Don’t let hackers vandalize your website or use it as a gateway to break into your LAN. With this new, hands-on book, you get the most comprehensive analysis of current trends in WWW security available, plus an evaluation of existing technologies, such as anonymity services, and security products. You learn how to ensure that electronic commerce functions and financial transactions on your website are executed with the utmost security and protection, and learn about content protection and the benefits and drawbacks of censorship on the web.
Unlike other books in this field, Security Technologies for the WWW provides in-depth coverage of topics of specific concern to WWW security professionals. With this handy resource, you gain the ability to discuss existing security technologies, evaluate and choose those that suit your needs, and understand corresponding software and hardware. Find out where the gaps are in your existing security measures and learn the latest ways in which hackers and others are trying to corrupt your information.
Keep this book on your reference shelf if you’re a webmaster setting up a new website or you’re a security or IT manager trying to manage and ensure safe traffic flow on an existing website. Students and professors will also gain valuable insight into the latest security methods and technologies with this comprehensive book.
"Author Rolf Oppliger brings to the table a smorgasbord of topics such as electronic payments, digital signatures, cryptographic techniques, and user authentication...easily digestible for security professionals specializing in computers...this book will help security professionals or company Webmasters take a bite out of online crime." ---Security Management, April 2000
"...the material is realistic, useful and conceptually complete...the author has managed to provide something of value for all. For the Web workers who are its primary audience, this book provides...a complete picture of the various aspects that must be addressed."
---Information Security, March 2000
"The book is well written, covers all the major Web security topics at least in summary form, and discusses some topics in detail. The author understands Internet security and expresses that understanding in a clear, concise way. This book fulfills its purpose, and I recommend it to anyone who wants to start learning about security for the Internet and the Web."
---Computing Reviews, February 2000
Introduction -- The Internet. The World Wide Web. Vulnerabilities, Threats and Countermeasures. Generic Security Model.
HTTP User Authentication and Authorization -- Basic Authentication. Digest Authentication. Certificate-Based Authentication. Authorization and Access Control.
Proxy Servers and Firewalls -- Packet Filtering and Stateful Inspection. Circuit-Level Gateways. Firewall Configurations.
Cryptographic Techniques -- One-Way Hash Configurations. Secret Key Cryptography. Public Key Cryptography. Legal Considerations. Notation.
Internet Security Protocols -- Network Access Layer Security Protocols. Internet Layer Security Protocols.
Transport Layer Security Protocols. Application Layer Security Protocols.
The SSL and TLS Protocols -- The SSL Protocol. The TLS Protocol. Firewall Tunneling.
Electronic Payment Schemes.
Managing Certificates -- A Distributed Certificate Management System. Attribute Certificates. Certificate Revocation.
Executable Content -- Binary Mail Attachments. Scripting Languages. Java Applets. Activex Controls.
Mobile Code and Agent-Based Systems -- Protecting the Run-Time Environment. Protecting the Mobile Code.
Copyright Protection -- Watermarking. Fingerprinting. A Secure Document Distribution System.
Privacy protection and Anonymous Browsing -- Cookies. The Anonymizer. Onion Routing. Lucent Personalized Web Assistant. Crowds. Janus. Taz Servers and the Rewebber Network.
Censorship on the WWW -- Content Blocking. Content Rating and the Platform for Internet Content Selection.
Area of Further Study -- Provably Secure Cryptographic Techniques. Trust Management. High-Speed Networking. Multicat Communications. Resource Reservation and Billing Schemes.
Rolf Oppliger is the founder and owner of eSECURITY Technologies (www.esecurity.ch) and works for the Swiss Federal Strategy Unit for Information Technology (FSUIT) . He is also the author of Secure Messaging with PGP and S/MIME, Internet and Intranet Security (Artech House, 1998), and Authentication Systems for Secure Networks (Artech House, 1996). Dr. Oppliger is the computer security series editor at Artech House. He received his M.Sc. and Ph.D. in Computer Science from the University of Berne, Switzerland, and the Venia Legendi in Computer Science from the University of Zürich, Switzerland.