Web Security, Privacy & Commerce. 2nd Edition
- Autorzy:
- Simson Garfinkel, Gene Spafford
- Ocena:
- Bądź pierwszym, który oceni tę książkę
- Stron:
- 788
- Dostępne formaty:
-
ePubMobi
Opis ebooka: Web Security, Privacy & Commerce. 2nd Edition
Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites.Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers:
- Web technology--The technological underpinnings of the modern Internet and the cryptographic foundations of e-commerce are discussed, along with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key Infrastructure), and digital identification, including passwords, digital signatures, and biometrics.
- Web privacy and security for users--Learn the real risks to user privacy, including cookies, log files, identity theft, spam, web logs, and web bugs, and the most common risk, users' own willingness to provide e-commerce sites with personal information. Hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs are also covered.
- Web server security--Administrators and service providers discover how to secure their systems and web services. Topics include CGI, PHP, SSL certificates, law enforcement issues, and more.
- Web content security--Zero in on web publishing issues for content providers, including intellectual property, copyright and trademark issues, P3P and privacy policies, digital payments, client-side digital signatures, code signing, pornography filtering and PICS, and other controls on web content.
Wybrane bestsellery
-
Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertis...
Security and Usability. Designing Secure Systems that People Can Use Security and Usability. Designing Secure Systems that People Can Use
(143.65 zł najniższa cena z 30 dni)147.29 zł
169.00 zł(-13%) -
When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the...(155.44 zł najniższa cena z 30 dni)
155.34 zł
189.00 zł(-18%) -
Fifty years ago, in 1984, George Orwell imagined a future in which privacy was demolished by a totalitarian state that used spies, video surveillance, historical revisionism, and control over the media to maintain its power. Those who worry about personal privacy and identity--especially in t...
Database Nation. The Death of Privacy in the 21st Century Database Nation. The Death of Privacy in the 21st Century
(47.04 zł najniższa cena z 30 dni)46.94 zł
59.90 zł(-22%) -
Dzięki tej świetnie napisanej, miejscami przezabawnej książce dowiesz się, na czym naprawdę polega testowanie granic bezpieczeństwa fizycznego. To fascynująca relacja o sposobach wynajdywania niedoskonałości zabezpieczeń, stosowania socjotechnik i wykorzystywania słabych stron ludzkiej natury. Wy...(47.20 zł najniższa cena z 30 dni)
41.30 zł
59.00 zł(-30%) -
Oto przewodnik po inżynierii detekcji, przeznaczony dla inżynierów zabezpieczeń i analityków bezpieczeństwa. Zaprezentowano w nim praktyczną metodologię planowania, budowy i walidacji mechanizmów wykrywania zagrożeń. Opisano zasady pracy z frameworkami służącymi do testowania i uwierzytelniania p...
Inżynieria detekcji cyberzagrożeń w praktyce. Planowanie, tworzenie i walidacja mechanizmów wykrywania zagrożeń Inżynieria detekcji cyberzagrożeń w praktyce. Planowanie, tworzenie i walidacja mechanizmów wykrywania zagrożeń
(53.40 zł najniższa cena z 30 dni)62.30 zł
89.00 zł(-30%) -
Opracowanie odnosi się do kwestii cyberbezpieczeństwa w sferze nie tylko krajowej, ale również międzynarodowej, co pozwala na szersze spojrzenie na przedmiotową problematykę. W związku z tym należy je nie tylko ocenić wysoko, ale też szczególnie podkreślić ten fakt. Umiędzynarodowienie cyberbezpi...
Strategie cyberbezpieczeństwa współczesnego świata Strategie cyberbezpieczeństwa współczesnego świata
(28.11 zł najniższa cena z 30 dni)28.08 zł
39.00 zł(-28%) -
Marzysz o pracy w IT, która „robi różnicę”? Stanowisko inżyniera sieci wiąże się ze sporą odpowiedzialnością, ponieważ od niego zależy działanie sieci całego przedsiębiorstwa. Tylko co to właściwie znaczy? W praktyce chodzi o prawidłowe funkcjonowanie programów i aplikacji sieciowych,...
Zostań inżynierem sieci. Kurs video. 100 pytań do przyszłego sieciowca Zostań inżynierem sieci. Kurs video. 100 pytań do przyszłego sieciowca
(84.50 zł najniższa cena z 30 dni)109.85 zł
169.00 zł(-35%) -
Ta książka jest przewodnikiem dla profesjonalistów do spraw cyberbezpieczeństwa. Przedstawia podstawowe zasady reagowania na incydenty bezpieczeństwa i szczegółowo, na przykładach, omawia proces tworzenia zdolności szybkiej i skutecznej reakcji na takie zdarzenia. Zaprezentowano tu techniki infor...
