WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery

(ebook) (audiobook) (audiobook)

Autorzy:: Olly Connelly, Oliver W Connelly

+159 pkt

WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery Olly Connelly, Oliver W Connelly - okładka ebooka

Wydawnictwo:: Packt Publishing (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 408
Dostępne formaty:: PDF

ePub

Mobi

+159 pkt

Ebook

159,00 zł

Dodaj do koszyka lub Kup na prezent
Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

Najczęściej kupowane razem

The Definitive Guide to Power Query (M). Mastering complex data transformation with Power Query Gregory Deckler, Rick de Groot, Melissa de Korte, Brian Julius

Kubernetes. Tworzenie niezawodnych systemów rozproszonych. Wydanie III Brendan Burns, Joe Beda, Kelsey Hightower, Lachlan Evenson

Cena zestawu: 328,95 zł

Oszczędzasz: 58,05 zł ( 22% )

Dodaj do koszyka

Most likely ‚Äì today ‚Äì some hacker tried to crack your WordPress site, its data and content ‚Äì maybe once but, with automated tools, very likely dozens or hundreds of times. There's no silver bullet but if you want to cut the odds of a successful attack from practically inevitable to practically zero, read this book.

WordPress 3 Ultimate Security shows you how to hack your site before someone else does. You'll uncover its weaknesses before sealing them off, securing your content and your day-to-day local-to-remote editorial process. This is more than some 10 Tips ... guide. It's ultimate protection ‚Äì because that's what you need.

Survey your network, using the insight from this book to scan for and seal the holes before galvanizing the network with a rack of cool tools. Solid!

The WordPress platform is only as safe as the weakest network link, administrator discipline, and your security knowledge. We'll cover the bases, underpinning your working process from any location, containing content, locking down the platform, your web files, the database, and the server. With that done, your ongoing security is infinitely more manageable.

Covering deep-set security yet enjoyable to read, WordPress 3 Ultimate Security will multiply your understanding and fortify your site.

Wybrane bestsellery

O autorach ebooka

Olly Connelly was conceived in the Summer of Love and likes to think that he's the reincarnation of some dude who copped it after a Woodstock head-banger. Born in Windsor, England, he's no relation. Olly lives with Eugenia, just off a beach in Valencia, Spain. His background is broadcasting and satirical journalism and his experience includes serially annoying the BBC, Bloomberg, and MTV. Web-wise, Olly's a freelance content producer, web developer, and system administrator. His site vpsBible.com guides Linux newbies to set up and maintain their own unmanaged VPS boxes. At guvnr.com, meanwhile, he chats up the web and tries equally to demystify the complex. You can also catch @the_guv on the mighty T where he tweets tech 'n tonics. • vpsBible, Setup Unmanaged VPS 4 Linux Noobs! – http://vpsbible.com • guvnr.com, Make the web, make more of it – http://guvnr.com • on Twitter, Tech 'n tonics – http://twitter.com/the_guv • Olly Connelly, Pop by, say hi :) – ollybook@guvnr.com He likes kite-surfing, George Norey's CoasttoCoastam.com, ranting about (what's censored on) the news and, failing all that, a damn fine pint.

Ebooka "WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka "WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery" posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolnych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video "WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery" zobaczysz:

Oceny i opinie klientów: WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery Olly Connelly, Oliver W Connelly (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.

Szczegóły ebooka

Tytuł oryginału:: WordPress 3 Ultimate Security. WordPress is for everyone and so is this brilliant book on making your site impenetrable to hackers. This jargon-lite guide covers everything from stopping content scrapers to understanding disaster recovery.
ISBN Ebooka:: 978-18-495-1211-4, 9781849512114
Data wydania ebooka:: 2011-06-13 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
Język publikacji:: angielski
Rozmiar pliku Pdf:: 4.5MB
Rozmiar pliku ePub:: 5.3MB
Rozmiar pliku Mobi:: 8.1MB

Kategorie

Kliknij, aby zgłosić błędnie przypisaną kategorię »

