Web Security, Privacy & Commerce. 2nd Edition
- Autorzy:
- Simson Garfinkel, Gene Spafford
- Promocja Przejdź
- Ocena:
- Bądź pierwszym, który oceni tę książkę
- Stron:
- 788
- Dostępne formaty:
-
ePubMobi
Opis książki: Web Security, Privacy & Commerce. 2nd Edition
Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites.Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers:
- Web technology--The technological underpinnings of the modern Internet and the cryptographic foundations of e-commerce are discussed, along with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key Infrastructure), and digital identification, including passwords, digital signatures, and biometrics.
- Web privacy and security for users--Learn the real risks to user privacy, including cookies, log files, identity theft, spam, web logs, and web bugs, and the most common risk, users' own willingness to provide e-commerce sites with personal information. Hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs are also covered.
- Web server security--Administrators and service providers discover how to secure their systems and web services. Topics include CGI, PHP, SSL certificates, law enforcement issues, and more.
- Web content security--Zero in on web publishing issues for content providers, including intellectual property, copyright and trademark issues, P3P and privacy policies, digital payments, client-side digital signatures, code signing, pornography filtering and PICS, and other controls on web content.
Wybrane bestsellery
-
Dowiesz się, jak inspirować, przyciągać i zatrzymywać przy sobie wspaniałych ludzi, pisać niezawodny biznesplan, identyfikować wymagania rynku, tworzyć wyróżniający się plan marketingowy, przywiązywać klientów do siebie i stale poprawiać ich obsługę. Nauczysz się szeregu prostych, praktycznych i ...
Stwórz teraz wspaniałą firmę! Siedem etapów na drodze do wysokich zysków Stwórz teraz wspaniałą firmę! Siedem etapów na drodze do wysokich zysków
(35.40 zł najniższa cena z 30 dni)38.35 zł
59.00 zł(-35%) -
Ta książka jest adresowana właśnie do Ciebie. Bo masz pomysł i czujesz, że mógłbyś go spieniężyć, tylko jeszcze nie wiesz jak. Bo dysponujesz wiedzą z zakresu technologii i potrafisz zgromadzić wokół siebie zespół projektowy. Bo wierzysz w siłę idei, ciężką pracę, skuteczność uporu i w to, że na ...
Stwórz jednorożca. Od idei po startup wart miliony. Wydanie II rozszerzone Stwórz jednorożca. Od idei po startup wart miliony. Wydanie II rozszerzone
(14.90 zł najniższa cena z 30 dni)14.90 zł
49.00 zł(-70%) -
Ta niezwykła książka została napisana przez założyciela i szefa pewnej firmy. Jest brutalnie szczera w opisie trudnych i bardzo trudnych problemów, które przytrafiają się kierownikom różnego szczebla. Nie ma tu złotych reguł, cudownych recept ani przechwałek, są za to wskazówki i podpowiedzi, dzi...
Najtrudniejsze w tym, co trudne. Prowadzenie biznesu, gdy nie ma prostych odpowiedzi Najtrudniejsze w tym, co trudne. Prowadzenie biznesu, gdy nie ma prostych odpowiedzi
(29.94 zł najniższa cena z 30 dni)32.43 zł
49.90 zł(-35%) -
Spełnienie jest czymś głębszym i trwalszym niż poczucie szczęścia. W życiu zawodowym szczęście przynoszą nam różne sprawy: awans, podwyżka, pomyślne ukończenie trudnego projektu. Szczęście jednak trwa krótko. Przynosi radość i satysfakcję, ale intensywność tych uczuć mija wraz z upływem czasu. Sp...
Znajdź swoje DLACZEGO. Droga do poczucia spełnienia i wewnętrznej motywacji Znajdź swoje DLACZEGO. Droga do poczucia spełnienia i wewnętrznej motywacji
(29.94 zł najniższa cena z 30 dni)32.43 zł
49.90 zł(-35%) -
Kluczowe wskaźniki efektywności (KPI). Tworzenie, wdrażanie i stosowanie Kluczowe wskaźniki efektywności (KPI). Tworzenie, wdrażanie i stosowanie
(47.40 zł najniższa cena z 30 dni)51.35 zł
79.00 zł(-35%) -
Якихось 10 років тому фрилансери вважалися «&...(19.76 zł najniższa cena z 30 dni)
19.76 zł
24.40 zł(-19%) -
Poznaj autentyczną historię i case study sukcesu. Filip Sobel w wieku 23 lat stworzył polski startup Staffly, który pozyskał miliony od inwestorów, posiada wielu płacących klientów, a sam produkt - testy osobowości w rekrutacji - cieszy się ogromnym zainteresowaniem. Sprawdź, jak Filip zdobył ...
