買這商品的人也買了...
-
Data Mining: Concepts and Techniques$2,640$2,508 -
Digital Character Animation 2, Volume II: Advanced Techniques$2,030$1,929 -
網路安全入門手冊 (Network Security: A Beginner's Guide)$520$260 -
IPSec-VPN 安全架構與實作 (IPSec: Securing VPNs)
$480$240 -
Java 程式語言 (The Java Programming Language, 3/e)$590$502 -
網路安全防護手冊 (Hack I.T. Security through penetration testing)$620$527 -
JavaScript 範例活用辭典$450$351 -
主動防禦網路安全完全指南 (Active Defense: A Comprehensive Guide to Network security)
$520$199 -
Understanding the Linux Kernel, 2/e (Paperback)$1,880$1,786 -
Excel 2002 實力養成暨評量解題秘笈$120$102 -
Introduction to Algorithms: A Creative Approach 亞洲版 (美國版0201120372)$1,050$1,029 -
精通 Oracle SQL (Mastering Oracle SQL)$580$458 -
ASP.NET 動態網頁入門與應用$490$417 -
ASP.NET 程式設計徹底研究$590$466 -
學資訊安全的第 1 本書$280$218 -
資訊安全管理-防火牆與網路安全 (Firewalls and Internet Security: Repelling the Wily Hacker, 2/e)$620$496 -
網路安全典範圖解$240$204 -
ISA Server 2004 防火牆安裝與管理指南
$640$544 -
遊戲大師談數位互動劇本創作 (Chris Crawford on Interactive Storytelling)
$400$340 -
資料庫系統原理 (Fundamentals of Database Systems, 4/e)$860$731 -
The Unified Modeling Language User Guide, 2/e (Hardcover)$2,720$2,584 -
$199Communication Skills Handbook (Paperback) -
$4,464CCNP Official Exam Certification Library, 5/e -
Java 開源項目:Spring + Hibernate + Struts 專案開發詳解$590$502 -
C++ 沉思錄 (Ruminations on C++ : A Decade of Programming Insight and Experience)$520$406
相關主題
商品描述
Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers:
- Web technology--The technological underpinnings of the modern
Internet and the cryptographic foundations of e-commerce are discussed, along
with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key
Infrastructure), and digital identification, including passwords, digital
signatures, and biometrics.
- Web privacy and security for users--Learn the real risks to user
privacy, including cookies, log files, identity theft, spam, web logs, and web
bugs, and the most common risk, users' own willingness to provide e-commerce
sites with personal information. Hostile mobile code in plug-ins, ActiveX
controls, Java applets, and JavaScript, Flash, and Shockwave programs are also
covered.
- Web server security--Administrators and service providers
discover how to secure their systems and web services. Topics include CGI,
PHP, SSL certificates, law enforcement issues, and more.
- Web content security--Zero in on web publishing issues for
content providers, including intellectual property, copyright and trademark
issues, P3P and privacy policies, digital payments, client-side digital
signatures, code signing, pornography filtering and PICS, and other controls
on web content.
Nearly double the size of the first edition, this completely updated
volume is destined to be the definitive reference on Web security risks and the
techniques and technologies you can use to protect your privacy, your
organization, your system, and your network.
Table of Contents
Preface
Part I. Web Technology
1. The Web Security Landscape
The Web Security Problem
Risk Analysis and Best Practices2. The Architecture of the World Wide Web
History and Terminology
A Packet's Tour of the Web
Who Owns the Internet?3. Cryptography Basics
Understanding Cryptography
Symmetric Key Algorithms
Public Key Algorithms
Message Digest Functions4. Cryptography and the Web
Cryptography and Web Security
Working Cryptographic Systems and Protocols
What Cryptography Can't Do
Legal Restrictions on Cryptography5. Understanding SSL and TLS
What Is SSL?
