[thelist] Hardening a webserver

thelist at cjmarsh.com thelist at cjmarsh.com
Mon Jan 17 16:47:38 CST 2005


Scott

[..]

> Concentrate on the app and work out from there. Set up 
> monitors to identify when things are not as they should be 
> (rate and number of transactions is a good thing to watch) so 
> that if it is compromised you can minimize the damage. 
> Understand the basic patterns of attacks and plan against them.
> 
> Do the research that will help prepare you to express your 
> needs clearly to security consultants ('cause all the 
> research in the world cannot make up for professional 
> experience) and to understand when your point is getting across.

If you've got a few quid spare, I can heartily recommend a combination
of "Innocent Code" by Sverre Huseby
(<http://www.amazon.co.uk/exec/obidos/ASIN/0470857447/qid=1106001731/ref
=sr_8_xs_ap_i1_xgl/202-4433640-7131035>) and "Hack Notes: Web Security"
by Mike Shema
(<http://www.amazon.co.uk/exec/obidos/ASIN/0072227842/qid%3D1106001883/2
02-4433640-7131035>). They won't cost you much, and should give you a
good insight between them on security basics.

Regards

Chris Marsh

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 16/01/2005
 



More information about the thelist mailing list