Jak w wieku 23 lat zbudowałem startup warty 10 mln PLN? - praktyczne rady Jak w wieku 23 lat zbudowałem startup warty 10 mln PLN? - praktyczne rady
(9.90 zł najniższa cena z 30 dni)41.65 zł
49.00 zł(-15%) -
To trzecie, gruntownie uzupełnione wydanie świetnego podręcznika poświęconego metodzie Running Lean. W systematyczny i praktyczny sposób pokazano w nim, jak krok po kroku przekształcić pomysł w produkt, który będzie dopasowany do potrzeb rynku i dzięki temu zapewni płacących klientów. Znajdziesz ...
Metoda Running Lean. Iteracja od planu A do planu, który da Ci sukces. Wydanie III Metoda Running Lean. Iteracja od planu A do planu, który da Ci sukces. Wydanie III
(35.40 zł najniższa cena z 30 dni)38.35 zł
59.00 zł(-35%) -
W kursie tym przedstawiona jest wiedza praktyczna, jak tworzyć nowe produkty i usługi. Czytelnik dowie się, czym się one różnią i jak zarządzać ich wytwarzaniem. Czytelnik dowie się, w jaki sposób zbadać rynek jeszcze przed stworzeniem prototypu oraz jak wytworzyć produkt, który zacznie się sprze...
Praktyczny kurs tworzenie produktów i usług oraz zarządzanie produkcją Praktyczny kurs tworzenie produktów i usług oraz zarządzanie produkcją
-
Bez wątpienia założenie firmy wiąże się z dużym ryzykiem i sprawdzianem dla początkującego przedsiębiorcy. Czy przed tak ważnym egzaminem jest miejsce na test próbny? Jak najbardziej! Z poniższej publikacji dowiesz się więcej o tzw. firmie na próbę, czyli działalności nierejestrowan...
Ebooka "Web Security, Privacy & Commerce. 2nd Edition" przeczytasz na:
-
czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
-
systemach Windows, MacOS i innych
-
systemach Windows, Android, iOS, HarmonyOS
-
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi
Masz pytania? Zajrzyj do zakładki Pomoc »
Audiobooka "Web Security, Privacy & Commerce. 2nd Edition" posłuchasz:
-
w aplikacji Ebookpoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych
-
na dowolnych urządzeniach i aplikacjach obsługujących format MP3 (pliki spakowane w ZIP)
Masz pytania? Zajrzyj do zakładki Pomoc »
Kurs Video "Web Security, Privacy & Commerce. 2nd Edition" zobaczysz:
-
w aplikacjach Ebookpoint i Videopoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych z dostępem do najnowszej wersji Twojej przeglądarki internetowej
Szczegóły książki
- ISBN Ebooka:
- 978-14-493-0524-6, 9781449305246
- Data wydania ebooka:
- 2001-11-15 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@onepress.pl.
- Język publikacji:
- angielski
- Rozmiar pliku ePub:
- 6.8MB
- Rozmiar pliku Mobi:
- 15.2MB
- Kategorie:
Start-up
Spis treści książki
- Web Security, Privacy & Commerce, 2nd Edition
- Preface
- Web Security: Is Our Luck Running Out?
- Beyond the Point of No Return
- Building in Security
- Web Security: Is Our Luck Running Out?
- About This Book
- Organization of This Book
- What You Should Know
- Web Software Covered by This Book
- Preface
- Conventions Used in This Book
- Comments and Questions
- History and Acknowledgments
- Second Edition
- First Edition
- I. Web Technology
- 1. The Web Security Landscape
- The Web Security Problem
- Securing the Web Server
- Simplification of services
- Policing copyright
- Securing the Web Server
- Securing Information in Transit
- Securing the Users Computer
- The Web Security Problem
- 1. The Web Security Landscape
- Risk Analysis and Best Practices
- 2. The Architecture of the World Wide Web
- History and Terminology
- Building the Internet
- Packets and postcards
- Protocols
- Hosts, gateways, and firewalls
- The client/server model
- Building the Internet
- Weaving the Web
- History and Terminology
- A Packets Tour of the Web
- Booting Up Your PC
- PC to LAN to Internet
- Dialing up the Internet
- Connected by LAN
- The Walden Network
- The Domain Name Service
- How DNS works
- Engaging the Web
- Who Owns the Internet?
- Your Local Internet Service Provider
- Network Access Points and Metropolitan Area Exchanges
- Peering
- Transit
- The Root and Top-Level Nameservers
- Who runs the root?