Informatyka śledcza. Narzędzia i techniki skutecznego reagowania na incydenty bezpieczeństwa. Wydanie III Informatyka śledcza. Narzędzia i techniki skutecznego reagowania na incydenty bezpieczeństwa. Wydanie III
(59.40 zł najniższa cena z 30 dni)69.30 zł
99.00 zł(-30%) -
Jesteś przedsiębiorcą i chcesz lepiej zrozumieć tych, którzy korzystają z towarów lub usług Twojej firmy? Marketerem, który poszukuje skuteczniejszych sposobów dotarcia do odbiorców formułowanych przez siebie przekazów? Handlowcem, którego premia zależy od jego relacji z partnerami biznesowymi? A...
Instrukcja obsługi ścieżki klienta, czyli praktyczny przewodnik po Customer Journey Maps Instrukcja obsługi ścieżki klienta, czyli praktyczny przewodnik po Customer Journey Maps
(29.94 zł najniższa cena z 30 dni)34.93 zł
49.90 zł(-30%) -
Książkę szczególnie docenią analitycy bezpieczeństwa, którzy chcą się zapoznać z zestawem poleceń ARM i zdobyć wiedzę umożliwiającą im efektywne korzystanie z technik inżynierii wstecznej. Poza zestawem potrzebnych poleceń znalazło się w niej mnóstwo przydatnych informacji. Znajdziesz tu przegląd...
Niebieski lis. Polecenia procesorów Arm i inżynieria wsteczna Niebieski lis. Polecenia procesorów Arm i inżynieria wsteczna
(53.40 zł najniższa cena z 30 dni)62.30 zł
89.00 zł(-30%)
Ebooka "Web Security, Privacy & Commerce. 2nd Edition" przeczytasz na:
-
czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
-
systemach Windows, MacOS i innych
-
systemach Windows, Android, iOS, HarmonyOS
-
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi
Masz pytania? Zajrzyj do zakładki Pomoc »
Audiobooka "Web Security, Privacy & Commerce. 2nd Edition" posłuchasz:
-
w aplikacji Ebookpoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych
-
na dowolnych urządzeniach i aplikacjach obsługujących format MP3 (pliki spakowane w ZIP)
Masz pytania? Zajrzyj do zakładki Pomoc »
Kurs Video "Web Security, Privacy & Commerce. 2nd Edition" zobaczysz:
-
w aplikacjach Ebookpoint i Videopoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych z dostępem do najnowszej wersji Twojej przeglądarki internetowej
Szczegóły ebooka
- ISBN Ebooka:
- 978-14-493-0524-6, 9781449305246
- Data wydania ebooka:
- 2001-11-15 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
- Język publikacji:
- angielski
- Rozmiar pliku ePub:
- 6.8MB
- Rozmiar pliku Mobi:
- 15.2MB
Spis treści ebooka
- Web Security, Privacy & Commerce, 2nd Edition
- Preface
- Web Security: Is Our Luck Running Out?
- Beyond the Point of No Return
- Building in Security
- Web Security: Is Our Luck Running Out?
- About This Book
- Organization of This Book
- What You Should Know
- Web Software Covered by This Book
- Preface
- Conventions Used in This Book
- Comments and Questions
- History and Acknowledgments
- Second Edition
- First Edition
- I. Web Technology
- 1. The Web Security Landscape
- The Web Security Problem
- Securing the Web Server
- Simplification of services
- Policing copyright
- Securing the Web Server
- Securing Information in Transit
- Securing the Users Computer
- The Web Security Problem
- 1. The Web Security Landscape
- Risk Analysis and Best Practices
- 2. The Architecture of the World Wide Web
- History and Terminology
- Building the Internet
- Packets and postcards
- Protocols
- Hosts, gateways, and firewalls
- The client/server model
- Building the Internet
- Weaving the Web
- History and Terminology
- A Packets Tour of the Web
- Booting Up Your PC
- PC to LAN to Internet
- Dialing up the Internet
- Connected by LAN
- The Walden Network
- The Domain Name Service
- How DNS works
- Engaging the Web
- Who Owns the Internet?
- Your Local Internet Service Provider
- Network Access Points and Metropolitan Area Exchanges
- Peering
- Transit
- The Root and Top-Level Nameservers
- Who runs the root?
