, recognition, and handling of denial of service and other
  types of attacks

• Infrastructural and architectural issues and their impact on overall
  security

• Shared Web-hosting security issues
• Web application security
• How to assess the security of a Web system
• Secure configuration and use of the PHP Web-scripting language
• Logging facilities and strategies for catching and addressing security
  breaches

• Web intrusion detection and prevention
• The use of mod_security and other security-related modules
• Cryptography concepts, various authentication methods, and use of
  SSL/TLS

Although much of the book’s content is at the intermediate and advanced
level, Ristic says that readers with previous Apache experience will have
no trouble jumping to any part of the book straight away. “If you are
completely new to Apache, you will probably need to spend a little time
learning the basics first,” advises Ristic. The book does not assume any
previous knowledge of security; security concepts relevant for discussion
are introduced and described where necessary.

The book includes usage examples for a large number of timesaving tools to
make the reader’s life easier, including several written by the author to
automate daily administrative tasks, such as log monitoring, log analysis,
and defending against denial of service attacks. Covering everything you
need to defend your server, Apache Security ensures that you won’t be
taken by surprise.

Early praise for Apache Security:

“In a time when security is more and more important, everyone running
Apache needs this book. Ivan’s coverage will give you a broad
understanding of the nasty things that can happen, as well as a practical
knowledge of what you can do about it.”

-Rich Bowen, author of “Apache Cookbook”