- An example
- The Domain Registrars
- Internet Number Registries
- The Internet Corporation for Assigned Names and Numbers
- 3. Cryptography Basics
- Understanding Cryptography
- Roots of Cryptography
- Cryptography as a Dual-Use Technology
- A Cryptographic Example
- Cryptographic Algorithms and Functions
- Understanding Cryptography
- Symmetric Key Algorithms
- Cryptographic Strength of Symmetric Algorithms
- Key Length with Symmetric Key Algorithms
- Common Symmetric Key Algorithms
- Attacks on Symmetric Encryption Algorithms
- Key search (brute force) attacks
- Cryptanalysis
- Systems-based attacks
- Public Key Algorithms
- Uses of Public Key Encryption
- Encrypted messaging
- Digital signatures
- Uses of Public Key Encryption
- Attacks on Public Key Algorithms
- Key search attacks
- Analytic attacks
- Known versus published methods
- Message Digest Functions
- Message Digest Algorithms at Work
- Uses of Message Digest Functions
- HMAC
- Attacks on Message Digest Functions
- 4. Cryptography and the Web
- Cryptography and Web Security
- Roles for Cryptography
- Cryptography and Web Security
- Working Cryptographic Systems and Protocols
- Offline Encryption Systems
- PGP/OpenPGP
- S/MIME
- Offline Encryption Systems
- Online Cryptographic Protocols and Systems
- SSL
- PCT
- SET
- DNSSEC
- IPsec and IPv6
- Kerberos
- SSH
- What Cryptography Cant Do
- Legal Restrictions on Cryptography
- Cryptography and the Patent System
- The public key patents
- Other patented algorithms
- The outlook for patents
- Cryptography and the Patent System
- Cryptography and Trade Secret Law
- Regulation of Cryptography by International and National Law
- U.S. regulatory efforts and history
- The Digital Millennium Copyright Act
- International agreements on cryptography
- National regulations of cryptography throughout the world
- 5. Understanding SSL and TLS
- What Is SSL?
- SSL Versions
- SSL/TLS Features
- What Does SSL Really Protect?
- Digital Certificates
- SSL Implementations
- SSL Netscape
- SSLRef and Mozilla Network Security Services
- SSLeay and OpenSSL
- SSL Java
- SSL Performance
- What Is SSL?
- SSL: The Users Point of View
- Browser Preferences
- Navigator preferences
- Internet Explorer preferences
- Browser Preferences
- Browser Alerts
- 6. Digital Identification I: Passwords, Biometrics, and Digital Signatures
- Physical Identification
- The Need for Identification Today
- Paper-Based Identification Techniques
- Verifying identity with physical documents
- Reputation of the issuing organization
- Tamper-proofing the document
- Computer-Based Identification Techniques
- Password-based systems: something that you know
- Physical tokens: something that you have
- Biometrics: something that you are
- Location: someplace where you are
- Physical Identification
- Using Public Keys for Identification
- Replay Attacks
- Stopping Replay Attacks with Public Key Cryptography
- PGP public keys
- Creating and Storing the Private Key
- Creating a public key/private key pair with PGP
- Smart cards
- Real-World Public Key Examples
- Document Author Identification Using PGP
- CERT/CCs PGP signatures
- Obtaining CERT/CCs PGP key
- Verifying the PGP-signed file
- PGP certification
- Document Author Identification Using PGP
- Public Key Authentication Using SSH
- 7. Digital Identification II: Digital Certificates, CAs, and PKI
- Understanding Digital Certificates with PGP
- Certifying Your Own Key
- Certifying Other Peoples Keys: PGPs Web of Trust
- Trust and validity
- The Web of Trust and the key servers
- Key signing parties
- Understanding Digital Certificates with PGP
- Certification Authorities: Third-Party Registrars
- Certification Practices Statement (CPS)
- The X.509 v3 Certificate
- Exploring the X.509 v3 certificate
- Types of Certificates
- Minimal disclosure certificates
- Revocation
- Certificate revocation lists
- Real-time certificate validation
- Short-lived certificates
- Public Key Infrastructure
- Certification Authorities: Some History
- Internet Explorer Preinstalled Certificates
- Netscape Navigator Preinstalled Certificates
- Multiple Certificates for a Single CA
- Shortcomings of Todays CAs
- Lack of permanence for Certificate Policies field
- Inconsistencies for Subject and Issuer fields
- Unrealistic expiration dates
- Open Policy Issues
- Private Keys Are Not People
- Distinguished Names Are Not People
- There Are Too Many Robert Smiths
- Todays Digital Certificates Dont Tell Enough
- X.509 v3 Does Not Allow Selective Disclosure
- Digital Certificates Allow for Easy Data Aggregation
- How Many CAs Does Society Need?
- How Do You Loan a Key?
- Why Do These Questions Matter?
- Brad Biddle on Digital Signatures and E-SIGN
- E-SIGN and UETA
- Electronic contractingits more than just signatures!
- Signed writing requirements
- Proof
- II. Privacy and Security for Users
- 8. The Webs War on Your Privacy
- Understanding Privacy
- The Tort of Privacy
- Personal, Private, and Personally Identifiable Information
- Understanding Privacy
- User-Provided Information
- Log Files
- Retention and Rotation
- Web Logs
- Whats in a web log?
- The refer link field
- Obscuring web logs
- RADIUS Logs
- Mail Logs
- DNS Logs
- 8. The Webs War on Your Privacy
- Understanding Cookies
- The Cookie Protocol
- An example
- The Cookie Protocol
- Cookie Uses
- Cookie Jars
- Cookie Security
- Disabling Cookies
- Web Bugs
- Web Bugs on Web Pages
- Web Bugs in Email Messages and Word Files
- Uses of Web Bugs
- Conclusion
- 9. Privacy-Protecting Techniques
- Choosing a Good Service Provider
- Picking a Great Password
- Why Use Passwords?