Informatyka » Hardware » Inne

Spis treści ebooka

WordPress 3 Ultimate Security
- Table of Contents
- WordPress 3 Ultimate Security
- Credits
- About the Author
- Acknowledgement
- About the Reviewers
- www.PacktPub.com
  - Support files, eBooks, discount offers and more
    - Why Subscribe?
    - Free Access for Packt account holders
- Preface
  - What this book covers
  - What you need for this book
  - Who this book is for
  - Conventions
  - Reader feedback
  - Customer support
    - Downloading the example code
    - Errata
    - Piracy
    - Questions
- 1. So Whats the Risk?
  - Calculated risk
  - An overview of our risk
  - Meet the hackers
    - White hat
    - Black hat
      - Botnets
      - Cybercriminals
      - Hacktivists
      - Scrapers
      - Script kiddies
      - Spammers
      - Misfits
    - Grey hat
    - Hackers and crackers
  - Physically hacked off
  - Social engineering
    - Phone calls
    - Walk-ins
    - Enticing URLs
    - Phishing
    - Social networking (and so on)
    - Protecting against social engineering
  - Weighing up Windows, Linux, and Mac OS X
    - The deny-by-default permission model
    - The open source advantage
    - System security summary
  - Malwares dissected
    - Blended threats
    - Crimeware
    - Data loggers
      - At loggerheads with the loggers
    - Hoax virus
    - Rootkits
    - Spyware
    - Trojan horses
    - Viruses
    - Worms
    - Zero day
  - World wide worry
    - Old browser (and other app) versions
    - Unencrypted traffic
    - Dodgy sites, social engineering, and phish food
    - Infected public PCs
    - Sniffing out problems with wireless
    - Wireless hotspots
      - Evil twins
    - Ground zero
  - Overall risk to the site and server
    - Physical server vulnerabilities
    - Open ports with vulnerable services
    - Access and authentication issues
      - Buffer overflow attacks
      - Intercepting data with man-in-the-middle attacks
      - Cracking authentication with password attacks
      - The many dangers of cross-site scripting (XSS)
      - Assorted threats with cross-site request forgery (CSRF)
      - Accessible round-up
    - Lazy site and server administration
      - Vulnerable versions
      - Redundant files
      - Privilege escalation and jailbreak opportunities
      - Unchecked information leak
        
        Directory traversal attacks
    - Content theft, SEO pillaging, and spam defacement
      - Scraping and media hotlinking
      - Damn spam, rants, and heart attacks
  - Summary
- 2. Hack or Be Hacked
  - Introducing the hacker's methodology
    - Reconnaissance
    - Scanning
    - Gain access
    - Secure access
    - Cover tracks
  - Ethical hacking vs. doing time
  - The reconnaissance phase
    - What to look for
    - How to look for it
      - Google hacking
        
        Sites and links
        
        Finding files
        
        Keyword scanning
        
        Phone numbers
      - More on Google hacking
    - Scouting-assistive applications
    - Hacking Google hacking with SiteDigger
    - WHOIS whacking
  - Demystifying DNS
    - Resolving a web address
  - Domain name security
  - The scanning phase
    - Mapping out the network
      - Nmap: the Network Mapper
        
        Using ping sweeps to map out a network
        
        Checking for open ports on a network device
        
        Checking for vulnerable services on a network device
      - Secondary scanners
    - Scanning for server vulnerabilities
      - Nessus
        
        Creating policies with Nessus
        
        Assessing problems
      - OpenVAS
      - GFI Languard
      - Qualys
      - NeXpose and Metasploit
    - Scanning for web vulnerabilities
      - Wikto
      - Paros Proxy
      - HackerTarget
      - Alternative tools
    - Hack packs
  - Summary
- 3. Securing the Local Box
  - Breaking Windows: considering alternatives
  - Windows security services
    - Security or Action Center
    - Windows Firewall
    - Windows Update
    - Internet Options
    - Windows Defender
    - User Account Control
      - Configuring UAC in Vista
      - Configuring UAC in Windows 7
      - Disabling UAC at the registry (Vista and 7)
      - UAC problems with Vista Home and Premium
  - Proactive about anti-malware
    - The reactionary old guard: detection
      - Regular antivirus scanners
        
        Signature-based
        
        Heuristics-based
    - The proactive new guard: prevention
      - HIPS and behavior scanning
      - HIPS vs behavior scanners
      - Sandbox isolation
  - The almost perfect anti-malware solution
    - Comodo Internet Security (CIS)
      - Comodo Firewall
      - Comodo Antivirus
        
