Web Security, Privacy & Commerce. 2nd Edition

Autorzy:: Simson Garfinkel, Gene Spafford

Web Security, Privacy & Commerce. 2nd Edition Simson Garfinkel, Gene Spafford - okladka książki

Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 788
Dostępne formaty:: ePub

Mobi

Ebook 143,65 zł najniższa cena z 30 dni

~~179,00 zł~~ (-15%)
152,15 zł

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

143,65 zł najniższa cena z 30 dni

Przenieś na półkę

Do przechowalni

Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites.Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers:

Web technology--The technological underpinnings of the modern Internet and the cryptographic foundations of e-commerce are discussed, along with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key Infrastructure), and digital identification, including passwords, digital signatures, and biometrics.
Web privacy and security for users--Learn the real risks to user privacy, including cookies, log files, identity theft, spam, web logs, and web bugs, and the most common risk, users' own willingness to provide e-commerce sites with personal information. Hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs are also covered.
Web server security--Administrators and service providers discover how to secure their systems and web services. Topics include CGI, PHP, SSL certificates, law enforcement issues, and more.
Web content security--Zero in on web publishing issues for content providers, including intellectual property, copyright and trademark issues, P3P and privacy policies, digital payments, client-side digital signatures, code signing, pornography filtering and PICS, and other controls on web content.

Nearly double the size of the first edition, this completely updated volume is destined to be the definitive reference on Web security risks and the techniques and technologies you can use to protect your privacy, your organization, your system, and your network.

Wybrane bestsellery

Ebooka "Web Security, Privacy & Commerce. 2nd Edition" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka "Web Security, Privacy & Commerce. 2nd Edition" posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolonych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video "Web Security, Privacy & Commerce. 2nd Edition" zobaczysz:

Oceny i opinie klientów: Web Security, Privacy & Commerce. 2nd Edition Simson Garfinkel, Gene Spafford (0)

Szczegóły książki

ISBN Ebooka:: 978-14-493-0524-6, 9781449305246
Data wydania ebooka :: 2001-11-15 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
Język publikacji:: angielski
Rozmiar pliku ePub:: 6.8MB
Rozmiar pliku Mobi:: 15.2MB

Zgłoś erratę

Kategorie

Kliknij, aby zgłosić błędnie przypisaną kategorię »

Informatyka » Hacking
Informatyka » Start-up
Informatyka » Hacking » Bezpieczeństwo systemów
Informatyka » Hacking » Inne
Informatyka » Hacking » Bezpieczeństwo WWW
Informatyka » Hacking » Bezpieczeństwo sieci
Informatyka » Biznes IT » E-biznes

Spis treści książki

Web Security, Privacy & Commerce, 2nd Edition
- Preface
  - Web Security: Is Our Luck Running Out?
    - Beyond the Point of No Return
    - Building in Security
  - About This Book
    - Organization of This Book
    - What You Should Know
    - Web Software Covered by This Book
  - Conventions Used in This Book
  - Comments and Questions
  - History and Acknowledgments
    - Second Edition
    - First Edition
- I. Web Technology
  - 1. The Web Security Landscape
    - The Web Security Problem
      - Securing the Web Server
        
        Simplification of services
        
        Policing copyright
      - Securing Information in Transit
      - Securing the Users Computer
    - Risk Analysis and Best Practices
  - 2. The Architecture of the World Wide Web
    - History and Terminology
      - Building the Internet
        
        Packets and postcards
        
        Protocols
        
        Hosts, gateways, and firewalls
        
        The client/server model
      - Weaving the Web
    - A Packets Tour of the Web
      - Booting Up Your PC
      - PC to LAN to Internet
        
        Dialing up the Internet
        
        Connected by LAN
        
        The Walden Network
      - The Domain Name Service
        
        How DNS works
      - Engaging the Web
    - Who Owns the Internet?
      - Your Local Internet Service Provider
      - Network Access Points and Metropolitan Area Exchanges
        
        Peering
        
        Transit
      - The Root and Top-Level Nameservers
        
        Who runs the root?
        