- Bad Passwords: Open Doors
- Smoking Joes
- Good Passwords: Locked Doors
- Writing Down Passwords
- Strategies for Managing Multiple Usernames and Passwords
- Password classes
- Password bases
- Password rotation
- Password keepers
- Sharing Passwords
- Be careful when you share your password with others!
- Change your password when the person no longer needs it
- Resist social engineering attacks
- Beware of Password Sniffers and Stealers
- Password sniffers
- Keystroke recorders and keyboard sniffers
- Beware of public terminals
- Cleaning Up After Yourself
- Browser Cache
- Managing your cache with Internet Explorer
- Managing your cache with Netscape Navigator
- Browser Cache
- Cookies
- Crushing Internet Explorers cookies
- Crushing Netscapes cookies
- Browser History
- Clearing Internet Explorers browser history
- Clearing Netscape Navigators browser history
- Passwords, Form-Filling, and AutoComplete Settings
- Clearing AutoComplete with Internet Explorer
- Clearing sensitive information with Netscape Navigator
- Avoiding Spam and Junk Email
- Protect Your Email Address
- Use Address Munging
- Use an Antispam Service or Software
- Identity Theft
- Protecting Yourself From Identity Theft
- 10. Privacy-Protecting Technologies
- Blocking Ads and Crushing Cookies
- Local HTTP Proxies
- Using Ad Blockers
- Blocking Ads and Crushing Cookies
- Anonymous Browsing
- Simple Approaches to Protecting Your IP Address
- Anonymous Web Browsing Services
- Secure Email
- Hotmail, Yahoo Mail, and Other Web-Based Email Services
- Hushmail
- Omnivas Self-Destructing Email
- 11. Backups and Antitheft
- Using Backups to Protect Your Data
- Make Backups!
- Why Make Backups?
- What Should You Back Up?
- Types of Backups
- Guarding Against Media Failure
- How Long Should You Keep a Backup?
- Security for Backups
- Physical security for backups
- Write-protect your backups
- Data security for backups
- Legal Issues
- Deciding upon a Backup Strategy
- Using Backups to Protect Your Data
- Preventing Theft
- Understanding Computer Theft
- Locks
- Tagging
- Laptop Recovery Software and Services
- Awareness
- 12. Mobile Code I: Plug-Ins, ActiveX,and Visual Basic
- When Good Browsers Go Bad
- Card Shark
- David.exe
- The Chaos Quicken Checkout
- ILOVEYOU
- When Good Browsers Go Bad
- Helper Applications and Plug-ins
- The History of Helpers
- Getting the Plug-In
- Evaluating Plug-In Security
- Microsofts ActiveX
- The <OBJECT> Tag
- Authenticode
- Does Authenticode Work?
- Internet Exploder
- Risky Controls
- The Risks of Downloaded Code
- Programs That Spend Your Money
- Telephone billing records
- Electronic funds transfers
- Programs That Spend Your Money
- Programs That Violate Privacy and Steal Confidential Information
- A wealth of private data
- Signed Code Is Not Safe Code
- Signed Code Can Be Hijacked
- Reconstructing an Attack
- Recovering from an Attack
- Conclusion
- 13. Mobile Code II: Java, JavaScript, Flash, and Shockwave
- Java
- A Little Java Demonstration
- Javas History
- Java, the Language
- Java Safety
- Java Security
- Safety is not security
- Java Security Policy
- Internet Explorers security zones
- Setting Java policy in Microsoft Internet Explorer
- Setting Java policy in Netscape Navigator
- Java
- Java Security Problems
- JavaScript
- A Touch of JavaScript
- JavaScript Security Overview
- JavaScript Security Flaws
- JavaScript Denial-of-Service Attacks
- Cant break a running script
- Window system attacks
- CPU and stack attacks
- JavaScript Spoofing Attacks
- Spoofing username/password pop-ups with Java
- Spoofing browser status with JavaScript
- Mirror worlds
- Flash and Shockwave
- Conclusion
- III. Web Server Security
- 14. Physical Security for Servers
- Planning for the Forgotten Threats
- The Physical Security Plan
- The Disaster Recovery Plan
- Other Contingencies
- Planning for the Forgotten Threats
- Protecting Computer Hardware
- The Environment
- Fire
- Smoke
- Dust
- Earthquake
- Explosion
- Temperature extremes
- Bugs (biological)
- Electrical noise
- Lightning
- Vibration
- Humidity
- Water
- Environmental monitoring
- The Environment
- Preventing Accidents
- Food and drink
- 14. Physical Security for Servers
- Physical Access
- Raised floors and dropped ceilings
- Entrance through air ducts
- Glass walls
- Vandalism
- Ventilation holes
- Network cables
- Network connectors
- Defending Against Acts of War and Terrorism
- Preventing Theft
- Physically secure your computer
- RAM theft
- Encryption
- Laptops and portable computers
- Protecting Your Data
- Eavesdropping
- Wiretapping
- Eavesdropping over local area networks (Ethernet and twisted pair)
- Eavesdropping on 802.11 wireless LANs
- Eavesdropping by radio and using TEMPEST
- Fiber optic cable
- Keyboard monitors
- Eavesdropping
- Protecting Backups
- Verify your backups
- Protect your backups
- Sanitizing Media Before Disposal
- Sanitizing Printed Media
- Protecting Local Storage
- Printer buffers
- Printer output
- X terminals
- Function keys
- Unattended Terminals
- Built-in shell autologout
- Screensavers
- Key Switches
- Personnel
- Story: A Failed Site Inspection
- What We Found
- Fire hazards
- Potential for eavesdropping and data theft
- Easy pickings
- Physical access to critical computers
- Possibilities for sabotage
- What We Found
- Nothing to Lose?