        Scanning by signature
        
        Scanning by heuristics
      - Comodo Defense+ (HIPS) and sandbox
    - Pick 'n mix anti-malware modules
    - Firewall with ZoneAlarm
    - Antivirus with Avira AntiVir
    - HIPS + sandbox + firewall with DefenseWall
    - Behavior scanning with ThreatFire
      - Updating ThreatFire
      - Sensitivity Level
      - System Activity Monitor
    - Multiple sandboxes with Sandboxie
    - Advanced sandboxing (and more) with virtual machines
    - Rootkit detection with GMER and RootRepeal
    - Malware cleaning with Malwarebytes
    - Anti-malware product summary
    - Prevention models and user commitment
  - Windows user accounts
    - XP user accounts
    - Vista and Windows 7 user accounts
  - Managing passwords and sensitive data
    - Proper passphrase policy
    - Password and data managers
      - Web browser data managers
      - Future-proofed data management
      - Why LastPass?
      - Setting up LastPass
        
        Installing LastPass
        
        Using LastPass
        
        Bolstering LastPass security
        
        LastPass multi-factor authentication
        
        Virtual keyboard
        
        One time passwords
        
        Grid system
        
        YubiKey support
        
        Sesame authentication
      - Passed out? That's it!
  - Securing data and backup solutions
    - Have separate data drives
    - Encrypting hard drives
    - Automated incremental backup
    - Registry backup
  - Programming a safer system
    - Patching the system and programs
    - Binning unwanted software
    - Disabling clutter and risky Windows services
    - Disabling XP's Simple File Sharing
  - Summary
- 4. Surf Safe
  - Look (out), no wires
    - Alt: physical cable connection
    - The wireless management utility
    - Securing wireless
      - Router password
      - Changing the SSID
      - Hiding the SSID
      - WEP vs. WPA vs. WPA2
      - WPA2 with AES
      - AES vs. TKIP
    - Wireless authentication key
    - Optional: MAC address filtering
    - Summing up wireless
  - Network security re-routed
    - Swapping firmware
  - Using public computers it can be done
    - Booting a Preinstalled Environment (PE)
    - Secure your browsing
    - Online applications
    - Portable applications
    - Advanced data management and authentication
    - Covering your tracks
    - Checking external media
  - Hotspotting Wi-Fi
    - Hardening the firewall
    - Quit sharing
    - Disabling automatic network detection
    - Alternative document storage
    - Encrypted tunnelling with a Virtual Private Network
  - E-mailing clients and webmail
    - Remote webmail clients (and other web applications)
      - Encrypted webmail
      - Checking your encryption type
      - Better webmail solutions
      - Logging out
    - Local software clients
      - Keeping the client updated
      - Instant scanning
      - Sandboxing clients
    - Local and remote clients
      - Plain text or HTML
      - E-mail encryption and digital signatures with PGP
        
        Encrypting attachments with compression utilities
      - Your e-mail addresses
      - Don't become phish food
      - Beware of spoof addresses
    - Damn spam
      - SpamAssassin Trainer
  - Browsers, don't lose your trousers
    - Latest versions
    - Internet Explorer (IE)
    - Isolating older browsers
    - Browsers and security
    - Chrome's USPs (for good and very bad)
    - Chrome outfoxed
    - Firefox security settings
      - The password manager
    - Extending security
      - Ad and cookie cullers
        
        AdBlock Plus *
        
        Beef Taco *
        
        BetterPrivacy *
        
        Ghostery
        
        Ad Hacker
      - FEBE *
      - LastPass *
      - Locationbar2
      - Lock The Text
      - Anti-scripting attacks
        
        NoScript *
        
        RequestPolicy
      - SSL certificate checks
        
        Certificate Patrol *
        
        Perspectives *
      - Web of Trust (WOT) *
  - Anonymous browsing
    - Locally private browsing
    - Online private browsing
      - Anonymous proxy server
      - Chained proxies
      - SSL proxies and Virtual Private Networks (VPNs)
      - Corporate and private VPNs
      - Private SOCKS proxy with SSH
  - Networking, friending, and info leak
    - Third party apps and short links
  - Summary
- 5. Login Lock-Down
  - Sizing up connection options
    - Protocol soup
  - WordPress administration with SSL
    - SSL for shared hosts
      - Shared, server-wide certificates
        