- An example
- The Domain Registrars
- Internet Number Registries
- The Internet Corporation for Assigned Names and Numbers
- 3. Cryptography Basics
- Understanding Cryptography
- Roots of Cryptography
- Cryptography as a Dual-Use Technology
- A Cryptographic Example
- Cryptographic Algorithms and Functions
- Understanding Cryptography
- Symmetric Key Algorithms
- Cryptographic Strength of Symmetric Algorithms
- Key Length with Symmetric Key Algorithms
- Common Symmetric Key Algorithms
- Attacks on Symmetric Encryption Algorithms
- Key search (brute force) attacks
- Cryptanalysis
- Systems-based attacks
- Public Key Algorithms
- Uses of Public Key Encryption
- Encrypted messaging
- Digital signatures
- Uses of Public Key Encryption
- Attacks on Public Key Algorithms
- Key search attacks
- Analytic attacks
- Known versus published methods
- Message Digest Functions
- Message Digest Algorithms at Work
- Uses of Message Digest Functions
- HMAC
- Attacks on Message Digest Functions
- 4. Cryptography and the Web
- Cryptography and Web Security
- Roles for Cryptography
- Cryptography and Web Security
- Working Cryptographic Systems and Protocols
- Offline Encryption Systems
- PGP/OpenPGP
- S/MIME
- Offline Encryption Systems
- Online Cryptographic Protocols and Systems
- SSL
- PCT
- SET
- DNSSEC
- IPsec and IPv6
- Kerberos
- SSH
- What Cryptography Cant Do
- Legal Restrictions on Cryptography
- Cryptography and the Patent System
- The public key patents
- Other patented algorithms
- The outlook for patents
- Cryptography and the Patent System
- Cryptography and Trade Secret Law
- Regulation of Cryptography by International and National Law
- U.S. regulatory efforts and history
- The Digital Millennium Copyright Act
- International agreements on cryptography
- National regulations of cryptography throughout the world
- 5. Understanding SSL and TLS
- What Is SSL?
- SSL Versions
- SSL/TLS Features
- What Does SSL Really Protect?
- Digital Certificates
- SSL Implementations
- SSL Netscape
- SSLRef and Mozilla Network Security Services
- SSLeay and OpenSSL
- SSL Java
- SSL Performance
- What Is SSL?
- SSL: The Users Point of View
- Browser Preferences
- Navigator preferences
- Internet Explorer preferences
- Browser Preferences
- Browser Alerts
- 6. Digital Identification I: Passwords, Biometrics, and Digital Signatures
- Physical Identification
- The Need for Identification Today
- Paper-Based Identification Techniques
- Verifying identity with physical documents
- Reputation of the issuing organization
- Tamper-proofing the document
- Computer-Based Identification Techniques
- Password-based systems: something that you know
- Physical tokens: something that you have
- Biometrics: something that you are
- Location: someplace where you are
- Physical Identification
- Using Public Keys for Identification
- Replay Attacks
- Stopping Replay Attacks with Public Key Cryptography
- PGP public keys
- Creating and Storing the Private Key
- Creating a public key/private key pair with PGP
- Smart cards
- Real-World Public Key Examples
- Document Author Identification Using PGP
- CERT/CCs PGP signatures
- Obtaining CERT/CCs PGP key
- Verifying the PGP-signed file
- PGP certification
- Document Author Identification Using PGP
- Public Key Authentication Using SSH
- 7. Digital Identification II: Digital Certificates, CAs, and PKI
- Understanding Digital Certificates with PGP
- Certifying Your Own Key
- Certifying Other Peoples Keys: PGPs Web of Trust
- Trust and validity
- The Web of Trust and the key servers
- Key signing parties
- Understanding Digital Certificates with PGP
- Certification Authorities: Third-Party Registrars
- Certification Practices Statement (CPS)
- The X.509 v3 Certificate
- Exploring the X.509 v3 certificate
- Types of Certificates
- Minimal disclosure certificates
- Revocation
- Certificate revocation lists
- Real-time certificate validation
- Short-lived certificates
- Public Key Infrastructure
- Certification Authorities: Some History
- Internet Explorer Preinstalled Certificates
- Netscape Navigator Preinstalled Certificates
- Multiple Certificates for a Single CA
- Shortcomings of Todays CAs
- Lack of permanence for Certificate Policies field
- Inconsistencies for Subject and Issuer fields
- Unrealistic expiration dates
- Open Policy Issues
- Private Keys Are Not People
- Distinguished Names Are Not People
- There Are Too Many Robert Smiths
- Todays Digital Certificates Dont Tell Enough
- X.509 v3 Does Not Allow Selective Disclosure
- Digital Certificates Allow for Easy Data Aggregation
- How Many CAs Does Society Need?
- How Do You Loan a Key?
- Why Do These Questions Matter?
- Brad Biddle on Digital Signatures and E-SIGN
- E-SIGN and UETA
- Electronic contractingits more than just signatures!
- Signed writing requirements
- Proof
- II. Privacy and Security for Users
- 8. The Webs War on Your Privacy
- Understanding Privacy
- The Tort of Privacy
- Personal, Private, and Personally Identifiable Information
- Understanding Privacy
- User-Provided Information
- Log Files
- Retention and Rotation
- Web Logs
- Whats in a web log?
- The refer link field
- Obscuring web logs
- RADIUS Logs
- Mail Logs
- DNS Logs
- 8. The Webs War on Your Privacy
- Understanding Cookies
- The Cookie Protocol
- An example
- The Cookie Protocol
- Cookie Uses
- Cookie Jars
- Cookie Security
- Disabling Cookies
- Web Bugs
- Web Bugs on Web Pages
- Web Bugs in Email Messages and Word Files
- Uses of Web Bugs
- Conclusion
- 9. Privacy-Protecting Techniques
- Choosing a Good Service Provider
- Picking a Great Password
- Why Use Passwords?