        An example
      - The Domain Registrars
      - Internet Number Registries
      - The Internet Corporation for Assigned Names and Numbers
  - 3. Cryptography Basics
    - Understanding Cryptography
      - Roots of Cryptography
      - Cryptography as a Dual-Use Technology
      - A Cryptographic Example
      - Cryptographic Algorithms and Functions
    - Symmetric Key Algorithms
      - Cryptographic Strength of Symmetric Algorithms
      - Key Length with Symmetric Key Algorithms
      - Common Symmetric Key Algorithms
      - Attacks on Symmetric Encryption Algorithms
        
        Key search (brute force) attacks
        
        Cryptanalysis
        
        Systems-based attacks
    - Public Key Algorithms
      - Uses of Public Key Encryption
        
        Encrypted messaging
        
        Digital signatures
      - Attacks on Public Key Algorithms
        
        Key search attacks
        
        Analytic attacks
        
        Known versus published methods
    - Message Digest Functions
      - Message Digest Algorithms at Work
      - Uses of Message Digest Functions
      - HMAC
      - Attacks on Message Digest Functions
  - 4. Cryptography and the Web
    - Cryptography and Web Security
      - Roles for Cryptography
    - Working Cryptographic Systems and Protocols
      - Offline Encryption Systems
        
        PGP/OpenPGP
        
        S/MIME
      - Online Cryptographic Protocols and Systems
        
        SSL
        
        PCT
        
        SET
        
        DNSSEC
        
        IPsec and IPv6
        
        Kerberos
        
        SSH
    - What Cryptography Cant Do
    - Legal Restrictions on Cryptography
      - Cryptography and the Patent System
        
        The public key patents
        
        Other patented algorithms
        
        The outlook for patents
      - Cryptography and Trade Secret Law
      - Regulation of Cryptography by International and National Law
        
        U.S. regulatory efforts and history
        
        The Digital Millennium Copyright Act
        
        International agreements on cryptography
        
        National regulations of cryptography throughout the world
  - 5. Understanding SSL and TLS
    - What Is SSL?
      - SSL Versions
      - SSL/TLS Features
      - What Does SSL Really Protect?
      - Digital Certificates
      - SSL Implementations
        
        SSL Netscape
        
        SSLRef and Mozilla Network Security Services
        
        SSLeay and OpenSSL
        
        SSL Java
      - SSL Performance
    - SSL: The Users Point of View
      - Browser Preferences
        
        Navigator preferences
        
        Internet Explorer preferences
      - Browser Alerts
  - 6. Digital Identification I: Passwords, Biometrics, and Digital Signatures
    - Physical Identification
      - The Need for Identification Today
      - Paper-Based Identification Techniques
        
        Verifying identity with physical documents
        
        Reputation of the issuing organization
        
        Tamper-proofing the document
      - Computer-Based Identification Techniques
        
        Password-based systems: something that you know
        
        Physical tokens: something that you have
        
        Biometrics: something that you are
        
        Location: someplace where you are
    - Using Public Keys for Identification
      - Replay Attacks
      - Stopping Replay Attacks with Public Key Cryptography
        
        PGP public keys
      - Creating and Storing the Private Key
        
        Creating a public key/private key pair with PGP
        
        Smart cards
    - Real-World Public Key Examples
      - Document Author Identification Using PGP
        
        CERT/CCs PGP signatures
        
        Obtaining CERT/CCs PGP key
        
        Verifying the PGP-signed file
        
        PGP certification
      - Public Key Authentication Using SSH
  - 7. Digital Identification II: Digital Certificates, CAs, and PKI
    - Understanding Digital Certificates with PGP
      - Certifying Your Own Key
      - Certifying Other Peoples Keys: PGPs Web of Trust
        
        Trust and validity
        
        The Web of Trust and the key servers
        
        Key signing parties
    - Certification Authorities: Third-Party Registrars
      - Certification Practices Statement (CPS)
      - The X.509 v3 Certificate
        
        Exploring the X.509 v3 certificate
      - Types of Certificates
        
        Minimal disclosure certificates
      - Revocation
        
        Certificate revocation lists
        
        Real-time certificate validation
        
        Short-lived certificates
    - Public Key Infrastructure
      - Certification Authorities: Some History
      - Internet Explorer Preinstalled Certificates
      - Netscape Navigator Preinstalled Certificates
      - Multiple Certificates for a Single CA
      - Shortcomings of Todays CAs
        
        Lack of permanence for Certificate Policies field
        
        Inconsistencies for Subject and Issuer fields
        
        Unrealistic expiration dates
    - Open Policy Issues
      - Private Keys Are Not People
      - Distinguished Names Are Not People
      - There Are Too Many Robert Smiths
      - Todays Digital Certificates Dont Tell Enough
      - X.509 v3 Does Not Allow Selective Disclosure
      - Digital Certificates Allow for Easy Data Aggregation
      - How Many CAs Does Society Need?
      - How Do You Loan a Key?
      - Why Do These Questions Matter?
      - Brad Biddle on Digital Signatures and E-SIGN
        
        E-SIGN and UETA
        
        Electronic contractingits more than just signatures!
        