SSL: The User's Point of View6. Digital Identification I: Passwords, Biometrics, and Digital Signatures
Physical Identification
Using Public Keys for Identification
Real-World Public Key Examples7. Digital Identification II: Digital Certificates, CAs, and PKI
Understanding Digital Certificates with PGP
Certification Authorities: Third-Party Registrars
Public Key Infrastructure
Open Policy IssuesPart II. Privacy and Security for Users
8. The Web's War on Your Privacy
Understanding Privacy
User-Provided Information
Log Files
Understanding Cookies
Web Bugs
Conclusion9. Privacy-Protecting Techniques
Choosing a Good Service Provider
Picking a Great Password
Cleaning Up After Yourself
Avoiding Spam and Junk Email
Identity Theft10. Privacy-Protecting Technologies
Blocking Ads and Crushing Cookies
Anonymous Browsing
Secure Email11. Backups and Antitheft
Using Backups to Protect Your Data
Preventing Theft12. Mobile Code I: Plug-Ins, ActiveX, and Visual Basic
When Good Browsers Go Bad
Helper Applications and Plug-ins
Microsoft's ActiveX
The Risks of Downloaded Code
Conclusion13. Mobile Code II: Java, JavaScript, Flash, and Shockwave
Java
JavaScript
Flash and Shockwave
ConclusionPart III. Web Server Security
14. Physical Security for Servers
Planning for the Forgotten Threats
Protecting Computer Hardware
Protecting Your Data
Personnel
Story: A Failed Site Inspection15. Host Security for Servers
Current Host Security Problems
Securing the Host Computer
Minimizing Risk by Minimizing Services
Operating Securely
Secure Remote Access and Content Updating
Firewalls and the Web
Conclusion16. Securing Web Applications
A Legacy of Extensibility and Risk
Rules to Code By
Securely Using Fields, Hidden Fields, and Cookies
Rules for Programming Languages
Using PHP Securely
Writing Scripts That Run with Additional Privileges
Connecting to Databases
Conclusion17. Deploying SSL Server Certificates
Planning for Your SSL Server
Creating SSL Servers with FreeBSD
Installing an SSL Certificate on Microsoft IIS
Obtaining a Certificate from a Commercial CA
When Things Go Wrong18. Securing Your Web Service
Protecting Via Redundancy
Protecting Your DNS
Protecting Your Domain Registration19. Computer Crime
Your Legal Options After a Break-In
Criminal Hazards
Criminal Subject MatterPart IV. Security for Content Providers
20. Controlling Access to Your Web Content
Access Control Strategies
Controlling Access with Apache
Controlling Access with Microsoft IIS21. Client-Side Digital Certificates
Client Certificates
A Tour of the VeriSign Digital ID Center22. Code Signing and Microsoft's Authenticode
Why Code Signing?
Microsoft's Authenticode Technology
Obtaining a Software Publishing Certificate
Other Code Signing Methods23. Pornography, Filtering Software, and Censorship
Pornography Filtering
PICS
RSACi
Conclusion24. Privacy Policies, Legislation, and P3P
Policies That Protect Privacy and Privacy Policies
Children's Online Privacy Protection Act
P3P
Conclusion25. Digital Payments
Charga-Plates, Diners Club, and Credit Cards
Internet-Based Payment Systems
How to Evaluate a Credit Card Payment System26. Intellectual Property and Actionable Content
Copyright
Patents
Trademarks
Actionable ContentPart V. Appendixes
A. Lessons from Vineyard.NET
B. The SSL/TLS Protocol
C. P3P: The Platform for Privacy Preferences Project
D. The PICS Specification
E. References
Index
商品描述(中文翻譯)
自從這本經典參考書的第一版出版以來,全球網路的使用量激增,電子商務已成為商業和個人生活中的日常一部分。隨著網路使用的增長,我們的安全和隱私威脅也隨之增加——從信用卡詐騙到行銷人員的日常隱私侵犯,再到網站的破壞以及使熱門網站癱瘓的攻擊。《Web Security, Privacy & Commerce》深入探討了這些頭條新聞背後的內容,檢視當前面臨的主要安全風險,並解釋我們如何能夠將其最小化。書中描述了Windows和Unix、Microsoft Internet Explorer和Netscape Navigator,以及各種當前程序和產品的風險。這本書詳細涵蓋了以下內容:
- 網路技術——討論現代互聯網的技術基礎和電子商務的加密基礎,包括SSL(安全套接字層)、PKI(公鑰基礎設施)的重要性,以及數位身份識別,包括密碼、數位簽名和生物識別技術。
- 用戶的網路隱私和安全——了解用戶隱私的實際風險,包括Cookies、日誌檔案、身份盜竊、垃圾郵件、網路日誌和網路漏洞,以及最常見的風險,即用戶自己願意向電子商務網站提供個人信息。還涵蓋了在插件、ActiveX 控制、Java 小應用程式、JavaScript、Flash 和 Shockwave 程式中的惡意移動代碼。
- 網路伺服器安全——管理員和服務提供者了解如何保護他們的系統和網路服務。主題包括CGI、PHP、SSL證書、執法問題等。
- 網路內容安全——針對內容提供者的網路出版問題進行深入探討,包括知識產權、版權和商標問題、P3P和隱私政策、數位支付、客戶端數位簽名、代碼簽名、色情過濾和PICS,以及其他對網路內容的控制。
這本完全更新的版本幾乎是第一版的兩倍,注定成為有關網路安全風險及保護您的隱私、組織、系統和網路的技術和方法的權威參考書。
目錄
前言
第一部分:網路技術
1. 網路安全現狀
- 網路安全問題
- 風險分析和最佳實踐
2. 全球資訊網的架構
- 歷史和術語
- 網路的封包之旅
- 誰擁有互聯網?