- Bad Passwords: Open Doors
- Smoking Joes
- Good Passwords: Locked Doors
- Writing Down Passwords
- Strategies for Managing Multiple Usernames and Passwords
- Password classes
- Password bases
- Password rotation
- Password keepers
- Sharing Passwords
- Be careful when you share your password with others!
- Change your password when the person no longer needs it
- Resist social engineering attacks
- Beware of Password Sniffers and Stealers
- Password sniffers
- Keystroke recorders and keyboard sniffers
- Beware of public terminals
- Cleaning Up After Yourself
- Browser Cache
- Managing your cache with Internet Explorer
- Managing your cache with Netscape Navigator
- Browser Cache
- Cookies
- Crushing Internet Explorers cookies
- Crushing Netscapes cookies
- Browser History
- Clearing Internet Explorers browser history
- Clearing Netscape Navigators browser history
- Passwords, Form-Filling, and AutoComplete Settings
- Clearing AutoComplete with Internet Explorer
- Clearing sensitive information with Netscape Navigator
- Avoiding Spam and Junk Email
- Protect Your Email Address
- Use Address Munging
- Use an Antispam Service or Software
- Identity Theft
- Protecting Yourself From Identity Theft
- 10. Privacy-Protecting Technologies
- Blocking Ads and Crushing Cookies
- Local HTTP Proxies
- Using Ad Blockers
- Blocking Ads and Crushing Cookies
- Anonymous Browsing
- Simple Approaches to Protecting Your IP Address
- Anonymous Web Browsing Services
- Secure Email
- Hotmail, Yahoo Mail, and Other Web-Based Email Services
- Hushmail
- Omnivas Self-Destructing Email
- 11. Backups and Antitheft
- Using Backups to Protect Your Data
- Make Backups!
- Why Make Backups?
- What Should You Back Up?
- Types of Backups
- Guarding Against Media Failure
- How Long Should You Keep a Backup?
- Security for Backups
- Physical security for backups
- Write-protect your backups
- Data security for backups
- Legal Issues
- Deciding upon a Backup Strategy
- Using Backups to Protect Your Data
- Preventing Theft
- Understanding Computer Theft
- Locks
- Tagging
- Laptop Recovery Software and Services
- Awareness
- 12. Mobile Code I: Plug-Ins, ActiveX,and Visual Basic
- When Good Browsers Go Bad
- Card Shark
- David.exe
- The Chaos Quicken Checkout
- ILOVEYOU
- When Good Browsers Go Bad
- Helper Applications and Plug-ins
- The History of Helpers
- Getting the Plug-In
- Evaluating Plug-In Security
- Microsofts ActiveX
- The <OBJECT> Tag
- Authenticode
- Does Authenticode Work?
- Internet Exploder
- Risky Controls
- The Risks of Downloaded Code
- Programs That Spend Your Money
- Telephone billing records
- Electronic funds transfers
- Programs That Spend Your Money
- Programs That Violate Privacy and Steal Confidential Information
- A wealth of private data
- Signed Code Is Not Safe Code
- Signed Code Can Be Hijacked
- Reconstructing an Attack
- Recovering from an Attack
- Conclusion
- 13. Mobile Code II: Java, JavaScript, Flash, and Shockwave
- Java
- A Little Java Demonstration
- Javas History
- Java, the Language
- Java Safety
- Java Security
- Safety is not security
- Java Security Policy
- Internet Explorers security zones
- Setting Java policy in Microsoft Internet Explorer
- Setting Java policy in Netscape Navigator
- Java
- Java Security Problems
- JavaScript
- A Touch of JavaScript
- JavaScript Security Overview
- JavaScript Security Flaws
- JavaScript Denial-of-Service Attacks
- Cant break a running script
- Window system attacks
- CPU and stack attacks
- JavaScript Spoofing Attacks
- Spoofing username/password pop-ups with Java
- Spoofing browser status with JavaScript
- Mirror worlds
- Flash and Shockwave
- Conclusion
- III. Web Server Security
- 14. Physical Security for Servers
- Planning for the Forgotten Threats
- The Physical Security Plan
- The Disaster Recovery Plan
- Other Contingencies
- Planning for the Forgotten Threats
- Protecting Computer Hardware
- The Environment
- Fire
- Smoke
- Dust
- Earthquake
- Explosion
- Temperature extremes
- Bugs (biological)
- Electrical noise
- Lightning
- Vibration
- Humidity
- Water
- Environmental monitoring
- The Environment
- Preventing Accidents
- Food and drink
- 14. Physical Security for Servers
- Physical Access
- Raised floors and dropped ceilings
- Entrance through air ducts
- Glass walls
- Vandalism
- Ventilation holes
- Network cables
- Network connectors
- Defending Against Acts of War and Terrorism
- Preventing Theft
- Physically secure your computer
- RAM theft
- Encryption
- Laptops and portable computers
- Protecting Your Data
- Eavesdropping
- Wiretapping
- Eavesdropping over local area networks (Ethernet and twisted pair)
- Eavesdropping on 802.11 wireless LANs
- Eavesdropping by radio and using TEMPEST
- Fiber optic cable
- Keyboard monitors
- Eavesdropping
- Protecting Backups
- Verify your backups
- Protect your backups
- Sanitizing Media Before Disposal
- Sanitizing Printed Media
- Protecting Local Storage
- Printer buffers
- Printer output
- X terminals
- Function keys
- Unattended Terminals
- Built-in shell autologout
- Screensavers
- Key Switches
- Personnel
- Story: A Failed Site Inspection
- What We Found
- Fire hazards
- Potential for eavesdropping and data theft
- Easy pickings
- Physical access to critical computers
- Possibilities for sabotage
- What We Found
- Nothing to Lose?