        Signed writing requirements
        
        Proof
- II. Privacy and Security for Users
  - 8. The Webs War on Your Privacy
    - Understanding Privacy
      - The Tort of Privacy
      - Personal, Private, and Personally Identifiable Information
    - User-Provided Information
    - Log Files
      - Retention and Rotation
      - Web Logs
        
        Whats in a web log?
        
        The refer link field
        
        Obscuring web logs
      - RADIUS Logs
      - Mail Logs
      - DNS Logs
    - Understanding Cookies
      - The Cookie Protocol
        
        An example
      - Cookie Uses
      - Cookie Jars
      - Cookie Security
      - Disabling Cookies
    - Web Bugs
      - Web Bugs on Web Pages
      - Web Bugs in Email Messages and Word Files
      - Uses of Web Bugs
    - Conclusion
  - 9. Privacy-Protecting Techniques
    - Choosing a Good Service Provider
    - Picking a Great Password
      - Why Use Passwords?
      - Bad Passwords: Open Doors
      - Smoking Joes
      - Good Passwords: Locked Doors
      - Writing Down Passwords
      - Strategies for Managing Multiple Usernames and Passwords
        
        Password classes
        
        Password bases
        
        Password rotation
        
        Password keepers
      - Sharing Passwords
        
        Be careful when you share your password with others!
        
        Change your password when the person no longer needs it
        
        Resist social engineering attacks
      - Beware of Password Sniffers and Stealers
        
        Password sniffers
        
        Keystroke recorders and keyboard sniffers
        
        Beware of public terminals
    - Cleaning Up After Yourself
      - Browser Cache
        
        Managing your cache with Internet Explorer
        
        Managing your cache with Netscape Navigator
      - Cookies
        
        Crushing Internet Explorers cookies
        
        Crushing Netscapes cookies
      - Browser History
        
        Clearing Internet Explorers browser history
        
        Clearing Netscape Navigators browser history
      - Passwords, Form-Filling, and AutoComplete Settings
        
        Clearing AutoComplete with Internet Explorer
        
        Clearing sensitive information with Netscape Navigator
    - Avoiding Spam and Junk Email
      - Protect Your Email Address
      - Use Address Munging
      - Use an Antispam Service or Software
    - Identity Theft
      - Protecting Yourself From Identity Theft
  - 10. Privacy-Protecting Technologies
    - Blocking Ads and Crushing Cookies
      - Local HTTP Proxies
      - Using Ad Blockers
    - Anonymous Browsing
      - Simple Approaches to Protecting Your IP Address
      - Anonymous Web Browsing Services
    - Secure Email
      - Hotmail, Yahoo Mail, and Other Web-Based Email Services
      - Hushmail
      - Omnivas Self-Destructing Email
  - 11. Backups and Antitheft
    - Using Backups to Protect Your Data
      - Make Backups!
      - Why Make Backups?
      - What Should You Back Up?
      - Types of Backups
      - Guarding Against Media Failure
      - How Long Should You Keep a Backup?
      - Security for Backups
        
        Physical security for backups
        
        Write-protect your backups
        
        Data security for backups
      - Legal Issues
      - Deciding upon a Backup Strategy
    - Preventing Theft
      - Understanding Computer Theft
      - Locks
      - Tagging
      - Laptop Recovery Software and Services
      - Awareness
  - 12. Mobile Code I: Plug-Ins, ActiveX,and Visual Basic
    - When Good Browsers Go Bad
      - Card Shark
      - David.exe
      - The Chaos Quicken Checkout
      - ILOVEYOU
    - Helper Applications and Plug-ins
      - The History of Helpers
      - Getting the Plug-In
      - Evaluating Plug-In Security
    - Microsofts ActiveX
      - The <OBJECT> Tag
      - Authenticode
      - Does Authenticode Work?
      - Internet Exploder
      - Risky Controls
    - The Risks of Downloaded Code
      - Programs That Spend Your Money
        
        Telephone billing records
        
        Electronic funds transfers
      - Programs That Violate Privacy and Steal Confidential Information
        
