Authors: Tariq Azad.
Paperback, 528 pages
Publisher: Syngress
Publication Date: 2008-07-01


Reviews :

    Citrix Presentation Server allows remote users to work off a network server as if they weren't remote. That means: Incredibly fast access to data and applications for users, no third party VPN connection, and no latency issues. All of these features make Citrix Presentation Server a great tool for increasing access and productivity for remote users. Unfortunately, these same features make Citrix just as dangerous to the network it?s running on. By definition, Citrix is granting remote users direct access to corporate servers?..achieving this type of access is also the holy grail for malicious hackers. To compromise a server running Citrix Presentation Server, a hacker need not penetrate a heavily defended corporate or government server. They can simply compromise the far more vulnerable laptop, remote office, or home office of any computer connected to that server by Citrix Presentation Server.
All of this makes Citrix Presentation Server a high-value target for malicious hackers. And although it is a high-value target, Citrix Presentation Servers and remote workstations are often relatively easily hacked, because they are often times deployed by overworked system administrators who haven't even configured the most basic security features offered by Citrix. "The problem, in other words, isn't a lack of options for securing Citrix instances; the problem is that administrators aren't using them." (eWeek, October 2007). In support of this assertion Security researcher Petko D. Petkov, aka "pdp", said in an Oct. 4 posting that his recent testing of Citrix gateways led him to "tons" of "wide-open" Citrix instances, including 10 on government domains and four on military domains.

* The most comprehensive book published for system administrators providing step-by-step instructions for a secure Citrix Presentation Server.
* Special chapter by Security researcher Petko D. Petkov?aka "pdp detailing tactics used by malicious hackers to compromise Citrix Presentation Servers.
* Companion Web site contains custom Citrix scripts for administrators to install, configure, and troubleshoot Citrix Presentation Server....

Authors: Charlie Kaufman. Radia Perlman. Mike Speciner.
Hardcover, 752 pages
Publisher: Prentice Hall PTR
Publication Date: 2002-05-02
Edition: 2

Reviews :

    Authors with credentials from some of the top software and hardware companies explain the latest advances in computer network security protocol. For security managers, programmers, and graduate or advanced undergraduate students. ...

Authors: Jothy Rosenberg. David Remy.
Paperback, 408 pages
Publisher: Sams
Publication Date: 2004-05-22


Reviews :

    You know how to build Web service applications using XML, SOAP, and WSDL, but can you ensure that those applications are secure? Standards development groups such as OASIS and W3C have released several specifications designed to provide security - but how do you combine them in working applications?

"Securing Web Services with WS-Security" will help you take your Web services securely to production, with insight into the latest security standards including

- WS-Security, a model that defines how to put security specifications into practice
- XML Encryption to ensure confidentiality
- XML Signature to ensure data integrity
- Security Assertion Markup Language (SAML) to authenticate and authorize users
- WS-Policy to set policies across trust domains

Jothy Rosenberg and David Remy, both business, technology, and security visionaries, demystify these standards with practical examples including a fully developed case study application showing these tools at work. A pragmatic approach is taken showing which Web Services Security standards are needed when faced with a variety of security challenges. The authors understand that security remains one of the largest remaining impediments to deploying major Web services in business-critical situations. The goal of this book is to begin to remove those impediments by providing a detailed understanding of all the available security technologies and how and when to employ them....

Authors: Ragnar Benson.
Paperback, 152 pages
Publisher: Paladin Press
Publication Date: 1996-09


Reviews :

    Forget about using the old "dead-baby's birth-certificate" ruse to get new ID. Everyone's on to that trick. What you need is the know-how to make your own documents on a home computer. And by following the simple instructions in here, you can....

Authors: Russ Housley. Tim Polk.
Paperback, 352 pages
Publisher: Wiley
Publication Date: 2001-03-13
Edition: 1

Reviews :

    An in-depth technical guide on the security technology driving Internet e-commerce expansion.
"Planning for PKI" examines the number-one Internet security technology that will be widely adopted in the next two years. Written by two of the architects of the Internet PKI standards, this book provides authoritative technical guidance for network engineers, architects, and managers who need to implement the right PKI architecture for their organization. The authors discuss results and lessons learned from early PKI pilots, helping readers evaluate PKI deployment impact on current network architecture while avoiding the pitfalls of early technical mistakes. Four technical case studies detail the do's and don'ts of PKI implementation, illustrating both successes and failures of different deployments. Readers will also learn how to leverage future PKI-related technologies for additional benefits....

Authors: Kathy Rockel.
Paperback, 150 pages
Publisher: Lippincott Williams & Wilkins
Publication Date: 2005-08-01


Reviews :

    ...

Authors: Scott Oaks.
Paperback, 618 pages
Publisher: O'Reilly Media, Inc.
Publication Date: 2001-05-17
Edition: 2

Reviews :

    One of Java's most striking claims is that it provides a secure programming environment. Yet despite endless discussion, few people understand precisely what Java's claims mean and how it backs up those claims. If you're a developer, network administrator or anyone else who must understand or work with Java's security mechanisms, Java Security is the in-depth exploration you need. The new second edition focuses on the basic platform features of Java that provide security--the class loader, the bytecode verifier, and the security manager--and recent additions to Java that enhance this security model: digital signatures, security providers, and the access controller. The book covers the security model of Java 2, Version 1.3, which is significantly different from that of Java 1.1. It has extensive coverage of the two new security APIs: JAAS (Java Authentication and Authorization Service) and JSSE (Java Secure Sockets Extension). Java Security, 2nd Edition, will give you a clear understanding of the architecture of Java's security model and how to use that model in both programming and administration....