- 15. Host Security for Servers
- Current Host Security Problems
- A Taxonomy of Attacks
- Frequency of Attack
- Understanding Your Adversaries
- Script kiddies
- Industrial spies
- Ideologues and national agents
- Organized crime
- Rogue employees and insurance fraud
- What the Attacker Wants
- Tools of the Attackers Trade
- Current Host Security Problems
- Securing the Host Computer
- Security Through Policy
- Keeping Abreast of Bugs and Flaws
- Choosing Your Vendor
- Installation I: Inventory Your System
- Installation II: Installing the Software and Patches
- Minimizing Risk by Minimizing Services
- Operating Securely
- Keep Abreast of New Vulnerabilities
- Logging
- Setting up a log server
- Logging on Unix
- Logging on Windows 2000
- Backups
- Using Security Tools
- Snapshot tools
- Change-detecting tools
- Network scanning programs
- Intrusion detection systems
- Virus scanners
- Network recording and logging tools
- Secure Remote Access and Content Updating
- The Risk of Password Sniffing
- Using Encryption to Protect Against Sniffing
- Secure Content Updating
- Dialup Modems
- Firewalls and the Web
- Types of Firewalls
- Protecting LANs with Firewalls
- Protecting Web Servers with Firewalls
- Conclusion
- 16. Securing Web Applications
- A Legacy of Extensibility and Risk
- Programs That Should Not Be CGIs
- Unintended Side Effects
- The problem with the script
- Fixing the problem
- A Legacy of Extensibility and Risk
- Rules to Code By
- General Principles for Writing Secure Scripts
- Securely Using Fields, Hidden Fields, and Cookies
- Using Fields Securely
- Hidden Fields and Compound URLs
- Using Cookies
- Using Cryptography to Strengthen Hidden Fields, Compound URLs, and Cookies
- Rules for Programming Languages
- Rules for Perl
- Rules for C
- Rules for the Unix Shell
- Using PHP Securely
- Introduction to PHP
- Controlling PHP
- Understanding PHP Security Issues
- PHP Installation Issues
- PHP Variables
- Attacks with global variables
- register_globals = off
- Database Authentication Credentials
- URL fopen( )
- Hide Your Scripts
- PHP Safe Mode
- Controlling safe mode
- Safe mode restrictions
- Writing Scripts That Run with Additional Privileges
- Connecting to Databases
- Protect Account Information
- Use Filtering and Quoting to Screen Out Raw SQL
- Protect the Database Itself
- Conclusion
- 17. Deploying SSL Server Certificates
- Planning for Your SSL Server
- Choosing a Server
- Deciding on the Private Key Store
- Server Certificates
- The SSL certificate format
- Planning for Your SSL Server
- Creating SSL Servers with FreeBSD
- History
- Obtaining the Programs
- Installing Apache and mod_ssl on FreeBSD
- Verifying the Initial Installation
- Signing Your Keys with Your Own Certification Authority
- The Apache mod_ssl configuration file
- Installing the key and certificate on the web server
- Installing the Nitroba CA certificate into Internet Explorer
- Installing the Nitroba CA certificate into Netscape Navigator
- Securing Other Services
- Installing an SSL Certificate on Microsoft IIS
- Obtaining a Certificate from a Commercial CA
- When Things Go Wrong
- Not Yet Valid and Expired Certificates
- Certificate Renewal
- Wrong Server Address
- 18. Securing Your Web Service
- Protecting Via Redundancy
- Price and Performance Versus Redundancy
- Providing for Redundancy
- Protecting Via Redundancy
- Protecting Your DNS
- Protecting Your Domain Registration
- 19. Computer Crime
- Your Legal Options After a Break-In
- Filing a Criminal Complaint
- Choosing jurisdiction
- Local jurisdiction
- Federal jurisdiction
- Filing a Criminal Complaint
- Federal Computer Crime Laws
- Hazards of Criminal Prosecution
- The Responsibility to Report Crime
- Your Legal Options After a Break-In
- Criminal Hazards
- Criminal Subject Matter
- Access Devices and Copyrighted Software
- Pornography, Indecency, and Obscenity
- Amateur Action
- Communications Decency Act
- Mandatory blocking
- Child pornography
- Devices that Circumvent Technical Measures that Control Access to Copyrighted Works
- Cryptographic Programs and Export Controls
- IV. Security for Content Providers
- 20. Controlling Access to Your Web Content
- Access Control Strategies
- Hidden URLs
- Host-Based Restrictions
- Using firewalls to implement host-based access control
- Caveats with host-based access control
- Identity-Based Access Controls
- Access Control Strategies
- 20. Controlling Access to Your Web Content
- Controlling Access with Apache
- Enforcing Access Control Restrictions with the .htaccess File
- Enforcing Access Control Restrictions with the Web Servers Configuration File
- Commands Before the <Limit>. . . </Limit> Directive
- Commands Within the <Limit>. . . </Limit> Block
- <Limit> Examples
- Manually Setting Up Web Users and Passwords
- Advanced User Management
- Use a database
- Use RADIUS or LDAP
- Use PKI and digital certificates
- Controlling Access with Microsoft IIS
- Installing IIS
- Downloading and Installing the IIS Patches
- Controlling Access to IIS Web Pages
- Restricting Access to IIS Directories
- 21. Client-Side Digital Certificates
- Client Certificates
- Why Client Certificates?