        Letting WordPress know
        
        Logging in
      - Dedicated, domain-specific certificates
        
        Dedicated IP
        
        Obtaining signed certificates
        
        Setting up a signed certificate
    - SSL for VPS and dedicated servers
      - Creating a self-signed certificate
        
        Generating the files
        
        Required Apache modules
        
        Configuring the virtual host file
        
        Alerting WordPress and activating SSL
      - Using a signed certificate
    - Testing SSL and insecure pages
    - SSL reference
  - SSL and login plugins
  - Locking down indirect access
    - Server login
      - Hushing it up with SSH
      - Shared hosting SSH request
      - Setting up the terminal locally
        
        Linux or Mac locally
        
        Windows locally
        
        Setting up Tunnelier
      - Securing the terminal
        
        Creating keys: Linux or Mac locally
        
        Creating keys: Windows locally
        
        Uploading keys
        
        Using keys from multiple machines
    - SFTP not FTP
      - SFTP from the command line
      - SFTP using S/FTP clients
      - Connecting up a client
    - phpMyAdmin login
      - Safer database administration
    - Control panel login
  - Apache modules
    - IP deny with mod_access
      - What is my IP?
      - IP spoofing
    - Password protect directories
      - cPanel's Password Protect Directories
    - Authentication with mod_auth
      - The htaccess file
        
        A quick shout out to htaccess, bless
      - The passwd file
      - Creating and editing password files
      - Creating group membership
      - Basically, it's basic
    - Better passwords with mod_auth_digest
      - Easily digestible groups
    - More authentication methods
      - mod_auth_db and mod_auth_dbm
      - mod_auth_mysql
      - mod_auth_pg95
    - Yet more authentication methods
  - Summary
- 6. 10 Must-Do WordPress Tasks
  - Locking it down
  - Backing up the lot
    - Prioritizing backup
    - Full, incremental and differential
    - How and where to backup
      - Backing up db + files on the web server
      - Backing up db + files by your web host
      - Backing up db to (web)mail
      - Backing up db and/or files to cloud storage
        
