Index

A note on the digital index

A link in an index entry is displayed as the section title in which that entry appears. Because some sections have multiple index markers, it is not unusual for an entry to have several links to the same section. Clicking on any link will take you directly to the place in the text in which the marker appears.

Symbols

' (backquote function), The problem with the script
8mm video tape, Guarding Against Media Failure
‘fair use’ provisions, copyright law, Copyright Infringement

A

absolute identification, Computer-Based Identification Techniques
Absolute Software Corporation, Laptop Recovery Software and Services
access.conf file, <Limit> Examples
access control, First Edition, First Edition, Cryptography and the Web, Physical tokens: something that you have, Physical Access, Controlling Access to Your Web Content, Identity-Based Access Controls, Host-Based Restrictions, Identity-Based Access Controls, Controlling Access with Apache, Enforcing Access Control Restrictions with the Web Server’s Configuration File, Commands Before the <Limit>. . . </Limit> Directive, Use a database, Use PKI and digital certificates, Controlling Access with Microsoft IIS, Restricting Access to IIS Directories
(see also identification)
. . ., Commands Before the <Limit>. . . </Limit> Directive
Apache web servers, Controlling Access with Apache
authorizations databases, Use a database
directoryname parameter, Enforcing Access Control Restrictions with the Web Server’s Configuration File
host-based restrictions, Host-Based Restrictions
IIS, Controlling Access with Microsoft IIS, Restricting Access to IIS Directories
passwords, First Edition (see passwords)
physical, Physical Access
physical tokens for, Physical tokens: something that you have
PKI, using, Use PKI and digital certificates
user-based, Identity-Based Access Controls
access( ), General Principles for Writing Secure Scripts
accidents, First Edition, Preventing Accidents
(see also natural disasters)
ACH (Automated Clearing House), What Does SSL Really Protect?, Enrollment, Credit Cards and ACH
online security of, What Does SSL Really Protect?
ACK packets, Engaging the Web
ACPA (Anticybersquatting Consumer Protection Act), Domain Names and Trademarks
ActiveX controls, Microsoft’s ActiveX, Risky Controls, Microsoft’s ActiveX, Microsoft’s ActiveX, Microsoft’s ActiveX, The <OBJECT> Tag, Authenticode, Authenticode, Does Authenticode Work?, Risky Controls, Signed Code Can Be Hijacked
Authenticode, Authenticode
CLSID (Class Identifier), Microsoft’s ActiveX
hijacking by attackers, Signed Code Can Be Hijacked
Java, and, Microsoft’s ActiveX
known risks of, Risky Controls
misconceptions, Authenticode
security issues, Does Authenticode Work?
tags, The <OBJECT> Tag
uses, Microsoft’s ActiveX
ad blockers, Using Ad Blockers
address munging or mangling, Use Address Munging
address verification, Additional Authentication Mechanisms
addressing, Weaving the Web, The Domain Name Service
internal, The Domain Name Service
Adleman, Leonard M., Public Key Algorithms
administrative logins, Secure Content Updating
Advanced Research Projects Agency (ARPA), Building the Internet
aggregate information, Personal, Private, and Personally Identifiable Information
air ducts, Entrance through air ducts
air filters, Dust
alarms, First Edition (see detectors)
alerts, Alert Protocol
algorithmic attacks on encryption, Analytic attacks
AllowOverride command, Commands Before the <Limit>. . . </Limit> Directive
Amateur Action Bulletin Board System, Amateur Action
America Online, First Edition (see AOL)
American Civil Liberties Union v. Reno, Communications Decency Act
American Registry of Internet Numbers (ARIN), Internet Number Registries
Andreessen, Mark, Weaving the Web
animals, Bugs (biological)
anonymity, Personal, Private, and Personally Identifiable Information, Why Client Certificates?, Security and privacy, Security and privacy
certificates and, Why Client Certificates?
digital payment systems and, Security and privacy, Security and privacy