- Support for Client-Side Digital Certificates
- Client Certificates
- A Tour of the VeriSign Digital ID Center
- Generating a VeriSign Digital ID
- Finding a Digital ID
- Revoking a Digital ID
- 22. Code Signing and Microsofts Authenticode
- Why Code Signing?
- Code Signing in Theory
- Code Signing Today
- Code Signing and Legal Restrictions on Cryptography
- Why Code Signing?
- Microsofts Authenticode Technology
- The Pledge
- Publishing with Authenticode
- The Authenticode SDK
- Making the certificate
- Adding the certificate to the store
- Signing a program
- Code signing from the command line
- Obtaining a Software Publishing Certificate
- Other Code Signing Methods
- 23. Pornography, Filtering Software, and Censorship
- Pornography Filtering
- Architectures for Filtering
- Problems with Filtering Software
- Pornography Filtering
- PICS
- What Is PICS?
- PICS Applications
- PICS and Censorship
- Access controls become tools for censorship
- Censoring the network
- RSACi
- Conclusion
- 24. Privacy Policies, Legislation, and P3P
- Policies That Protect Privacy and Privacy Policies
- The Code of Fair Information Practices
- OECD Guidelines
- Other National and International Regulations
- Voluntary Regulation Privacy Policies
- Seal programs
- FTC enforcement
- Notice, Choice, Access, and Security
- Policies That Protect Privacy and Privacy Policies
- Childrens Online Privacy Protection Act
- Prelude to Regulation
- COPPA Requirements
- Who must follow the COPPA Rule?
- Basic provisions of COPPA
- Verifiable parental consent
- COPPA exceptions
- Enforcement
- P3P
- P3P and PICS
- Support for P3P in Internet Explorer 6.0
- Conclusion
- 25. Digital Payments
- Charga-Plates, Diners Club, and Credit Cards
- A Very Short History of Credit
- Payment Cards in the United States
- The Interbank Payment Card Transaction
- The charge card check digit algorithm
- The charge slip
- Charge card fees
- Refunds and Charge-Backs
- Additional Authentication Mechanisms
- Using Credit Cards on the Internet
- Charga-Plates, Diners Club, and Credit Cards
- Internet-Based Payment Systems
- Virtual PIN
- Enrollment
- Purchasing
- Security and privacy
- Redux
- Virtual PIN
- DigiCash
- Enrollment
- Purchasing
- Security and privacy
- Redux
- CyberCash/CyberCoin
- Enrollment
- Purchasing
- Security and privacy
- Redux
- SET
- Two channels: one for the merchant, one for the bank
- Why SET failed
- Redux
- PayPal
- Sending money
- Security and financial integration
- Gator Wallet
- Microsoft Passport
- Other Payment Systems
- Smart cards
- Mondex
- How to Evaluate a Credit Card Payment System
- 26. Intellectual Property and Actionable Content
- Copyright
- Copyright Infringement
- Software Piracy and the SPA
- Warez
- Copyright
- Patents
- Trademarks
- Obtaining a Trademark
- Trademark Violations
- Domain Names and Trademarks
- Actionable Content
- Libel and Defamation
- Liability for Damage
- Protection Through Incorporation
- V. Appendixes
- A. Lessons from Vineyard.NET
- In the Beginning
- Planning and Preparation
- Lesson: Whenever you are pulling wires, pull more than you need.
- Lesson: Pull all your wires in a star configuration, from a central point out to each room, rather than daisy-chained from room to room. Wire both your computers and your telephone networks as stars. It makes it much easier to expand or rewire in the future.
- Lesson: Use centrally located punch-down blocks for computer and telephone networks.
- Lesson: Dont go overboard.
- Lesson: Plan your computer room carefully; you will have to live with its location for a long time.