        SMEStorage Multi-Cloud WordPress Backup
        
        Automatic WordPress Backup
        
        Updraft
        
        BackWPup
        
        VaultPress
        
        Un-clouding the issue
      - Backing up files for local Windows users
        
        Installing Cobian as a service
        
        Setting up Tunnelier's FTP-to-SFTP bridge
        
        Setting up the bridge
        
        Saving your profile
        
        Creating the batch files
        
        Testing your batch files
        
        Setting up your first Cobian Backup task
        
        Hooking Tunnelier into Cobian
        
        Opening the bridge
        
        Testing the ruddy thing
      - Backing up a database to local machines
        
        Dumping the data from a database
        
        Cron the script
        
        Grabbing the data dump for Windows locally
        
        Flushing the dump
      - Files and db backup for local Mac 'n Linux users
        
        Full backup to local
        
        Full backup remote to remote
        
        Incremental backups to local
        
        Incremental remote-to-remote
      - Backing up backup!
  - Updating shrewdly
    - Think, research, update
    - Dry run updates
    - Updating plugins, widgets and other code
    - The new update panel
  - Neutering the admin account
    - The problem with admin
    - Deleting admin
    - OK, don't delete admin!
    - Creating privileged accounts
      - Private account names and nicknames
      - Least privilege users
      - Custom roles
    - Denying subscriptions
  - Correcting permissions creep
    - Pruning permissions at the terminal
    - Restyling perms with a control panel
    - 777 permissions
    - wp-config.php permissions
  - Hiding the WordPress version
    - Binning the readme
    - Cloaking the login page and the version
    - Silver bullets won't fly
  - Nuking the wp_ tables prefix
    - Backing up the database
    - Automated prefix change
      - Manual prefix change
    - Installing WordPress afresh
  - Setting up secret keys
  - Denying access to wp-config.php
  - Hardening wp-content and wp-includes
    - Extra rules for wp-include's htaccess
    - Extra rules for wp-content's htaccess
  - Summary
- 7. Galvanizing WordPress
  - Fast installs with Fantastico ... but is it?
  - Considering a local development server
    - Using a virtual machine
  - Added protection for wp-config.php
    - Moving wp-config.php above the WordPress root
      - Less value for non-root installations
  - WordPress security by ultimate obscurity
    - Just get on with it
    - Introducing remove_actions
      - Blog client references
      - Feed references
      - Relational links
    - Linking relationships thingy
    - Stylesheet location
    - Renaming and migrating wp-content
    - The problem with plugins
    - The other problem with plugins
    - Yet another problem with those pesky plugins
    - Default jQuery files
    - Themes and things
    - "Just another WordPress blog"
    - Ultimate security by obscurity: worth it?
  - Revisiting the htaccess file
    - Blocking comment spam
    - Limiting file upload size
    - Hotlink protection
    - Protecting files
    - Hiding the server signature
    - Protecting the htaccess file
      - Hiding htaccess files
      - Ensuring correct permissions
      - Adding a deny rule
  - Good bot, bad bot
    - Bot what?
    - Good bot
    - Bad bot
      - Bots blitzkrieg
    - Snaring the bots
      - Short circuiting bots with htaccess
      - Bots to trot
        
        The Perishable Press 4G Blacklist
      - Honey pots
        
        Project Honey Pot
        
        CloudFlare
        
        Bad Behavior
        
        Perishable Press Blackhole for bad bots
  - Setting up an antimalware suite
    - Firewall
    - AntiVirus
  - More login safeguards
    - Limit Login Attempts
    - Scuttle log-in errors
  - Concerning code
    - Deleting redundant code
    - Scrutinize widgets, plugins and third party code
    - Ditto for themes
    - Running malware scans and checking compatibility
    - Routing rogue plugins
  - Hiding your files
  - Summary
- 8. Containing Content
  - Abused, fair use and user-friendly
    - Scraping and swearing
      - The problem with scrapers
    - Fair play to fair use
      - Extending knowledge, generally with non-commercial intent
      - The public interest
      - The amount and value of the extracted material
      - The effect on the current and future worth of the original content
  - Illegality vs. benefit
  - A nice problem to have (or better still to manage)
  - Sharing and collaboration
    - Sack lawyers, employ creative commons
    - Site and feed licensing
  - Protecting content
  - Pre-emptive defense
    - Backlink bar none
      - Tweaking the title
      - Linking lead content
      - Reasserting with reference
    - Binning the bots
    - Coining a copyright notice
    - Fielding your feeds
      - Adding a digi-print footer
      - Showing only summaries
    - Preventing media hotlinks
    - Refusing right-clicks
    - Watermarking your media
  - Reactive response
    - Seeking out scrapers
      - Investigating the Dashboard
        
        Incoming links
        
        Trackbacks
      - Investigating the site and server log
      - Online investigation
        
        Searching with Google
        
        Don't bother with Google Blogs
        
        Using Google Alerts
        
        Copyscape
        
        Feedburner's Uncommon Uses
        
        Plagium
        
        TinEye
      - Pinpointing scrapers
        
        Run a WHOIS search
  - Tackling offenders
    - The cordial approach
    - The DMCA approach
    - The jugular approach
    - The legal approach
      - Finding the abuse department
  - Summary
- 9. Serving Up Security
  - .com blogs vs .org sites
  - Host type analysis
    - Choices choices ...
    - Querying support and community
    - Questions to ask hosting providers
  - Control panels and terminals
    - Safe server access
    - Understanding the terminal
      - Elevating to superuser permissions
    - Setting up a panel
  - Managing unmanaged with Webmin
    - Installing Webmin
    - Securing Webmin
  - Users, permissions, and dangers
    - Files and users
    - Ownership and permissions
      - Translating symbolic to octal notation
      - Using change mode to modify permissions
        
        WordPress permissions
        
        Permissions case study: super-tight wp-config.php
      - Using change owner to modify ownership
        
