did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780596000455

Web Security, Privacy, and Commerce

by ;
  • ISBN13:

    9780596000455

  • ISBN10:

    0596000456

  • Edition: 2nd
  • Format: Paperback
  • Copyright: 2001-11-01
  • Publisher: Oreilly & Associates Inc

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $49.99 Save up to $20.00
  • Rent Book $29.99
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 24-48 HOURS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Summary

Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites.Web Security, Privacy & Commercegoes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers: Web technology--The technological underpinnings of the modern Internet and the cryptographic foundations of e-commerce are discussed, along with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key Infrastructure), and digital identification, including passwords, digital signatures, and biometrics. Web privacy and security for users--Learn the real risks to user privacy, including cookies, log files, identity theft, spam, web logs, and web bugs, and the most common risk, users' own willingness to provide e-commerce sites with personal information. Hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs are also covered. Web server security--Administrators and service providers discover how to secure their systems and web services. Topics include CGI, PHP, SSL certificates, law enforcement issues, and more. Web content security--Zero in on web publishing issues for content providers, including intellectual property, copyright and trademark issues, P3P and privacy policies, digital payments, client-side digital signatures, code signing, pornography filtering and PICS, and other controls on web content.Nearly double the size of the first edition, this completely updated volume is destined to be the definitive reference on Web security risks and the techniques and technologies you can use to protect your privacy, your organization, your system, and your network.

Author Biography

Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science.

Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly).

Table of Contents

Preface xi
Part I. Web Technology
The Web Security Landscape
3(10)
The Web Security Problem
3(7)
Risk Analysis and Best Practices
10(3)
The Architecture of the World Wide Web
13(33)
History and Terminology
13(7)
A Packet's Tour of the Web
20(13)
Who Owns the Internet?
33(13)
Cryptography Basics
46(32)
Understanding Cryptography
46(7)
Symmetric Key Algorithms
53(12)
Public Key Algorithms
65(6)
Message Digest Functions
71(7)
Cryptography and the Web
78(29)
Cryptography and Web Security
78(3)
Working Cryptographic Systems and Protocols
81(7)
What Cryptography Can't Do
88(2)
Legal Restrictions on Cryptography
90(17)
Understanding SSL and TLS
107(12)
What Is SSL?
107(8)
SSL: The User's Point of View
115(4)
Digital Identification I: Passwords, Biometrics, and Digital Signatures
119(34)
Physical Identification
119(11)
Using Public Keys for Identification
130(10)
Real-World Public Key Examples
140(13)
Digital Identification II: Digital Certificates, CAs, and PKI
153(50)
Understanding Digital Certificates with PGP
153(7)
Certification Authorities: Third-Party Registrars
160(14)
Public Key Infrastructure
174(13)
Open Policy Issues
187(16)
Part II. Privacy and Security for Users
The Web's War on Your Privacy
203(27)
Understanding Privacy
204(3)
User-Provided Information
207(3)
Log Files
210(6)
Understanding Cookies
216(9)
Web Bugs
225(4)
Conclusion
229(1)
Privacy-Protecting Techniques
230(32)
Choosing a Good Service Provider
230(1)
Picking a Great Password
231(11)
Cleaning Up After Yourself
242(10)
Avoiding Spam and Junk Email
252(4)
Identity Theft
256(6)
Privacy-Protecting Technologies
262(22)
Blocking Ads and Crushing Cookies
262(6)
Anonymous Browsing
268(7)
Secure Email
275(9)
Backups and Antitheft
284(14)
Using Backups to Protect Your Data
284(11)
Preventing Theft
295(3)
Mobile Code I: Plug-Ins, ActiveX, and Visual Basic
298(29)
When Good Browsers Go Bad
299(5)
Helper Aplications and Plug-ins
304(4)
Microsoft's ActiveX
308(10)
The Risks of Downloaded Code
318(8)
Conclusion
326(1)
Mobile Code II: Java, JavaScript, Flash, and Shockwave
327(36)
Java
327(19)
JavaScript
346(12)
Flash and Shockwave
358(1)
Conclusion
359(4)
Part III. Web Server Security
Physical Security for Servers
363(33)
Planning for the Forgotten Threats
363(3)
Protecting Computer Hardware
366(15)
Protecting Your Data
381(11)
Personnel
392(1)
Story: A Failed Site Inspection
392(4)
Host Security for Servers
396(39)
Current Host Security Problems
397(8)
Securing the Host Computer
405(6)
Minimizing Risk by Minimizing Services
411(2)
Operating Securely
413(10)
Secure Remote Access and Content Updating
423(8)
Firewalls and the Web
431(2)
Conclusion
433(2)
Securing Web Applications
435(37)
A Legacy of Extensibility and Risk
435(8)
Rules to Code By
443(5)
Securely Using Fields, Hidden Fields, and Cookies
448(6)
Rules for Programming Languages
454(3)
Using PHP Securely
457(10)
Writing Scripts That Run with Additional Privileges
467(1)
Connecting to Databases
468(3)
Conclusion
471(1)
Deploying SSL Server Certificates
472(38)
Planning for Your SSL Server
472(5)
Creating SSL Servers with FreeBSD
477(24)
Installing an SSL Certificate on Microsoft IIS
501(2)
Obtaining a Certificate from a Commercial CA
503(3)
When Things Go Wrong
506(4)
Securing Your Web Service
510(7)
Protecting Via Redundancy
510(4)
Protecting Your DNS
514(1)
Protecting Your Domain Registration
515(2)
Computer Crime
517(16)
Your Legal Options After a Break-In
517(6)
Criminal Hazards
523(3)
Criminal Subject Matter
526(7)
Part IV. Security for Content Providers
Controlling Access to Your Web Content
533(17)
Access Control Strategies
533(5)
Controlling Access with Apache
538(7)
Controlling Access with Microsoft IIS
545(5)
Client-Side Digital Certificates
550(10)
Client Certificates
550(3)
A Tour of the Veri Sign Digital ID Center
553(7)
Code Signing and Microsoft's Authenticode
560(19)
Why Code Signing?
560(4)
Microsoft's Authenticode Technology
564(13)
Obtaining a Software Publishing Certificate
577(1)
Other Code Signing Methods
577(2)
Pornography, Filtering Software, and Censorship
579(13)
Pornography Filtering
579(3)
PICS
582(7)
RSACi
589(2)
Conclusion
591(1)
Privacy Policies, Legislation, and P3P
592(18)
Policies That Protect Privacy and Privacy Policies
592(9)
Children's Online Privacy Protection Act
601(5)
P3P
606(3)
Conclusion
609(1)
Digital Payments
610(32)
Charga-Plates, Diners Club, and Credit Cards
610(10)
Internet-Based Payment Systems
620(20)
How to Evaluate a Credit Card Payment System
640(2)
Intellectual Property and Actionable Content
642(93)
Copyright
642(3)
Patents
645(1)
Trademarks
646(4)
Actionable Content
650(5)
Part V. Appendixes
A. Lessons from Vineyard.NET
655(33)
B. The SSL/TLS Protocol
688(11)
C. P3P: The Platform for Privacy Preferences Project
699(9)
D. The PICS Specification
708(8)
E. References
716(19)
Index 735

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program