Web Security, Privacy & Commerce, 2/e (Paperback)

Simson Garfinkel

  • 出版商: O'Reilly
  • 出版日期: 2001-12-25
  • 定價: $1,650
  • 售價: 6.0$990
  • 語言: 英文
  • 頁數: 800
  • 裝訂: Paperback
  • ISBN: 0596000456
  • ISBN-13: 9780596000455
  • 相關分類: 資訊安全
  • 立即出貨(限量)

買這商品的人也買了...

商品描述

Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites.

Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers:

  • Web technology--The technological underpinnings of the modern Internet and the cryptographic foundations of e-commerce are discussed, along with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key Infrastructure), and digital identification, including passwords, digital signatures, and biometrics.
  • Web privacy and security for users--Learn the real risks to user privacy, including cookies, log files, identity theft, spam, web logs, and web bugs, and the most common risk, users' own willingness to provide e-commerce sites with personal information. Hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs are also covered.
  • Web server security--Administrators and service providers discover how to secure their systems and web services. Topics include CGI, PHP, SSL certificates, law enforcement issues, and more.
  • Web content security--Zero in on web publishing issues for content providers, including intellectual property, copyright and trademark issues, P3P and privacy policies, digital payments, client-side digital signatures, code signing, pornography filtering and PICS, and other controls on web content.



Nearly double the size of the first edition, this completely updated volume is destined to be the definitive reference on Web security risks and the techniques and technologies you can use to protect your privacy, your organization, your system, and your network.

Table of Contents

Preface

Part I. Web Technology

1. The Web Security Landscape
     The Web Security Problem
     Risk Analysis and Best Practices

2. The Architecture of the World Wide Web
     History and Terminology
     A Packet's Tour of the Web
     Who Owns the Internet?

3. Cryptography Basics
     Understanding Cryptography
     Symmetric Key Algorithms
     Public Key Algorithms
     Message Digest Functions

4. Cryptography and the Web
     Cryptography and Web Security
     Working Cryptographic Systems and Protocols
     What Cryptography Can't Do
     Legal Restrictions on Cryptography

5. Understanding SSL and TLS
     What Is SSL?
     SSL: The User's Point of View

6. Digital Identification I: Passwords, Biometrics, and Digital Signatures
     Physical Identification
     Using Public Keys for Identification
     Real-World Public Key Examples

7. Digital Identification II: Digital Certificates, CAs, and PKI
     Understanding Digital Certificates with PGP
     Certification Authorities: Third-Party Registrars
     Public Key Infrastructure
     Open Policy Issues

Part II. Privacy and Security for Users

8. The Web's War on Your Privacy
     Understanding Privacy
     User-Provided Information
     Log Files
     Understanding Cookies
     Web Bugs
     Conclusion

9. Privacy-Protecting Techniques
     Choosing a Good Service Provider
     Picking a Great Password
     Cleaning Up After Yourself
     Avoiding Spam and Junk Email
     Identity Theft

10. Privacy-Protecting Technologies
     Blocking Ads and Crushing Cookies
     Anonymous Browsing
     Secure Email

11. Backups and Antitheft
     Using Backups to Protect Your Data
     Preventing Theft

12. Mobile Code I: Plug-Ins, ActiveX, and Visual Basic
     When Good Browsers Go Bad
     Helper Applications and Plug-ins
     Microsoft's ActiveX
     The Risks of Downloaded Code
     Conclusion

13. Mobile Code II: Java, JavaScript, Flash, and Shockwave
     Java
     JavaScript
     Flash and Shockwave
     Conclusion

Part III. Web Server Security

14. Physical Security for Servers
     Planning for the Forgotten Threats
     Protecting Computer Hardware
     Protecting Your Data
     Personnel
     Story: A Failed Site Inspection

15. Host Security for Servers
     Current Host Security Problems
     Securing the Host Computer
     Minimizing Risk by Minimizing Services
     Operating Securely
     Secure Remote Access and Content Updating
     Firewalls and the Web
     Conclusion

16. Securing Web Applications
     A Legacy of Extensibility and Risk
     Rules to Code By
     Securely Using Fields, Hidden Fields, and Cookies
     Rules for Programming Languages
     Using PHP Securely
     Writing Scripts That Run with Additional Privileges
     Connecting to Databases
     Conclusion