        Owning your files
  - Sniffing out dangerous permissions
    - Suspect hidden files and directories
    - Protecting world-writable files
    - Scrutinising SUID and SGID files (aka SxID files)
      - Keeping track of changes with SXID
      - Cronning SXID
  - System users
    - Shared human accounts
    - Administrative accounts
    - Deleting user accounts
    - Home directory permissions
    - User access
    - Non-human accounts
  - Repositories, packages, and integrity
    - Verifying genuine software
      - MD5 checksums
      - GnuPG cryptographic signatures
  - Tracking suspect activity with logs
    - Reading the Common Log Format (CLF)
      - What visitor
      - What file
      - From where
      - What client
    - Exercising the logged data
      - Chicken and egg with logging plugins
      - Legwork for access logs
    - Logs and hosting types
      - Checking the authorization log
    - Securing and parsing logs
      - Enabling logs
      - Dynamic logs
      - Off-site logging
      - Log permissions
  - Summary
- 10. Solidifying Unmanaged
  - Hardening the Secure Shell
    - Protocol 2
    - Port 22
    - PermitRootLogin yes
    - PasswordAuthentication yes
    - AllowUsers USERNAME
    - Reloading SSH
  - chrooted SFTP access with OpenSSH
    - Binning the FTP service and firewalling the port
    - Providing a secure workspace
    - Deleting users safely
  - PHP's .ini mini guide
    - Locating your configuration options
    - Making .ini a meany
      - open_basedir
  - Patching PHP with Suhosin
    - Installing Suhosin
  - Isolating risk with SuPHP
    - Installing SuPHP
    - Alternatives to SuPHP
  - Containing MySQL databases
    - Checking for empty passwords
    - Deleting the test database
    - Remote db connections with an SSH tunnel
  - phpMyAdmin: friend or foe?
    - Did we mention backup?
  - Bricking up the doors
    - Ports 101
  - Fired up on firewalls
    - Bog-standard iptables firewall
      - Adding the firewall to the network
      - Quitting superuser
      - Reference for iptables
  - Enhancing usability with CSF
    - Installing CSF
    - CSF as a control panel module
    - Setting up the firewall
    - Error on stopping the firewall
    - CSF from the command line
    - Using CSF to scan for system vulnerabilities
  - Service or disservice?
    - Researching services with Netstat
    - Preparing to remove services
    - Researching services
    - inetd and xinetd super-servers
    - Service watch
    - Disabling services using a service manager
      - Using sysv-rc-conf
    - Deleting unsafe services with harden-servers
    - Closing the port
  - Gatekeeping with TCP wrappers
  - Stockier network stack
  - Summary
- 11. Defense in Depth
  - Hardening the kernel with grsecurity
    - Growling quietly with greater security
      - Controlling user access with RBAC
        
        Second-tier access control
        
        Training the RBAC system with Gradm
      - Memory protection with PaX
      - The multi-layered protection model
      - Debian grsecurity from repositories
      - Compiling grsecurity into a kernel
        
        Matching the kernel and grsecurity packages
        
        Exporting the version numbers
        
        Verifying the package downloads
        
        Patching the kernel
        
        Xen VPS configuration part 1
        
        Configuring the kernel
        
        grsecurity levels
        
        Kernel level chroot hardening
        
        Properly implemented?
        
        grsecurity and chroot
        
        Using Sysctl support to maximize security settings
        
        Options galore
        
        The kernel executable
        
        Xen VPS configuration part 2
        
        Booting and checking the kernel
        
        Installing Gradm
  - Integrity, logs, and alerts with OSSEC
    - Obtaining and verifying the source
    - The installation process
      - What kind of installation (server, agent, local, or help)?
      - Choosing where to install the OSSEC HIDS [/var/ossec]
      - Configuring the OSSEC HIDS
      - Do you want to add more IPs to the white list?
      - Setting the configuration to analyze the following logs
  - Using OSSEC
  - Updating OSSEC
  - Easing analysis with a GUI
    - OSSEC-WUI
    - Splunk
  - Slamming backdoors and rootkits
  - (D)DoS protection with mod_evasive
  - Sniffing out malformed packets with Snort
    - Installing the packages
      - Snort's installation options
        