    Scott Oakes' Java Security is extraordinary both for its technical depth and its readability. It provides the Java programmer with a complete overview of the Java security architecture and security classes, plus a wealth of detailed information and code examples for specific implementations. The book opens with a clear discussion of what Java security is, how the various Java sandbox models work, and how Java applications and applets execute within the security model. The following chapters look in depth at the elements of the Java security architecture: language rules, class loaders, the security manager, the access controller, and permission objects. All these chapters provide detailed information on implementation, as well as an excellent explanation of the role of each feature within the entire security picture. The second half of the book covers cryptographic features in the Java security package (much enhanced in Java 1.2) and how Java programs work with code that performs authentication and encryption. Here, you'll find detailed chapters on message digests, keys and certificates, key management, digital signatures, and the Java Cryptography Extensions. Anyone who needs to understand Java security, but especially those who will implement security features in Java applications, will want to own this book....

Authors: Rich Bowen.
Hardcover, 160 pages
Publisher: Apress
Publication Date: 2006-02-08


Reviews :

   

Organizing websites is highly dynamic and often chaotic. Thus, it is crucial that host web servers manipulate URLs in order to cope with temporarily or permanently relocated resources, prevent attacks by automated worms, and control resource access.

The Apache mod_rewrite module has long inspired fits of joy because it offers an unparalleled toolset for manipulating URLs. The Definitive Guide to Apache mod_rewrite guides you through configuration and use of the module for a variety of purposes, including basic and conditional rewrites, access control, virtual host maintenance, and proxies.

This book was authored by Rich Bowen, noted Apache expert and Apache Software Foundation member, and draws on his years of experience administering, and regular speaking and writing about, the Apache server.

...

Authors:
Hardcover, 314 pages
Publisher: Springer
Publication Date: 2004-07-27
Edition: 1

Reviews :

   

Information Security Management, Education and Privacy

Edited by Yves Deswarte, Frédéric Cuppens, Sushil Jajodia, and Lingyu WangThis volume contains the papers presented at three workshops embedded in the 19th IFIP International Conference on Information Security (SEC2004), which was sponsored by the International Federation for Information Processing (IFIP) and held in August 2004 as a co-located conference of the 18th IFIP World Computer Congress in Toulouse, France.

The first workshop was organized by IFIP Working Group 11.1, which is itself dedicated to Information Security Management, i.e., not only to the practical implementation of new security technology issued from recent research and development, but also and mostly to the improvement of security practice in all organizations, from multinational corporations to small enterprises. Methods and techniques are developed to increase personal awareness and education in security, analyze and manage risks, identify security policies, evaluate and certify products, processes and systems.The second workshop was organized by IFIP Working Group 11.8, dedicated to Information Security Education. This year, the workshop was aimed at developing a first draft of an international doctorate program allowing a specialization in IT Security. The draft is based upon selected papers from individuals or groups (from academic, military and government organizations), and discussions at the workshop. This draft will be further refined and eventually published as an IFIP Report. Finally, the last workshop was organized by IFIP Working Group 11.4 on Network Security. The purpose of the workshop was to bring together privacy and anonymity experts from around the world to discuss recent advances and new perspectives on these topics that are increasingly important aspects in electronic services, especially in advanced distributed applications, such as m-commerce, agent-based systems, P2P, etc. The carefully selected papers gathered in this volume show the richness of the information security domain, as well as the liveliness of the working groups cooperating in the IFIP Technical Committee 11 on Security and Protection in Information Processing Systems.

Information Security Management, Education and Privacy is essential reading for scholars, researchers, and practitioners interested in keeping pace with the ever-growing field of information security.

...

Authors: Lazaro Issi Cohen. Joseph Issi Cohen.
Paperback, 1128 pages
Publisher: No Starch Press
Publication Date: 2004-09-05
Edition: 1st

Reviews :

    The complete web programmer's cross-reference.

HTML, CSS (Cascading Style Sheets), and JavaScript are the three basic web programming languages that web programmers use to build functional, attractive, and interactive web sites. HTML creates the text, images, and other content on a web page; CSS formats and positions those elements; and JavaScript adds interactivity to websites by responding to user choices. The Web Programmer's Desk Reference is the only book to serve as a single point of reference to all three primary web programming languages. It begins with a web programming primer that gives beginning and intermediate programmers an understanding of the core elements of HTML, CSS, and JavaScript, then moves on to a reference section that lists every element of HTML, CSS, and JavaScript. Each listing includes the latest syntax and functionality, compatibility with other elements, and cross-browser compatibility issues. Whether you are a professional web programmer, professional web designer, or a recreational webmaster with a dynamic web site, this will be the book that you use whenever you need to know how to use a particular HTML element, JavaScript object, or CSS style.

...