- 15. Host Security for Servers
- Current Host Security Problems
- A Taxonomy of Attacks
- Frequency of Attack
- Understanding Your Adversaries
- Script kiddies
- Industrial spies
- Ideologues and national agents
- Organized crime
- Rogue employees and insurance fraud
- What the Attacker Wants
- Tools of the Attackers Trade
- Current Host Security Problems
- Securing the Host Computer
- Security Through Policy
- Keeping Abreast of Bugs and Flaws
- Choosing Your Vendor
- Installation I: Inventory Your System
- Installation II: Installing the Software and Patches
- Minimizing Risk by Minimizing Services
- Operating Securely
- Keep Abreast of New Vulnerabilities
- Logging
- Setting up a log server
- Logging on Unix
- Logging on Windows 2000
- Backups
- Using Security Tools
- Snapshot tools
- Change-detecting tools
- Network scanning programs
- Intrusion detection systems
- Virus scanners
- Network recording and logging tools
- Secure Remote Access and Content Updating
- The Risk of Password Sniffing
- Using Encryption to Protect Against Sniffing
- Secure Content Updating
- Dialup Modems
- Firewalls and the Web
- Types of Firewalls
- Protecting LANs with Firewalls
- Protecting Web Servers with Firewalls
- Conclusion
- 16. Securing Web Applications
- A Legacy of Extensibility and Risk
- Programs That Should Not Be CGIs
- Unintended Side Effects
- The problem with the script
- Fixing the problem
- A Legacy of Extensibility and Risk
- Rules to Code By
- General Principles for Writing Secure Scripts
- Securely Using Fields, Hidden Fields, and Cookies
- Using Fields Securely
- Hidden Fields and Compound URLs
- Using Cookies
- Using Cryptography to Strengthen Hidden Fields, Compound URLs, and Cookies
- Rules for Programming Languages
- Rules for Perl
- Rules for C
- Rules for the Unix Shell
- Using PHP Securely
- Introduction to PHP
- Controlling PHP
- Understanding PHP Security Issues
- PHP Installation Issues
- PHP Variables
- Attacks with global variables
- register_globals = off
- Database Authentication Credentials
- URL fopen( )
- Hide Your Scripts
- PHP Safe Mode
- Controlling safe mode
- Safe mode restrictions
- Writing Scripts That Run with Additional Privileges
- Connecting to Databases
- Protect Account Information
- Use Filtering and Quoting to Screen Out Raw SQL
- Protect the Database Itself
- Conclusion
- 17. Deploying SSL Server Certificates
- Planning for Your SSL Server
- Choosing a Server
- Deciding on the Private Key Store
- Server Certificates
- The SSL certificate format
- Planning for Your SSL Server
- Creating SSL Servers with FreeBSD
- History
- Obtaining the Programs
- Installing Apache and mod_ssl on FreeBSD
- Verifying the Initial Installation
- Signing Your Keys with Your Own Certification Authority
- The Apache mod_ssl configuration file
- Installing the key and certificate on the web server
- Installing the Nitroba CA certificate into Internet Explorer
- Installing the Nitroba CA certificate into Netscape Navigator
- Securing Other Services
- Installing an SSL Certificate on Microsoft IIS
- Obtaining a Certificate from a Commercial CA
- When Things Go Wrong
- Not Yet Valid and Expired Certificates
- Certificate Renewal
- Wrong Server Address
- 18. Securing Your Web Service
- Protecting Via Redundancy
- Price and Performance Versus Redundancy
- Providing for Redundancy
- Protecting Via Redundancy
- Protecting Your DNS
- Protecting Your Domain Registration
- 19. Computer Crime
- Your Legal Options After a Break-In
- Filing a Criminal Complaint
- Choosing jurisdiction
- Local jurisdiction
- Federal jurisdiction
- Filing a Criminal Complaint
- Federal Computer Crime Laws
- Hazards of Criminal Prosecution
- The Responsibility to Report Crime
- Your Legal Options After a Break-In
- Criminal Hazards
- Criminal Subject Matter
- Access Devices and Copyrighted Software
- Pornography, Indecency, and Obscenity
- Amateur Action
- Communications Decency Act
- Mandatory blocking
- Child pornography
- Devices that Circumvent Technical Measures that Control Access to Copyrighted Works
- Cryptographic Programs and Export Controls
- IV. Security for Content Providers
- 20. Controlling Access to Your Web Content
- Access Control Strategies
- Hidden URLs
- Host-Based Restrictions
- Using firewalls to implement host-based access control
- Caveats with host-based access control
- Identity-Based Access Controls
- Access Control Strategies
- 20. Controlling Access to Your Web Content
- Controlling Access with Apache
- Enforcing Access Control Restrictions with the .htaccess File
- Enforcing Access Control Restrictions with the Web Servers Configuration File
- Commands Before the <Limit>. . . </Limit> Directive
- Commands Within the <Limit>. . . </Limit> Block
- <Limit> Examples
- Manually Setting Up Web Users and Passwords
- Advanced User Management
- Use a database
- Use RADIUS or LDAP
- Use PKI and digital certificates
- Controlling Access with Microsoft IIS
- Installing IIS
- Downloading and Installing the IIS Patches
- Controlling Access to IIS Web Pages
- Restricting Access to IIS Directories
- 21. Client-Side Digital Certificates
- Client Certificates
- Why Client Certificates?