        Specifying the network
        
        Point to the database
      - Ruby on Rails dependencies
    - Creating the web interface
      - Creating a sub-domain using an A record
      - Setting up the virtual host file
    - Creating the database
    - Deploying Ruby on Rails with Passenger
    - Enabling everything
    - Browsing to Snorby
    - Hacking yourself
    - Configuring the network
    - Updating Snort's rule-base
      - Sourcefire Vulnerability Research Team (VRT)
      - Emerging Threats
  - Firewalling the web with ModSecurity
    - Installing mod-security, the Apache module
    - Applying a ruleset
      - Enabling CRS and logging
      - Tuning your ruleset
      - Rulesets and WordPress
      - Updating rulesets
    - ModSecurity resources
  - Summary
- A. Plugins for Paranoia
  - Anti-malware
  - Backup
  - Content
  - Login
  - Spam
  - SSL
  - Users
- B. Don't Panic! Disaster Recovery
  - Diagnosis vs. downtime
  - Securing your users
    - Considering maintenance mode
      - Using a plugin
      - Using a rewrite rule
  - Local problems
  - Server and file problems
  - WordPress problems
    - Incompatible plugins
    - Injected plugins
    - Widgets, third party code and theme problems
    - Fun 'n' frolics with files
      - Scrutinizing file changes
      - Remote file comparison
      - Local file comparison
    - Deep file scanning
  - Verifying uploads and shared areas
  - Checking htaccess files
  - Pruning hidden users
  - Reinstalling WordPress
    - Some provisos
    - Upload WordPress and plugins
    - Importing a database backup
    - Editing wp-config-sample.php
    - Setting least privileges
    - Sending the clean platform live
    - Changing your passwords
    - Checking your search engine results pages
    - Revisiting WordPress security
- C. Security Policy
  - Security policy for somesite.com
    - Aim
    - Goals
      - Somesite.com
      - Personal Computers
      - Server
    - Roles and responsibilities
      - Security Manager (SM)
      - System Administrator
      - Site Administrator
      - Site Editors
      - Other roles
    - Network assets
      - PCs and media
      - Routing gear
      - Server
    - Website assets
      - Backup
      - Code updates
      - Database
      - Domain
    - Further policy considerations
- D. Essential Reference
  - WordPress 3 Ultimate Security
  - Bloggers and zines
    - 2600: The Hacker Quarterly
    - CGISecurity
    - Darknet
    - Dark Reading
    - ha.ckers
    - KrebsonSecurity
    - Jeremiah Grossman
    - Phrack Magazine
  - Forums
    - hack in the box
    - sla.ckers
    - WindowSecurity
  - Hacking education
    - Go Hacking
    - HackThisSite
    - Hellbound Hackers
    - OWASP WebGoat Project
    - We Chall
    - YouTube
  - Linux
    - Linux Online
    - Linux Journal
    - YoLinux
  - Macs and Windows
    - Apple Product Security
    - Microsoft Security
  - Organizations
    - OWASP
    - SANS
    - SecurityFocus
    - WASC
    - Wikipedia
  - Penetration testing
    - ISECOM's OSSTM
    - OWASP Testing Guide
  - Server-side core documents
    - Apache HTTP Server Version 2.2 Documentation
    - Apache: Module Index
    - MySQL: Security
    - PHP: Security
  - Toolkits
    - SecTools.Org
    - TREACHERY UNLIMITED
    - WASC Web Application Security Scanner List
  - Web browsers
    - Chrome
    - Firefox
    - Internet Explorer
    - Opera
    - Safari
    - Browser Security Handbook
  - WordPress
    - Forums
    - .com support
    - Codex
    - News
    - Planet
    - Development updates
    - Trac
    - Reporting Bugs
    - Security issues
    - Plugin Repository Trac
    - Plugins and themes
    - Plugins and themes source
    - Kvetch!
    - IRC
  - Mailing lists
  - Non-official support
    - LinkedIn WordPress group
    - WordPress forums
    - WordPress Tavern
- Index

pokaż cały spis treści

Packt Publishing - inne książki

Mastering Data transformation is essential for enhancing their data models and business intelligence. The Definitive Guide to Power Query equips you with the knowledge and skills to master the tool while leveraging its remarkable capabilities.
- PDF + Epub + Mobi
The Definitive Guide to Power Query (M). Mastering complex data transformation with Power Query

Gregory Deckler, Rick de Groot, Melissa de Korte, Brian Julius

159.00 zł