        A wealth of private data
      - Signed Code Is Not Safe Code
      - Signed Code Can Be Hijacked
      - Reconstructing an Attack
      - Recovering from an Attack
    - Conclusion
  - 13. Mobile Code II: Java, JavaScript, Flash, and Shockwave
    - Java
      - A Little Java Demonstration
      - Javas History
      - Java, the Language
      - Java Safety
      - Java Security
        
        Safety is not security
      - Java Security Policy
        
        Internet Explorers security zones
        
        Setting Java policy in Microsoft Internet Explorer
        
        Setting Java policy in Netscape Navigator
      - Java Security Problems
    - JavaScript
      - A Touch of JavaScript
      - JavaScript Security Overview
      - JavaScript Security Flaws
      - JavaScript Denial-of-Service Attacks
        
        Cant break a running script
        
        Window system attacks
        
        CPU and stack attacks
      - JavaScript Spoofing Attacks
        
        Spoofing username/password pop-ups with Java
        
        Spoofing browser status with JavaScript
        
        Mirror worlds
    - Flash and Shockwave
    - Conclusion
- III. Web Server Security
  - 14. Physical Security for Servers
    - Planning for the Forgotten Threats
      - The Physical Security Plan
      - The Disaster Recovery Plan
      - Other Contingencies
    - Protecting Computer Hardware
      - The Environment
        
        Fire
        
        Smoke
        
        Dust
        
        Earthquake
        
        Explosion
        
        Temperature extremes
        
        Bugs (biological)
        
        Electrical noise
        
        Lightning
        
        Vibration
        
        Humidity
        
        Water
        
        Environmental monitoring
      - Preventing Accidents
        
        Food and drink
      - Physical Access
        
        Raised floors and dropped ceilings
        
        Entrance through air ducts
        
        Glass walls
      - Vandalism
        
        Ventilation holes
        
        Network cables
        
        Network connectors
      - Defending Against Acts of War and Terrorism
      - Preventing Theft
        
        Physically secure your computer
        
        RAM theft
        
        Encryption
        
        Laptops and portable computers
    - Protecting Your Data
      - Eavesdropping
        
        Wiretapping
        
        Eavesdropping over local area networks (Ethernet and twisted pair)
        
        Eavesdropping on 802.11 wireless LANs
        
        Eavesdropping by radio and using TEMPEST
        
        Fiber optic cable
        
        Keyboard monitors
      - Protecting Backups
        
        Verify your backups
        
        Protect your backups
      - Sanitizing Media Before Disposal
      - Sanitizing Printed Media
      - Protecting Local Storage
        
        Printer buffers
        
        Printer output
        
        X terminals
        
        Function keys
      - Unattended Terminals
        
        Built-in shell autologout
        
        Screensavers
      - Key Switches
    - Personnel
    - Story: A Failed Site Inspection
      - What We Found
        
        Fire hazards
        
        Potential for eavesdropping and data theft
        
        Easy pickings
        
        Physical access to critical computers
        
        Possibilities for sabotage
      - Nothing to Lose?
  - 15. Host Security for Servers
    - Current Host Security Problems
      - A Taxonomy of Attacks
      - Frequency of Attack
      - Understanding Your Adversaries
        
        Script kiddies
        
        Industrial spies
        
        Ideologues and national agents
        
        Organized crime
        
        Rogue employees and insurance fraud
      - What the Attacker Wants
      - Tools of the Attackers Trade
    - Securing the Host Computer
      - Security Through Policy
      - Keeping Abreast of Bugs and Flaws
      - Choosing Your Vendor
      - Installation I: Inventory Your System
      - Installation II: Installing the Software and Patches
    - Minimizing Risk by Minimizing Services
    - Operating Securely
      - Keep Abreast of New Vulnerabilities
      - Logging
        
        Setting up a log server
        
        Logging on Unix
        
        Logging on Windows 2000
      - Backups
      - Using Security Tools
        
        Snapshot tools
        
        Change-detecting tools
        
        Network scanning programs
        
        Intrusion detection systems
        
        Virus scanners
        
        Network recording and logging tools
    - Secure Remote Access and Content Updating
      - The Risk of Password Sniffing
      - Using Encryption to Protect Against Sniffing
      - Secure Content Updating
      - Dialup Modems
    - Firewalls and the Web
      - Types of Firewalls
      - Protecting LANs with Firewalls
      - Protecting Web Servers with Firewalls
    - Conclusion
  - 16. Securing Web Applications
    - A Legacy of Extensibility and Risk
      - Programs That Should Not Be CGIs
      - Unintended Side Effects
        
