Book description
Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites. Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers:
Web technology--The technological underpinnings of the modern Internet and the cryptographic foundations of e-commerce are discussed, along with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key Infrastructure), and digital identification, including passwords, digital signatures, and biometrics.
Web privacy and security for users--Learn the real risks to user privacy, including cookies, log files, identity theft, spam, web logs, and web bugs, and the most common risk, users' own willingness to provide e-commerce sites with personal information. Hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs are also covered.
Web server security--Administrators and service providers discover how to secure their systems and web services. Topics include CGI, PHP, SSL certificates, law enforcement issues, and more.
Web content security--Zero in on web publishing issues for content providers, including intellectual property, copyright and trademark issues, P3P and privacy policies, digital payments, client-side digital signatures, code signing, pornography filtering and PICS, and other controls on web content.
Nearly double the size of the first edition, this completely updated volume is destined to be the definitive reference on Web security risks and the techniques and technologies you can use to protect your privacy, your organization, your system, and your network.
Table of contents
-
Web Security, Privacy & Commerce, 2nd Edition
- Preface
-
I. Web Technology
- 1. The Web Security Landscape
- 2. The Architecture of the World Wide Web
- 3. Cryptography Basics
- 4. Cryptography and the Web
- 5. Understanding SSL and TLS
- 6. Digital Identification I: Passwords, Biometrics, and Digital Signatures
-
7. Digital Identification II: Digital Certificates, CAs, and PKI
- Understanding Digital Certificates with PGP
- Certification Authorities: Third-Party Registrars
- Public Key Infrastructure
-
Open Policy Issues
- Private Keys Are Not People
- Distinguished Names Are Not People
- There Are Too Many Robert Smiths
- Today’s Digital Certificates Don’t Tell Enough
- X.509 v3 Does Not Allow Selective Disclosure
- Digital Certificates Allow for Easy Data Aggregation
- How Many CAs Does Society Need?
- How Do You Loan a Key?
- Why Do These Questions Matter?
- Brad Biddle on Digital Signatures and E-SIGN
-
II. Privacy and Security for Users
- 8. The Web’s War on Your Privacy
-
9. Privacy-Protecting Techniques
- Choosing a Good Service Provider
- Picking a Great Password
- Cleaning Up After Yourself
- Avoiding Spam and Junk Email
- Identity Theft
- 10. Privacy-Protecting Technologies
- 11. Backups and Antitheft
- 12. Mobile Code I: Plug-Ins, ActiveX,and Visual Basic
- 13. Mobile Code II: Java, JavaScript, Flash, and Shockwave
-
III. Web Server Security
-
14. Physical Security for Servers
- Planning for the Forgotten Threats
- Protecting Computer Hardware
- Protecting Your Data
- Personnel
- Story: A Failed Site Inspection
- 15. Host Security for Servers
- 16. Securing Web Applications
-
17. Deploying SSL Server Certificates
- Planning for Your SSL Server
- Creating SSL Servers with FreeBSD
- Installing an SSL Certificate on Microsoft IIS
- Obtaining a Certificate from a Commercial CA
- When Things Go Wrong
- 18. Securing Your Web Service
- 19. Computer Crime
-
14. Physical Security for Servers
-
IV. Security for Content Providers
-
20. Controlling Access to Your Web Content
- Access Control Strategies
-
Controlling Access with Apache
- Enforcing Access Control Restrictions with the .htaccess File
- Enforcing Access Control Restrictions with the Web Server’s Configuration File
- Commands Before the <Limit>. . . </Limit> Directive
- Commands Within the <Limit>. . . </Limit> Block
- <Limit> Examples
- Manually Setting Up Web Users and Passwords
- Advanced User Management
- Controlling Access with Microsoft IIS
- 21. Client-Side Digital Certificates
- 22. Code Signing and Microsoft’s Authenticode
- 23. Pornography, Filtering Software, and Censorship
- 24. Privacy Policies, Legislation, and P3P
- 25. Digital Payments
- 26. Intellectual Property and Actionable Content
-
20. Controlling Access to Your Web Content
-
V. Appendixes
-
A. Lessons from Vineyard.NET
- In the Beginning
-
Planning and Preparation
- Lesson: Whenever you are pulling wires, pull more than you need.
- Lesson: Pull all your wires in a star configuration, from a central point out to each room, rather than daisy-chained from room to room. Wire both your computers and your telephone networks as stars. It makes it much easier to expand or rewire in the future.
- Lesson: Use centrally located punch-down blocks for computer and telephone networks.
- Lesson: Don’t go overboard.
- Lesson: Plan your computer room carefully; you will have to live with its location for a long time.
- IP Connectivity
- Commercial Start-Up
-
Ongoing Operations
-
Security Concerns
- Lesson: Don’t run programs with a history of security problems.
- Lesson: Make frequent backups.
- Lesson: Limit logins to your servers.
- Lesson: Beware of TCP/IP spoofing.
- Lesson: Defeat packet sniffing.
- Lesson: Restrict logins.
- Lesson: Tighten up your system beyond manufacturer recommendations.
- Lesson: Remember, the “free” in “free software” refers to “freedom.”
- Phone Configuration and Billing Problems
-
Credit Cards and ACH
- Lesson: If you have the time to write it, custom software always works better than what you can get off the shelf.
- Lesson: Live credit card numbers are dangerous.
- Lesson: Encrypt sensitive information and be careful with your decryption keys.
- Lesson: Log everything, and have lots of reports.
- Lesson: Explore a variety of payment systems.
- Lesson: Make it easy for your customers to save you money.
- Lesson: Have a backup supplier.
- Monitoring Software
-
Security Concerns
- Redundancy and Wireless
- The Big Cash-Out
- Conclusion
- B. The SSL/TLS Protocol
- C. P3P: The Platform for Privacy Preferences Project
- D. The PICS Specification
-
E. References
- Electronic References
- Paper References
-
A. Lessons from Vineyard.NET
- Index
- About the Authors
- Colophon
Product information
- Title: Web Security, Privacy & Commerce, 2nd Edition
- Author(s):
- Release date: November 2001
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9780596000455
You might also like
book
Web Security and Commerce
Attacks on government Web sites, break-ins at Internet service providers, electronic credit card fraud, invasion of …
book
Information Assurance Handbook: Effective Computer Security and Risk Management Strategies
Best practices for protecting critical data and systems Information Assurance Handbook: Effective Computer Security and Risk …
book
Computer and Information Security Handbook, 3rd Edition
Computer and Information Security Handbook, Third Edition, provides the most current and complete reference on computer …
book
Design and Analysis of Security Protocol for Communication
The purpose of designing this book is to discuss and analyze security protocols available for communication. …