- Support for Client-Side Digital Certificates
- Client Certificates
- A Tour of the VeriSign Digital ID Center
- Generating a VeriSign Digital ID
- Finding a Digital ID
- Revoking a Digital ID
- 22. Code Signing and Microsofts Authenticode
- Why Code Signing?
- Code Signing in Theory
- Code Signing Today
- Code Signing and Legal Restrictions on Cryptography
- Why Code Signing?
- Microsofts Authenticode Technology
- The Pledge
- Publishing with Authenticode
- The Authenticode SDK
- Making the certificate
- Adding the certificate to the store
- Signing a program
- Code signing from the command line
- Obtaining a Software Publishing Certificate
- Other Code Signing Methods
- 23. Pornography, Filtering Software, and Censorship
- Pornography Filtering
- Architectures for Filtering
- Problems with Filtering Software
- Pornography Filtering
- PICS
- What Is PICS?
- PICS Applications
- PICS and Censorship
- Access controls become tools for censorship
- Censoring the network
- RSACi
- Conclusion
- 24. Privacy Policies, Legislation, and P3P
- Policies That Protect Privacy and Privacy Policies
- The Code of Fair Information Practices
- OECD Guidelines
- Other National and International Regulations
- Voluntary Regulation Privacy Policies
- Seal programs
- FTC enforcement
- Notice, Choice, Access, and Security
- Policies That Protect Privacy and Privacy Policies
- Childrens Online Privacy Protection Act
- Prelude to Regulation
- COPPA Requirements
- Who must follow the COPPA Rule?
- Basic provisions of COPPA
- Verifiable parental consent
- COPPA exceptions
- Enforcement
- P3P
- P3P and PICS
- Support for P3P in Internet Explorer 6.0
- Conclusion
- 25. Digital Payments
- Charga-Plates, Diners Club, and Credit Cards
- A Very Short History of Credit
- Payment Cards in the United States
- The Interbank Payment Card Transaction
- The charge card check digit algorithm
- The charge slip
- Charge card fees
- Refunds and Charge-Backs
- Additional Authentication Mechanisms
- Using Credit Cards on the Internet
- Charga-Plates, Diners Club, and Credit Cards
- Internet-Based Payment Systems
- Virtual PIN
- Enrollment
- Purchasing
- Security and privacy
- Redux
- Virtual PIN
- DigiCash
- Enrollment
- Purchasing
- Security and privacy
- Redux
- CyberCash/CyberCoin
- Enrollment
- Purchasing
- Security and privacy
- Redux
- SET
- Two channels: one for the merchant, one for the bank
- Why SET failed
- Redux
- PayPal
- Sending money
- Security and financial integration
- Gator Wallet
- Microsoft Passport
- Other Payment Systems
- Smart cards
- Mondex
- How to Evaluate a Credit Card Payment System
- 26. Intellectual Property and Actionable Content
- Copyright
- Copyright Infringement
- Software Piracy and the SPA
- Warez
- Copyright
- Patents
- Trademarks
- Obtaining a Trademark
- Trademark Violations
- Domain Names and Trademarks
- Actionable Content
- Libel and Defamation
- Liability for Damage
- Protection Through Incorporation
- V. Appendixes
- A. Lessons from Vineyard.NET
- In the Beginning
- Planning and Preparation
- Lesson: Whenever you are pulling wires, pull more than you need.
- Lesson: Pull all your wires in a star configuration, from a central point out to each room, rather than daisy-chained from room to room. Wire both your computers and your telephone networks as stars. It makes it much easier to expand or rewire in the future.
- Lesson: Use centrally located punch-down blocks for computer and telephone networks.
- Lesson: Dont go overboard.