anonymized information, Personal, Private, and Personally Identifiable Information
Anonymizer.com, Anonymous Web Browsing Services, Anonymous Web Browsing Services
secure tunneling services, Anonymous Web Browsing Services
anonymous web browsing, Anonymous Browsing, Anonymous Web Browsing Services, Simple Approaches to Protecting Your IP Address, Anonymous Web Browsing Services
services for, Anonymous Web Browsing Services
techniques, Simple Approaches to Protecting Your IP Address
AOL (America Online), Identity Theft, Simple Approaches to Protecting Your IP Address, Architectures for Filtering, Censoring the network
anonymous browsing and, Simple Approaches to Protecting Your IP Address
identity theft, and, Identity Theft
Apache web servers, Web Software Covered by This Book, Choosing a Server, History, Installing Apache and mod_ssl on FreeBSD, Installing Apache and mod_ssl on FreeBSD, Installing Apache and mod_ssl on FreeBSD, Installing Apache and mod_ssl on FreeBSD, Installing Apache and mod_ssl on FreeBSD, Verifying the Initial Installation, Signing Your Keys with Your Own Certification Authority, Signing Your Keys with Your Own Certification Authority, The Apache mod_ssl configuration file, The Apache mod_ssl configuration file, The Apache mod_ssl configuration file, The Apache mod_ssl configuration file, Installing the key and certificate on the web server, Controlling Access with Apache, Use a database
access controls, Controlling Access with Apache, Use a database
using databases, Use a database
CAs, creating for, Signing Your Keys with Your Own Certification Authority, Signing Your Keys with Your Own Certification Authority
FreeBSD, on, Installing Apache and mod_ssl on FreeBSD, Installing Apache and mod_ssl on FreeBSD, Installing Apache and mod_ssl on FreeBSD
directory structure, Installing Apache and mod_ssl on FreeBSD
httpd.conf configuration file, The Apache mod_ssl configuration file, The Apache mod_ssl configuration file
installation, Installing Apache and mod_ssl on FreeBSD, Installing Apache and mod_ssl on FreeBSD, Verifying the Initial Installation, Installing the key and certificate on the web server
keys and certificates for, Installing the key and certificate on the web server
verification of, Verifying the Initial Installation
mod_ssl configuration file, The Apache mod_ssl configuration file, The Apache mod_ssl configuration file
origins, History
SSL, and, Choosing a Server
APIs (Application Program Interfaces), A Legacy of Extensibility and Risk, A Legacy of Extensibility and Risk, Fixing the problem, Rules to Code By, General Principles for Writing Secure Scripts
extensibility of, A Legacy of Extensibility and Risk, Fixing the problem
programming guidelines, Rules to Code By, General Principles for Writing Secure Scripts
Apple Macintosh, security and, Minimizing Risk by Minimizing Services
application/pics-labels encoding, PICS Applications
application/pics-service encoding, PICS Applications, Rating Services
appropriation, The Tort of Privacy
architecture, room, Physical Access
archiving information, First Edition, Why Make Backups?
(see also logging)
ARIN (American Registry of Internet Numbers), Internet Number Registries
ARPA (Advanced Research Projects Agency), Building the Internet
arpwatch, Eavesdropping over local area networks (Ethernet and twisted pair)
asymmetric key algorithms, Cryptographic Algorithms and Functions
AT&T LabsÑResearch, P3P: The Platform for Privacy Preferences Project
Atkins, Derek, Key search attacks
attackers, Understanding Your Adversaries, Rogue employees and insurance fraud
attacks, Reconstructing an Attack, Recovering from an Attack, Spoofing username/password pop-ups with Java, Mirror worlds, A Taxonomy of Attacks, Frequency of Attack, A Taxonomy of Attacks, Frequency of Attack, Frequency of Attack, Script kiddies, Tools of the Attacker’s Trade, Your Legal Options After a Break-In, Hazards of Criminal Prosecution, Caveats with host-based access control, Lesson: Defeat packet sniffing.
automation of, Frequency of Attack
growing problem of, Frequency of Attack