- IP Connectivity
- Lesson: Set milestones and stick to them.
- Lesson: Get your facilities in order.
- Lesson: Test your facilities before going live.
- Lesson: Provide for backup facilities before, during, and after your transition.
- A. Lessons from Vineyard.NET
- Commercial Start-Up
- Working with the Phone Company
- Lesson: Design your systems to fail gracefully.
- Lesson: Know your phone company. Know its terminology, the right contact people, the phone numbers for internal organizations, and everything else you can find out.
- Working with the Phone Company
- Incorporating Vineyard.NET
- Initial Expansion
- Lesson: Build sensible business partnerships.
- Accounting Software
- Lesson: Make sure your programs are table-driven as often as possible.
- Lesson: Tailor your products for your customers.
- Lesson: Build systems that are extensible.
- Lesson: Automate everything you can.
- Lesson: Dont reinvent the wheel unless you can build a better wheel.
- Publicity and Privacy
- Lesson: Always be friendly to the press.
- Lesson: Never give out your home phone number.
- Lesson: It is very difficult to change a phone number. So pick your companys phone number early and use it consistently.
- Ongoing Operations
- Security Concerns
- Lesson: Dont run programs with a history of security problems.
- Lesson: Make frequent backups.
- Lesson: Limit logins to your servers.
- Lesson: Beware of TCP/IP spoofing.
- Lesson: Defeat packet sniffing.
- Lesson: Restrict logins.
- Lesson: Tighten up your system beyond manufacturer recommendations.
- Lesson: Remember, the free in free software refers to freedom.
- Security Concerns
- Phone Configuration and Billing Problems
- Credit Cards and ACH
- Lesson: If you have the time to write it, custom software always works better than what you can get off the shelf.
- Lesson: Live credit card numbers are dangerous.
- Lesson: Encrypt sensitive information and be careful with your decryption keys.
- Lesson: Log everything, and have lots of reports.
- Lesson: Explore a variety of payment systems.
- Lesson: Make it easy for your customers to save you money.
- Lesson: Have a backup supplier.
- Monitoring Software
- Lesson: Monitor your system.
- Redundancy and Wireless
- Linking Primary to Backup
- Building the Backup Site
- Failoverand Back!
- The Big Cash-Out
- Conclusion
- B. The SSL/TLS Protocol
- History
- TLS Record Layer
- SSL/TLS Protocols
- Handshake Protocol
- Alert Protocol
- ChangeCipherSpec Protocol
- SSL 3.0/TLS Handshake
- Sequence of Events
- 1. ClientHello
- 2. ServerHello
- 3. Server certificate
- 4. Server key exchange
- 5. Certificate Request
- 6. The server sends a ServerHelloDone (TLS only)
- 7. Client sends certificate
- 8. ClientKeyExchange
- 9. CertificateVerify
- 10. ChangeCipherSpec
- 11. Finished
- 12. Application Data
- Sequence of Events
- C. P3P: The Platform for Privacy Preferences Project
- How P3P Works
- Deploying P3P
- Creating a Privacy Policy
- Generating a P3P Policy and Policy Reference File
- Helping User Agents Find Your Policy Reference File
- Compact Policies
- Simple P3P-Enabled Web Site Example
- D. The PICS Specification
- Rating Services
- PICS Labels
- Labeled Documents
- Requesting PICS Labels by HTTP
- Requesting a Label from a Rating Service
- E. References
- Electronic References
- Mailing Lists
- Bugtraq
- CERT-advisory
- CIAC-notes and C-Notes
- Firewalls
- NTBugTraq
- NT-security
- RISKS
- Mailing Lists
- Usenet Groups
- Web Pages and FTP Repository
- Attrition.org
- CERIAS
- CIAC
- DigiCrime
- FIRST
- IETF
- Mozilla
- NIH
- NIST CSRC
- Princeton SIP
- Radius.Net Cryptography Archives
- RSA Data Security
- OpenSSL
- SecurityFocus
- System Administration, Networking, and Security (SANS) Institute
- World Wide Web Consortium (W3C)
- WWW Security
- Electronic References
- Software Resources
- chrootuid
- COPS (Computer Oracle and Password System)
- Kerberos
- MRTG
- portmap
- rsync
- SATAN
- SOCKS
- SSH
- Swatch
- tcpwrapper
- Tiger
- TIS Internet Firewall Toolkit
- Tripwire
- UDP Packet Relayer
- Paper References
- Computer Crime and Law
- Computer-Related Risks
- Computer Viruses and Programmed Threats
- Cryptography
- General Computer Security
- System Administration, Network Technology, and Security
- Network Technology
- Secure Programming
- Security and Networking
- Unix System Administration
- Windows System Administration
- Security Products and Services Information
- Miscellaneous References
- Index
- About the Authors
- Colophon
O'Reilly Media - inne książki
-
Decentralized finance (DeFi) is a rapidly growing field in fintech, having grown from $700 million to $100 billion over the past three years alone. But the lack of reliable information makes this area both risky and murky. In this practical book, experienced securities attorney Alexandra Damsker ...(203.15 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%) -
Analytics projects are frequently long, drawn-out affairs, requiring multiple teams and skills to clean, join, and eventually turn data into analysis for timely decision-making. Alteryx Designer changes all of that. With this low-code, self-service, drag-and-drop workflow platform, new and experi...(245.65 zł najniższa cena z 30 dni)
245.65 zł
289.00 zł(-15%) -
Effective, repeatable, and insightful analytics are key to ROI in customer relationship management systems. Many organizations, however, lack the automated reporting tools they need to run their businesses and instead choose to massage the data in Excel. But there's a better way. Salesforce's sta...(203.15 zł najniższa cena z 30 dni)
211.65 zł
249.00 zł(-15%) -
Slow systems are frustrating. They waste time and money. But making consistently great decisions about performance can be easy, if you understand what's going on. This book explains in a clear and thoughtful voice why systems perform the way they do. It's for anybody who's curious about how compu...(169.14 zł najniższa cena z 30 dni)
177.65 zł
209.00 zł(-15%) -
If you're planning, building, or implementing a cloud strategy that supports digitalization for your financial services business, this invaluable guide clearly sets out the crucial factors and questions to consider first. With it, you'll learn how to avoid the costly and time-consuming pitfalls a...