- Lesson: Plan your computer room carefully; you will have to live with its location for a long time.
- IP Connectivity
- Lesson: Set milestones and stick to them.
- Lesson: Get your facilities in order.
- Lesson: Test your facilities before going live.
- Lesson: Provide for backup facilities before, during, and after your transition.
- A. Lessons from Vineyard.NET
- Commercial Start-Up
- Working with the Phone Company
- Lesson: Design your systems to fail gracefully.
- Lesson: Know your phone company. Know its terminology, the right contact people, the phone numbers for internal organizations, and everything else you can find out.
- Working with the Phone Company
- Incorporating Vineyard.NET
- Initial Expansion
- Lesson: Build sensible business partnerships.
- Accounting Software
- Lesson: Make sure your programs are table-driven as often as possible.
- Lesson: Tailor your products for your customers.
- Lesson: Build systems that are extensible.
- Lesson: Automate everything you can.
- Lesson: Dont reinvent the wheel unless you can build a better wheel.
- Publicity and Privacy
- Lesson: Always be friendly to the press.
- Lesson: Never give out your home phone number.
- Lesson: It is very difficult to change a phone number. So pick your companys phone number early and use it consistently.
- Ongoing Operations
- Security Concerns
- Lesson: Dont run programs with a history of security problems.
- Lesson: Make frequent backups.
- Lesson: Limit logins to your servers.
- Lesson: Beware of TCP/IP spoofing.
- Lesson: Defeat packet sniffing.
- Lesson: Restrict logins.
- Lesson: Tighten up your system beyond manufacturer recommendations.
- Lesson: Remember, the free in free software refers to freedom.
- Security Concerns
- Phone Configuration and Billing Problems
- Credit Cards and ACH
- Lesson: If you have the time to write it, custom software always works better than what you can get off the shelf.
- Lesson: Live credit card numbers are dangerous.
- Lesson: Encrypt sensitive information and be careful with your decryption keys.
- Lesson: Log everything, and have lots of reports.
- Lesson: Explore a variety of payment systems.
- Lesson: Make it easy for your customers to save you money.
- Lesson: Have a backup supplier.
- Monitoring Software
- Lesson: Monitor your system.
- Redundancy and Wireless
- Linking Primary to Backup
- Building the Backup Site
- Failoverand Back!
- The Big Cash-Out
- Conclusion
- B. The SSL/TLS Protocol
- History
- TLS Record Layer
- SSL/TLS Protocols
- Handshake Protocol
- Alert Protocol
- ChangeCipherSpec Protocol
- SSL 3.0/TLS Handshake
- Sequence of Events
- 1. ClientHello
- 2. ServerHello
- 3. Server certificate
- 4. Server key exchange
- 5. Certificate Request
- 6. The server sends a ServerHelloDone (TLS only)
- 7. Client sends certificate
- 8. ClientKeyExchange
- 9. CertificateVerify
- 10. ChangeCipherSpec
- 11. Finished
- 12. Application Data
- Sequence of Events
- C. P3P: The Platform for Privacy Preferences Project
- How P3P Works
- Deploying P3P
- Creating a Privacy Policy
- Generating a P3P Policy and Policy Reference File
- Helping User Agents Find Your Policy Reference File
- Compact Policies
- Simple P3P-Enabled Web Site Example
- D. The PICS Specification
- Rating Services
- PICS Labels
- Labeled Documents
- Requesting PICS Labels by HTTP
- Requesting a Label from a Rating Service
- E. References
- Electronic References
- Mailing Lists
- Bugtraq
- CERT-advisory
- CIAC-notes and C-Notes
- Firewalls
- NTBugTraq
- NT-security
- RISKS
- Mailing Lists
- Usenet Groups
- Web Pages and FTP Repository
- Attrition.org
- CERIAS
- CIAC
- DigiCrime
- FIRST
- IETF
- Mozilla
- NIH
- NIST CSRC
- Princeton SIP
- Radius.Net Cryptography Archives
- RSA Data Security
- OpenSSL
- SecurityFocus
- System Administration, Networking, and Security (SANS) Institute
- World Wide Web Consortium (W3C)
- WWW Security
- Electronic References
- Software Resources
- chrootuid
- COPS (Computer Oracle and Password System)
- Kerberos
- MRTG
- portmap
- rsync
- SATAN
- SOCKS
- SSH
- Swatch
- tcpwrapper
- Tiger
- TIS Internet Firewall Toolkit
- Tripwire
- UDP Packet Relayer
- Paper References
- Computer Crime and Law
- Computer-Related Risks
- Computer Viruses and Programmed Threats
- Cryptography
- General Computer Security
- System Administration, Network Technology, and Security
- Network Technology
- Secure Programming
- Security and Networking
- Unix System Administration
- Windows System Administration
- Security Products and Services Information
- Miscellaneous References
- Index
- About the Authors
- Colophon
O'Reilly Media - inne książki
-
Keeping up with the Python ecosystem can be daunting. Its developer tooling doesn't provide the out-of-the-box experience native to languages like Rust and Go. When it comes to long-term project maintenance or collaborating with others, every Python project faces the same problem: how to build re...(203.15 zł najniższa cena z 30 dni)
