Book Summary:
Garfinkel and Spafford, longtime Net veterans, overturn a lot of misconceptions about online security in a commonsense book that is easily accessible to even nontechnical readers. They make it clear that any commercial Web site requires careful attention to security-even if the site doesn't carry any sensitive information. Furthermore, the authors show that there's a lot more to security than merely encrypting transmissions. Their goal is to lay the foundation for securing the three parts of a system: the Web server and its data; the information that travels between server and user; and the user's own computer and the information stored there. Because of the rapidly evolving nature of Web security, Garfinkel and Spafford are not specific in terms of security flaws and tools to fix them. Instead, they emphasize laying out the Web-security principles that will be applicable throughout several generations of hardware and software change. In the process, they give extensive coverage to user safety, digital certificates, cryptography, Web-server security, and the larger issues of commerce and society. Appendix A shows the lessons of the book in action as it details Garfinkel's experience running and securing the Vineyard.net Internet service provider. --Elizabeth Lewis Attacks on government Web sites, break-ins at Internet service providers, electronic credit card fraud, invasion of personal privacy by merchants as well as hackers--is this what the World Wide Web is really all about? Web Security & Commerce cuts through the hype and the front page stories. It tells you what the real risks are and explains how you can minimize them. Whether you're a casual (but concerned) Web surfer or a system administrator responsible for the security of a critical Web server, this book will tell you what you need to know. Entertaining as well as illuminating, it looks behind the headlines at the technologies, risks, and benefits of the Web. Whatever browser or server you are using, you and your system will benefit from this book. Topics include: - User safety--browser vulnerabilities (with an emphasis on Netscape Navigator and Microsoft Internet Explorer), privacy concerns, issues with Java, JavaScript, ActiveX, and plug-ins.
- Digital certificates--what they are, how they assure identity in a networked environment, how certification authorities and server certificates work, and what code signing all about.
- Cryptography--an overview of how encryption works on the Internet and how different algorithms and programs are being used today.
- Web server security--detailed technical information about SSL (Secure Socket Layer), TLS (Transport Layer Security), host security, server access methods, and secure CGI/API programming.
- Commerce and society--how digital payments work, what blocking software and censorship technology (e.g., PICS and RSACi) is about, and what civil and criminal issues you need to understand.
|