        The problem with the script
        
        Fixing the problem
    - Rules to Code By
      - General Principles for Writing Secure Scripts
    - Securely Using Fields, Hidden Fields, and Cookies
      - Using Fields Securely
      - Hidden Fields and Compound URLs
      - Using Cookies
      - Using Cryptography to Strengthen Hidden Fields, Compound URLs, and Cookies
    - Rules for Programming Languages
      - Rules for Perl
      - Rules for C
      - Rules for the Unix Shell
    - Using PHP Securely
      - Introduction to PHP
      - Controlling PHP
      - Understanding PHP Security Issues
      - PHP Installation Issues
      - PHP Variables
        
        Attacks with global variables
        
        register_globals = off
      - Database Authentication Credentials
      - URL fopen( )
      - Hide Your Scripts
      - PHP Safe Mode
        
        Controlling safe mode
        
        Safe mode restrictions
    - Writing Scripts That Run with Additional Privileges
    - Connecting to Databases
      - Protect Account Information
      - Use Filtering and Quoting to Screen Out Raw SQL
      - Protect the Database Itself
    - Conclusion
  - 17. Deploying SSL Server Certificates
    - Planning for Your SSL Server
      - Choosing a Server
      - Deciding on the Private Key Store
      - Server Certificates
        
        The SSL certificate format
    - Creating SSL Servers with FreeBSD
      - History
      - Obtaining the Programs
      - Installing Apache and mod_ssl on FreeBSD
      - Verifying the Initial Installation
      - Signing Your Keys with Your Own Certification Authority
        
        The Apache mod_ssl configuration file
        
        Installing the key and certificate on the web server
        
        Installing the Nitroba CA certificate into Internet Explorer
        
        Installing the Nitroba CA certificate into Netscape Navigator
      - Securing Other Services
    - Installing an SSL Certificate on Microsoft IIS
    - Obtaining a Certificate from a Commercial CA
    - When Things Go Wrong
      - Not Yet Valid and Expired Certificates
      - Certificate Renewal
      - Wrong Server Address
  - 18. Securing Your Web Service
    - Protecting Via Redundancy
      - Price and Performance Versus Redundancy
      - Providing for Redundancy
    - Protecting Your DNS
    - Protecting Your Domain Registration
  - 19. Computer Crime
    - Your Legal Options After a Break-In
      - Filing a Criminal Complaint
        
        Choosing jurisdiction
        
        Local jurisdiction
        
        Federal jurisdiction
      - Federal Computer Crime Laws
      - Hazards of Criminal Prosecution
      - The Responsibility to Report Crime
    - Criminal Hazards
    - Criminal Subject Matter
      - Access Devices and Copyrighted Software
      - Pornography, Indecency, and Obscenity
        
        Amateur Action
        
        Communications Decency Act
        
        Mandatory blocking
        
        Child pornography
      - Devices that Circumvent Technical Measures that Control Access to Copyrighted Works
      - Cryptographic Programs and Export Controls
- IV. Security for Content Providers
  - 20. Controlling Access to Your Web Content
    - Access Control Strategies
      - Hidden URLs
      - Host-Based Restrictions
        
        Using firewalls to implement host-based access control
        
        Caveats with host-based access control
      - Identity-Based Access Controls
    - Controlling Access with Apache
      - Enforcing Access Control Restrictions with the .htaccess File
      - Enforcing Access Control Restrictions with the Web Servers Configuration File
      - Commands Before the <Limit>. . . </Limit> Directive
      - Commands Within the <Limit>. . . </Limit> Block
      - <Limit> Examples
      - Manually Setting Up Web Users and Passwords
      - Advanced User Management
        
        Use a database
        
        Use RADIUS or LDAP
        
        Use PKI and digital certificates
    - Controlling Access with Microsoft IIS
      - Installing IIS
      - Downloading and Installing the IIS Patches
      - Controlling Access to IIS Web Pages
      - Restricting Access to IIS Directories
  - 21. Client-Side Digital Certificates
    - Client Certificates
      - Why Client Certificates?
      - Support for Client-Side Digital Certificates
    - A Tour of the VeriSign Digital ID Center
      - Generating a VeriSign Digital ID
      - Finding a Digital ID
      - Revoking a Digital ID
  - 22. Code Signing and Microsofts Authenticode
    - Why Code Signing?
      - Code Signing in Theory
      - Code Signing Today
      - Code Signing and Legal Restrictions on Cryptography
    - Microsofts Authenticode Technology
      - The Pledge
      - Publishing with Authenticode
        