Digitalization of Financial Services in the Age of Cloud Digitalization of Financial Services in the Age of Cloud
(143.65 zł najniższa cena z 30 dni)143.65 zł
169.00 zł(-15%) -
Digital transformation has accelerated nearly tenfold in recent years as both a business and technology journey. Yet, most white papers and how-to guides still focus solely on the business side, rather than include methods for optimizing the technology behind it. This handbook shows CIOs, IT dire...(126.65 zł najniższa cena z 30 dni)
126.65 zł
149.00 zł(-15%) -
Product management has become a critical function for modern organizations, from small startups to corporate enterprises. And yet, the day-to-day work of product management remains largely misunderstood. In theory, product managers are high-flying visionaries who build products that people love. ...(126.65 zł najniższa cena z 30 dni)
126.65 zł
149.00 zł(-15%) -
NLP has exploded in popularity over the last few years. But while Google, Facebook, OpenAI, and others continue to release larger language models, many teams still struggle with building NLP applications that live up to the hype. This hands-on guide helps you get up to speed on the latest and mos...
Applied Natural Language Processing in the Enterprise Applied Natural Language Processing in the Enterprise
(228.65 zł najniższa cena z 30 dni)237.15 zł
279.00 zł(-15%) -
Most of the high-profile cases of real or perceived unethical activity in data science aren’t matters of bad intent. Rather, they occur because the ethics simply aren’t thought through well enough. Being ethical takes constant diligence, and in many situations identifying the right ch...
97 Things About Ethics Everyone in Data Science Should Know 97 Things About Ethics Everyone in Data Science Should Know
(143.65 zł najniższa cena z 30 dni)143.65 zł
169.00 zł(-15%) -
If you want to build an enterprise-quality application that uses natural language text but aren’t sure where to begin or what tools to use, this practical guide will help get you started. Alex Thomas, principal data scientist at Wisecube, shows software engineers and data scientists how to ...
Natural Language Processing with Spark NLP. Learning to Understand Text at Scale Natural Language Processing with Spark NLP. Learning to Understand Text at Scale
(211.65 zł najniższa cena z 30 dni)220.15 zł
259.00 zł(-15%)
Dzieki opcji "Druk na żądanie" do sprzedaży wracają tytuły Grupy Helion, które cieszyły sie dużym zainteresowaniem, a których nakład został wyprzedany.
Dla naszych Czytelników wydrukowaliśmy dodatkową pulę egzemplarzy w technice druku cyfrowego.
Co powinieneś wiedzieć o usłudze "Druk na żądanie":
- usługa obejmuje tylko widoczną poniżej listę tytułów, którą na bieżąco aktualizujemy;
- cena książki może być wyższa od początkowej ceny detalicznej, co jest spowodowane kosztami druku cyfrowego (wyższymi niż koszty tradycyjnego druku offsetowego). Obowiązująca cena jest zawsze podawana na stronie WWW książki;
- zawartość książki wraz z dodatkami (płyta CD, DVD) odpowiada jej pierwotnemu wydaniu i jest w pełni komplementarna;
- usługa nie obejmuje książek w kolorze.
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka, którą chcesz zamówić pochodzi z końcówki nakładu. Oznacza to, że mogą się pojawić drobne defekty (otarcia, rysy, zagięcia).
Co powinieneś wiedzieć o usłudze "Końcówka nakładu":
- usługa obejmuje tylko książki oznaczone tagiem "Końcówka nakładu";
- wady o których mowa powyżej nie podlegają reklamacji;
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka drukowana
Oceny i opinie klientów: Web Security, Privacy & Commerce. 2nd Edition Simson Garfinkel, Gene Spafford (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.