552Part IIIAdvanced Features and TechniquesFYI: Security Web SitesIf (Web hosting account)
552Part IIIAdvanced Features and TechniquesFYI: Security Web SitesIf you are losing sleep after reading this chapter, fear not. Every administrator and site designeraround the world is grappling with the same issues, and there is a strong feeling of solidarityamong computer security professionals. Many Web sites are devoted to computer security, and almost all of them contain full descriptions of recent security incidents and ways to pro- tect your system from duplicate attacks. Some are designed for security professionals, whereasothers have the cracker in mind. Either way, the information they provide is useful and oftenvery interesting. Begin your explorations by checking out these sites: .Computer Emergency Response Team(CERT)(www.cert.org/):CERT is one of themost popular repositories of official descriptions of security incidents. It publishesadvisories on all sorts of security issues, including very clear descriptions of the prob- lem, vulnerable systems, and possible solutions. .Security-focus.com(www.securityfocus.com/):Security-focus.com provides a greatdeal of information on all aspects of computer security, from the legal and political tothe technical. It also hosts the well-known security mailing list, BugTraq (which can befound under Forums). .Rootshell(http://rootshell.com/): Rootshell is a well-respected site that containsfairly technical descriptions of many, many security vulnerabilities, including detaileddescriptions of how to exploit the vulnerability, as well as instructions on removing thevulnerability. .Insecure.Org(http://insecure.org/):Insecure.Org is a fairly well-established sitethat is not afraid to make cracking tools available and to discuss the nitty-gritty detailsof many exploits. This site can be extremely useful if you want to try to break intoyour own site. .L0pht Heavy Industries(http://www.l0pht.com/index.html):L0pht is another on-the-edge site, run by people who crack into machines for a living. They are paid todo this in the hopes that they can find a vulnerability before someone with maliciousintent does, and they report what they ve done on this site and others. The site alsocontains lots of interesting opinions on its soapbox. SummaryFor any significant Web site, security is a crucial part of the site s implementation. You shouldtake extreme care to secure your server from attack and also be sure to protect your visitors private information from prying eyes. In a time of enormous growth for online businesses, publication of a story about a major security breach can destroy visitors confidence in yoursite, driving them to the competition and possibly leaving your site to evaporate as quickly asit appeared. In this chapter, we ve driven home three basic lessons: .Don t trust the network.Every byte of data that comes from the Internet should betreated as potentially hazardous. Be as restrictive as possible in defining the inputs youallow. Prefer the solution that lists the acceptable inputs to the one that lists the unac- ceptable inputs. Be sure that your Web server configuration does not allow clients toview your source code or to work around your access restrictions.
Note: If you are looking for best quality webspace to host and run your tomcat application check Vision shared web hosting services