M11PM   Setting up and Maintaining a Secure Web Server 
Bryan Buus, XOR Network Engineering

Who should attend: Those interested in security concerns and implementation details with Apache or NCSA HTTP servers. The course is intended for people who have some knowledge of system administration. Some basic knowledge of Apache is useful, but not essential. Persons taking this class should not also take S6 (Setting up and Maintaining a Web Server), as there will be substantial overlap in materials.

This course will provide a solid overview of security concerns and implementation details in Apache and NCSA HTTP servers, with some coverage of Netscape servers. The course will describe user-and host-based access control as well as SSL (secure sockets layer) server configuration. In addition, several non-server specific security details will be covered.

The tutorial topics are:

	User-based Access Control
	Host-based Access Control
	SSL Server
	Verisign Key registration
	Setting up SSL in Apache Stronghold
	Setting up SSL in Netscape FastTrack/Enterprise
	SSL Digital IDs
	Pitfalls of SSL servers
	Securing data after it arrives
	Additional security concerns, not server specific    CGI security    Monitoring machines and HTTP servers    Using SSL/SSH telnet, S/key    Site maintenance security concerns    Network security