        The Authenticode SDK
        
        Making the certificate
        
        Adding the certificate to the store
        
        Signing a program
        
        Code signing from the command line
    - Obtaining a Software Publishing Certificate
    - Other Code Signing Methods
  - 23. Pornography, Filtering Software, and Censorship
    - Pornography Filtering
      - Architectures for Filtering
      - Problems with Filtering Software
    - PICS
      - What Is PICS?
      - PICS Applications
      - PICS and Censorship
        
        Access controls become tools for censorship
        
        Censoring the network
    - RSACi
    - Conclusion
  - 24. Privacy Policies, Legislation, and P3P
    - Policies That Protect Privacy and Privacy Policies
      - The Code of Fair Information Practices
      - OECD Guidelines
      - Other National and International Regulations
      - Voluntary Regulation Privacy Policies
        
        Seal programs
        
        FTC enforcement
        
        Notice, Choice, Access, and Security
    - Childrens Online Privacy Protection Act
      - Prelude to Regulation
      - COPPA Requirements
        
        Who must follow the COPPA Rule?
        
        Basic provisions of COPPA
        
        Verifiable parental consent
        
        COPPA exceptions
        
        Enforcement
    - P3P
      - P3P and PICS
      - Support for P3P in Internet Explorer 6.0
    - Conclusion
  - 25. Digital Payments
    - Charga-Plates, Diners Club, and Credit Cards
      - A Very Short History of Credit
      - Payment Cards in the United States
      - The Interbank Payment Card Transaction
        
        The charge card check digit algorithm
        
        The charge slip
        
        Charge card fees
      - Refunds and Charge-Backs
      - Additional Authentication Mechanisms
      - Using Credit Cards on the Internet
    - Internet-Based Payment Systems
      - Virtual PIN
        
        Enrollment
        
        Purchasing
        
        Security and privacy
        
        Redux
      - DigiCash
        
        Enrollment
        
        Purchasing
        
        Security and privacy
        
        Redux
      - CyberCash/CyberCoin
        
        Enrollment
        
        Purchasing
        
        Security and privacy
        
        Redux
      - SET
        
        Two channels: one for the merchant, one for the bank
        
        Why SET failed
        
        Redux
      - PayPal
        
        Sending money
        
        Security and financial integration
      - Gator Wallet
      - Microsoft Passport
      - Other Payment Systems
        
        Smart cards
        
        Mondex
    - How to Evaluate a Credit Card Payment System
  - 26. Intellectual Property and Actionable Content
    - Copyright
      - Copyright Infringement
      - Software Piracy and the SPA
      - Warez
    - Patents
    - Trademarks
      - Obtaining a Trademark
      - Trademark Violations
      - Domain Names and Trademarks
    - Actionable Content
      - Libel and Defamation
      - Liability for Damage
      - Protection Through Incorporation
- V. Appendixes
  - A. Lessons from Vineyard.NET
    - In the Beginning
    - Planning and Preparation
      - Lesson: Whenever you are pulling wires, pull more than you need.
      - Lesson: Pull all your wires in a star configuration, from a central point out to each room, rather than daisy-chained from room to room. Wire both your computers and your telephone networks as stars. It makes it much easier to expand or rewire in the future.
      - Lesson: Use centrally located punch-down blocks for computer and telephone networks.
      - Lesson: Dont go overboard.
      - Lesson: Plan your computer room carefully; you will have to live with its location for a long time.
    - IP Connectivity
      - Lesson: Set milestones and stick to them.
      - Lesson: Get your facilities in order.
      - Lesson: Test your facilities before going live.
      - Lesson: Provide for backup facilities before, during, and after your transition.
    - Commercial Start-Up
      - Working with the Phone Company
        
        Lesson: Design your systems to fail gracefully.
        
        Lesson: Know your phone company. Know its terminology, the right contact people, the phone numbers for internal organizations, and everything else you can find out.
      - Incorporating Vineyard.NET
      - Initial Expansion
        
        Lesson: Build sensible business partnerships.
      - Accounting Software
        
        Lesson: Make sure your programs are table-driven as often as possible.
        
        Lesson: Tailor your products for your customers.
        
        Lesson: Build systems that are extensible.
        