3. 加密學基礎
- 理解加密學
- 對稱密鑰算法
- 公鑰算法
- 訊息摘要函數
4. 加密學與網路
- 加密學與網路安全
- 工作中的加密系統和協議
- 加密學無法做到的事
- 加密學的法律限制
5. 理解SSL和TLS
- SSL是什麼?
- SSL:用戶的觀點
6. 數位身份識別 I:密碼、生物識別和數位簽名
- 身份識別
- 使用公鑰進行身份識別
- 實際的公鑰範例
7. 數位身份識別 II:數位證書、CA和PKI
- 使用PGP理解數位證書
- 認證機構:第三方註冊商
- 公鑰基礎設施
- 開放政策問題
第二部分:用戶的隱私和安全
8. 網路對您隱私的戰爭
- 理解隱私
- 用戶提供的信息
- 日誌檔案
- 理解Cookies
- 網路漏洞
- 結論
9. 隱私保護技術
- 選擇良好的服務提供者
- 選擇一個好的密碼
- 清理自己的痕跡
- 避免垃圾郵件和垃圾電子郵件
- 身份盜竊
10. 隱私保護技術
- 阻擋廣告和清除Cookies
- 匿名瀏覽
- 安全電子郵件
11. 備份和防盜
- 使用備份保護您的數據
- 防止盜竊
12. 移動代碼 I:插件、ActiveX和Visual Basic
- 當良好的瀏覽器變壞
- 輔助應用程序和插件
- 微軟的ActiveX
- 下載代碼的風險
- 結論
13. 移動代碼 II:Java、JavaScript、Flash和Shockwave
- Java
- JavaScript
- Flash和Shockwave
- 結論
第三部分:網路伺服器安全
14. 伺服器的物理安全
- 規劃被遺忘的威脅
- 保護計算機硬體
- 保護您的數據
- 人員
- 故事:一次失敗的網站檢查
15. 伺服器的主機安全
- 當前主機安全問題
- 保護主機計算機
- 通過最小化服務來最小化風險
- 安全操作
- 安全的遠程訪問和內容更新
- 防火牆和網路
- 結論
16. 保護網路應用程序
- 可擴展性和風險的遺產
- 編碼規則
- 安全使用欄位、隱藏欄位和Cookies
- 程式語言的規則
- 安全使用PHP
- 編寫具有額外權限的腳本
- 連接到數據庫
- 結論
17. 部署SSL伺服器證書
- 規劃您的SSL伺服器
- 使用FreeBSD創建SSL伺服器
- 在Microsoft IIS上安裝SSL證書
- 從商業CA獲取證書
- 當事情出錯時
18. 保護您的網路服務
- 通過冗餘保護
- 保護您的DNS
- 保護您的域名註冊
19. 電腦犯罪
- 入侵後的法律選擇
- 刑事危害
- 刑事主題
第四部分:內容提供者的安全
20. 控制對您的網路內容的訪問
- 訪問控制策略
- 使用Apache控制訪問
- 使用Microsoft IIS控制訪問
21. 客戶端數位證書
- 客戶端證書
- VeriSign數位ID中心之旅
22. 代碼簽名和微軟的Authenticode
- 為什麼要進行代碼簽名?
- 微軟的Authenticode技術
- 獲取軟體發行證書
- 其他代碼簽名方法
23. 色情、過濾軟體和審查
- 色情過濾
- PICS
- RSACi
- 結論
24. 隱私政策、立法和P3P
- 保護隱私的政策和隱私政策
- 兒童在線隱私保護法
- P3P
- 結論
25. 數位支付
- Charge-Plates、Diners Club和信用卡
- 基於互聯網的支付系統
- 如何評估信用卡支付系統
26. 知識產權和可執行內容
- 版權
- 專利
- 商標
- 可執行內容
附錄
A. Vineyard.NET的教訓
B. SSL/TLS協議
C. P3P:隱私偏好平台專案
D. PICS規範
E. 參考文獻
索引