207.64 zł
239.00 zł(-13%) -
Bringing a deep-learning project into production at scale is quite challenging. To successfully scale your project, a foundational understanding of full stack deep learning, including the knowledge that lies at the intersection of hardware, software, data, and algorithms, is required.This book il...(237.15 zł najniższa cena z 30 dni)
249.75 zł
289.00 zł(-14%) -
Frontend developers have to consider many things: browser compatibility, usability, performance, scalability, SEO, and other best practices. But the most fundamental aspect of creating websites is one that often falls short: accessibility. Accessibility is the cornerstone of any website, and if a...(194.65 zł najniższa cena z 30 dni)
207.20 zł
239.00 zł(-13%) -
In this insightful and comprehensive guide, Addy Osmani shares more than a decade of experience working on the Chrome team at Google, uncovering secrets to engineering effectiveness, efficiency, and team success. Engineers and engineering leaders looking to scale their effectiveness and drive tra...(118.15 zł najniższa cena z 30 dni)
121.29 zł
149.00 zł(-19%) -
Data modeling is the single most overlooked feature in Power BI Desktop, yet it's what sets Power BI apart from other tools on the market. This practical book serves as your fast-forward button for data modeling with Power BI, Analysis Services tabular, and SQL databases. It serves as a starting ...(194.65 zł najniższa cena z 30 dni)
206.44 zł
239.00 zł(-14%) -
C# is undeniably one of the most versatile programming languages available to engineers today. With this comprehensive guide, you'll learn just how powerful the combination of C# and .NET can be. Author Ian Griffiths guides you through C# 12.0 and .NET 8 fundamentals and techniques for building c...(228.65 zł najniższa cena z 30 dni)
249.84 zł
289.00 zł(-14%) -
Learn how to get started with Futures Thinking. With this practical guide, Phil Balagtas, founder of the Design Futures Initiative and the global Speculative Futures network, shows you how designers and futurists have made futures work at companies such as Atari, IBM, Apple, Disney, Autodesk, Luf...(152.15 zł najniższa cena z 30 dni)
155.30 zł
179.00 zł(-13%) -
Augmented Analytics isn't just another book on data and analytics; it's a holistic resource for reimagining the way your entire organization interacts with information to become insight-driven.Moving beyond traditional, limited ways of making sense of data, Augmented Analytics provides a dynamic,...(181.25 zł najniższa cena z 30 dni)
181.15 zł
219.00 zł(-17%) -
Learn how to prepare for—and pass—the Kubernetes and Cloud Native Associate (KCNA) certification exam. This practical guide serves as both a study guide and point of entry for practitioners looking to explore and adopt cloud native technologies. Adrián González Sánchez ...
Kubernetes and Cloud Native Associate (KCNA) Study Guide Kubernetes and Cloud Native Associate (KCNA) Study Guide
(169.14 zł najniższa cena z 30 dni)177.65 zł
209.00 zł(-15%) -
Python is an excellent way to get started in programming, and this clear, concise guide walks you through Python a step at a time—beginning with basic programming concepts before moving on to functions, data structures, and object-oriented design. This revised third edition reflects the gro...(148.67 zł najniższa cena z 30 dni)
148.56 zł
179.00 zł(-17%)
Dzieki opcji "Druk na żądanie" do sprzedaży wracają tytuły Grupy Helion, które cieszyły sie dużym zainteresowaniem, a których nakład został wyprzedany.
Dla naszych Czytelników wydrukowaliśmy dodatkową pulę egzemplarzy w technice druku cyfrowego.
Co powinieneś wiedzieć o usłudze "Druk na żądanie":
- usługa obejmuje tylko widoczną poniżej listę tytułów, którą na bieżąco aktualizujemy;
- cena książki może być wyższa od początkowej ceny detalicznej, co jest spowodowane kosztami druku cyfrowego (wyższymi niż koszty tradycyjnego druku offsetowego). Obowiązująca cena jest zawsze podawana na stronie WWW książki;
- zawartość książki wraz z dodatkami (płyta CD, DVD) odpowiada jej pierwotnemu wydaniu i jest w pełni komplementarna;
- usługa nie obejmuje książek w kolorze.
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka, którą chcesz zamówić pochodzi z końcówki nakładu. Oznacza to, że mogą się pojawić drobne defekty (otarcia, rysy, zagięcia).
Co powinieneś wiedzieć o usłudze "Końcówka nakładu":
- usługa obejmuje tylko książki oznaczone tagiem "Końcówka nakładu";
- wady o których mowa powyżej nie podlegają reklamacji;
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka drukowana
Oceny i opinie klientów: Web Security, Privacy & Commerce. 2nd Edition Simson Garfinkel, Gene Spafford (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.