Press Release


Email. Email press release link

March 22, 2005

"Apache Security": The Complete Guide to Securing Your Apache Web Server

Sebastopol, CA--There's a popular proverb among chess players: "A man surprised is half beaten." A classic game of defense and offense, tactics and strategy--in which both analytical and intuitive thinking come into play and knowing your enemy is tantamount to winning--chess has many lessons for those who are responsible for network security. Chess player or system administrator, neither can afford to be caught with his guard down.

It's surprising, then, that in the existing profusion of documentation for installing, configuring, and maintaining the Apache server--the dominant server in the world today--only a small fraction is dedicated to the complex subject of securing it. Ivan Ristic's new book, Apache Security (O'Reilly, US $34.95), tackles the subject exhaustively, providing a valuable new resource for those charged with keeping their servers secure.

According to Ristic, the book aims to be a comprehensive resource for Apache security. "Ultimately, what I tried to do was create one book that contains all the information a person needs to secure an Apache-based system," explains Ristic. "My goal was to write a book I could safely recommend to anyone who is about to deploy on Apache, so I would be confident they would succeed provided they followed the advice in the book. This book is the result of that effort."

Written for system administrators, programmers, system architects, and web security professionals, Apache Security covers the full range of web security topics, with detailed recommendations for all aspects of securing both the 1.3 and 2.0 version of Apache. When read sequentially, the book examines how a secure system is built from the ground up, adding layer upon layer of security. However, since each chapter was written to cover a single subject in its entirety, readers can also go directly to specific issues that interest them. Topics in the book include:

  • Installation and secure configuration of the server
  • Prevention, recognition, and handling of denial of service and other types of attacks
  • Infrastructural and architectural issues and their impact on overall security
  • Shared web-hosting security issues
  • Web application security
  • How to assess the security of a web system
  • Secure configuration and use of the PHP web-scripting language
  • Logging facilities and strategies for catching and addressing security breaches
  • Web intrusion detection and prevention
  • The use of mod_security and other security-related modules
  • Cryptography concepts, various authentication methods, and use of SSL/TLS
  • Although much of the book's content is at the intermediate and advanced level, Ristic says that readers with previous Apache experience will have no trouble jumping to any part of the book straight away. "If you are completely new to Apache, you will probably need to spend a little time learning the basics first," advises Ristic. The book does not assume any previous knowledge of security; security concepts relevant for discussion are introduced and described where necessary.

    The book includes usage examples for a large number of timesaving tools to make the reader's life easier, including several written by the author to automate daily administrative tasks, such as log monitoring, log analysis, and defending against denial of service attacks. Covering everything you need to defend your server, Apache Security ensures that you won't be taken by surprise.

    Early praise for Apache Security:

    "In a time when security is more and more important, everyone running Apache needs this book. Ivan's coverage will give you a broad understanding of the nasty things that can happen, as well as a practical knowledge of what you can do about it."
    -Rich Bowen, author of Apache Cookbook

    Additional Resources:

    Apache Security
    Ivan Ristic
    ISBN: 0-596-00724-8, 396 pages, $34.95 US, $48.95 CA
    order@oreilly.com
    1-800-998-9938; 1-707-827-7000

    About O'Reilly

    O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

    Return to: O'Reilly Press Room

    Recent Press Releases


    10/7/14 O'Reilly and Cloudera Announce Expanded Partnership
    9/18/14 Databricks and O'Reilly Media Launch First Apache Spark Developer Certification Program
    8/4/14 O'Reilly Media Acquires Full Ownership of Safari Books Online
    2/26/14 Solid Heralds the Merging of the Physical and Virtual Worlds
    2/4/14 O'Reilly Media & Safari Books Online Donate Over $100 Million in Technology Education Resources to US K-12 Schools

    Press Release Archive »

    Resources

    Press Contacts

    Corporate

    Sara Winge
    800/998-9938 x7109

    Media Relations - North America

    Sara Peyton
    800/998-9938 x7118

    Media Relations - Germany

    Corina Pahrmann
    +49-221-973160-22

    Media Relations - Japan

    Kenji Watari
    +81-3-3356-5227

    Media Relations - United Kingdom

    Helen Coding
    +44 (0)1252-721284

    Media Relations - Conferences

    Maureen Jennings
    800/998-9938 x7083