17. Deploying SSL Server Certificates
     Planning for Your SSL Server
     Creating SSL Servers with FreeBSD
     Installing an SSL Certificate on Microsoft IIS
     Obtaining a Certificate from a Commercial CA
     When Things Go Wrong

18. Securing Your Web Service
     Protecting Via Redundancy
     Protecting Your DNS
     Protecting Your Domain Registration

19. Computer Crime
     Your Legal Options After a Break-In
     Criminal Hazards
     Criminal Subject Matter

Part IV. Security for Content Providers

20. Controlling Access to Your Web Content
     Access Control Strategies
     Controlling Access with Apache
     Controlling Access with Microsoft IIS

21. Client-Side Digital Certificates
     Client Certificates
     A Tour of the VeriSign Digital ID Center

22. Code Signing and Microsoft's Authenticode
     Why Code Signing?
     Microsoft's Authenticode Technology
     Obtaining a Software Publishing Certificate
     Other Code Signing Methods

23. Pornography, Filtering Software, and Censorship
     Pornography Filtering
     PICS
     RSACi
     Conclusion

24. Privacy Policies, Legislation, and P3P
     Policies That Protect Privacy and Privacy Policies
     Children's Online Privacy Protection Act
     P3P
     Conclusion

25. Digital Payments
     Charga-Plates, Diners Club, and Credit Cards
     Internet-Based Payment Systems
     How to Evaluate a Credit Card Payment System

26. Intellectual Property and Actionable Content
     Copyright
     Patents
     Trademarks
     Actionable Content

Part V. Appendixes

A. Lessons from Vineyard.NET

B. The SSL/TLS Protocol

C. P3P: The Platform for Privacy Preferences Project

D. The PICS Specification

E. References

Index

商品描述(中文翻譯)

自從這本經典參考書的第一版出版以來,全球資訊網的使用已經爆炸性增長,電子商務已成為商業和個人生活的日常一部分。隨著網絡使用的增長,我們的安全和隱私威脅也越來越多,從信用卡詐騙到營銷人員對隱私的例行侵犯,再到網站遭到破壞以及關閉熱門網站的攻擊。《網絡安全、隱私和商業》深入探討這些問題,解釋了我們如何將風險降到最低。書中詳細介紹了Windows和Unix、Microsoft Internet Explorer和Netscape Navigator以及各種當前的程式和產品的風險。該書包括以下內容:

- 網絡技術:討論現代互聯網的技術基礎和電子商務的加密基礎,包括SSL(安全套接層)、PKI(公鑰基礎設施)的重要性,以及密碼、數字簽名和生物識別等數字識別方法。
- 用戶的網絡隱私和安全:了解用戶隱私的真正風險,包括cookie、日誌文件、身份盜竊、垃圾郵件、網絡日誌和網絡漏洞,以及最常見的風險,即用戶自願向電子商務網站提供個人信息。書中還介紹了插件、ActiveX控件、Java小程序和JavaScript、Flash和Shockwave程序中的惡意移動代碼。
- 網絡服務器安全:管理員和服務提供商了解如何保護他們的系統和網絡服務。主題包括CGI、PHP、SSL證書、執法問題等。
- 網絡內容安全:針對內容提供商的網絡發布問題,包括知識產權、版權和商標問題、P3P和隱私政策、數字支付、客戶端數字簽名、代碼簽名、色情篩選和PICS以及其他網絡內容控制。

這本全新更新的第二版幾乎是第一版的兩倍大小,注定成為關於網絡安全風險以及保護隱私、組織、系統和網絡的技術和技術的權威參考資料。

目錄:

前言

第一部分:網絡技術

1. 網絡安全概況
- 網絡安全問題
- 風險分析和最佳實踐

2. 世界廣域網的架構
- 歷史和術語
- 網絡封包的遊覽
- 誰擁有互聯網?

3. 密碼學基礎
- 理解密碼學
- 對稱密鑰算法
- 公鑰算法
- 消息摘要函數

4. 密碼學與網絡
- 密碼學和網絡安全
- 工作中的加密系統和協議
- 密碼學的局限性
- 對密碼學的法律限制

5. 理解SSL和TLS
- 什麼是SSL?
- SSL:用戶的角度

6. 數字識別I:密碼、生物識別和數字簽名
- 物理識別
- 使用公鑰進行識別
- 現實世界的公鑰示例

7. 數字識別II:數字證書、CA和PKI
- 使用PGP理解數字證書
- 認證機構:第三方註冊機構
- 公鑰基礎設施

(以下省略)