        Lesson: Automate everything you can.
        
        Lesson: Dont reinvent the wheel unless you can build a better wheel.
      - Publicity and Privacy
        
        Lesson: Always be friendly to the press.
        
        Lesson: Never give out your home phone number.
        
        Lesson: It is very difficult to change a phone number. So pick your companys phone number early and use it consistently.
    - Ongoing Operations
      - Security Concerns
        
        Lesson: Dont run programs with a history of security problems.
        
        Lesson: Make frequent backups.
        
        Lesson: Limit logins to your servers.
        
        Lesson: Beware of TCP/IP spoofing.
        
        Lesson: Defeat packet sniffing.
        
        Lesson: Restrict logins.
        
        Lesson: Tighten up your system beyond manufacturer recommendations.
        
        Lesson: Remember, the free in free software refers to freedom.
      - Phone Configuration and Billing Problems
      - Credit Cards and ACH
        
        Lesson: If you have the time to write it, custom software always works better than what you can get off the shelf.
        
        Lesson: Live credit card numbers are dangerous.
        
        Lesson: Encrypt sensitive information and be careful with your decryption keys.
        
        Lesson: Log everything, and have lots of reports.
        
        Lesson: Explore a variety of payment systems.
        
        Lesson: Make it easy for your customers to save you money.
        
        Lesson: Have a backup supplier.
      - Monitoring Software
        
        Lesson: Monitor your system.
    - Redundancy and Wireless
      - Linking Primary to Backup
      - Building the Backup Site
      - Failoverand Back!
    - The Big Cash-Out
    - Conclusion
  - B. The SSL/TLS Protocol
    - History
    - TLS Record Layer
    - SSL/TLS Protocols
      - Handshake Protocol
      - Alert Protocol
      - ChangeCipherSpec Protocol
    - SSL 3.0/TLS Handshake
      - Sequence of Events
        
        1. ClientHello
        
        2. ServerHello
        
        3. Server certificate
        
        4. Server key exchange
        
        5. Certificate Request
        
        6. The server sends a ServerHelloDone (TLS only)
        
        7. Client sends certificate
        
        8. ClientKeyExchange
        
        9. CertificateVerify
        
        10. ChangeCipherSpec
        
        11. Finished
        
        12. Application Data
  - C. P3P: The Platform for Privacy Preferences Project
    - How P3P Works
    - Deploying P3P
      - Creating a Privacy Policy
      - Generating a P3P Policy and Policy Reference File
      - Helping User Agents Find Your Policy Reference File
      - Compact Policies
    - Simple P3P-Enabled Web Site Example
  - D. The PICS Specification
    - Rating Services
    - PICS Labels
      - Labeled Documents
      - Requesting PICS Labels by HTTP
      - Requesting a Label from a Rating Service
  - E. References
    - Electronic References
      - Mailing Lists
        
        Bugtraq
        
        CERT-advisory
        
        CIAC-notes and C-Notes
        
        Firewalls
        
        NTBugTraq
        
        NT-security
        
        RISKS
      - Usenet Groups
      - Web Pages and FTP Repository
        
        Attrition.org
        
        CERIAS
        
        CIAC
        
        DigiCrime
        
        FIRST
        
        IETF
        
        Mozilla
        
        NIH
        
        NIST CSRC
        
        Princeton SIP
        
        Radius.Net Cryptography Archives
        
        RSA Data Security
        
        OpenSSL
        
        SecurityFocus
        
        System Administration, Networking, and Security (SANS) Institute
        
        World Wide Web Consortium (W3C)
        
        WWW Security
      - Software Resources
        
        chrootuid
        
        COPS (Computer Oracle and Password System)
        
        Kerberos
        
        MRTG
        
        portmap
        
        rsync
        
        SATAN
        
        SOCKS
        
        SSH
        
        Swatch
        
        tcpwrapper
        
        Tiger
        
        TIS Internet Firewall Toolkit
        
        Tripwire
        
        UDP Packet Relayer
    - Paper References
      - Computer Crime and Law
      - Computer-Related Risks
      - Computer Viruses and Programmed Threats
      - Cryptography
      - General Computer Security
      - System Administration, Network Technology, and Security
        
        Network Technology
        
        Secure Programming
        
        Security and Networking
        
        Unix System Administration
        
        Windows System Administration
      - Security Products and Services Information
      - Miscellaneous References
- Index
- About the Authors
- Colophon