host-based restrictions, against, Caveats with host-based access control
legal options regarding, Your Legal Options After a Break-In, Hazards of Criminal Prosecution
Mafiaboy, Script kiddies
mirror-world, Mirror worlds
packet sniffing, Lesson: Defeat packet sniffing.
reconstructing, Reconstructing an Attack
recovery from, Recovering from an Attack
remote, A Taxonomy of Attacks
social engineering, Spoofing username/password pop-ups with Java
software tools for, Tools of the Attacker’s Trade
attacks, cryptographic, First Edition, A Cryptographic Example, Attacks on Symmetric Encryption Algorithms, Systems-based attacks, Cryptanalysis, Attacks on Public Key Algorithms, Attacks on Message Digest Functions
(see also cryptography)
against hardware-based cryptographic systems, Cryptanalysis
on message digests, Attacks on Message Digest Functions
on symmetric encryption algorithms, Attacks on Symmetric Encryption Algorithms, Systems-based attacks
on public key algorithms, Attacks on Public Key Algorithms
Audiotex Connection, Inc., David.exe
audits, Snapshot tools
authentication, Message Digest Functions, HMAC, Roles for Cryptography, Physical Identification, Physical tokens: something that you have, Stopping Replay Attacks with Public Key Cryptography, Stopping Replay Attacks with Public Key Cryptography, Document Author Identification Using PGP, Public Key Authentication Using SSH, Using Encryption to Protect Against Sniffing, Manually Setting Up Web Users and Passwords, Use RADIUS or LDAP
message digests, Message Digest Functions, HMAC
of new users, Manually Setting Up Web Users and Passwords
offline systems, Stopping Replay Attacks with Public Key Cryptography
online systems, Stopping Replay Attacks with Public Key Cryptography
PGP, using, Document Author Identification Using PGP
RADIUS protocol, Use RADIUS or LDAP
SSH RSA keys, Public Key Authentication Using SSH
token-based, Using Encryption to Protect Against Sniffing
two-factor authentication, Physical tokens: something that you have
Authenticode, Message Digest Functions, Authenticode, Authenticode, Does Authenticode Work?, Does Authenticode Work?, Internet Exploder, Why Code Signing?, Code Signing in Theory, Code Signing Today, Microsoft’s Authenticode Technology, Code signing from the command line, Microsoft’s Authenticode Technology, Microsoft’s Authenticode Technology, Microsoft’s Authenticode Technology, Publishing with Authenticode, Publishing with Authenticode, The Authenticode SDK
ActiveX, and, Microsoft’s Authenticode Technology
certificate qualification, Microsoft’s Authenticode Technology
evaluation, Does Authenticode Work?
Internet Exploder, and, Internet Exploder
MD5, use of, Message Digest Functions
publishing with, Publishing with Authenticode
security issues, Does Authenticode Work?
signed files, structure of, Microsoft’s Authenticode Technology
Software DeveloperÕs Kit (SDK), The Authenticode SDK
Software DeveloperÕs Kit (SDK), online source, Publishing with Authenticode
uses, Authenticode
VeriSign public key infrastructure, and, Code Signing in Theory
authorization, Roles for Cryptography, Physical Identification, Rules for Perl, Commands Before the <Limit>. . . </Limit> Directive
environment variables for, Rules for Perl
directive and, Commands Before the <Limit>. . . </Limit> Directive
AutoComplete feature, clearing, Clearing AutoComplete with Internet Explorer
autologout shell variable, Built-in shell autologout
automated checking systems, Change-detecting tools
automatic memory management, Java Safety
automatic power cutoff, First Edition (see detectors)

B

back doors, Cryptographic Strength of Symmetric Algorithms, A Taxonomy of Attacks
Back Orifice, Keystroke recorders and keyboard sniffers, Tools of the Attacker’s Trade
backquote function, The problem with the script
backups, Using Backups to Protect Your Data, Deciding upon a Backup Strategy, Why Make Backups?, Why Make Backups?, What Should You Back Up?, Types of Backups, Types of Backups, How Long Should You Keep a Backup?, Security for Backups, Data security for backups, Legal Issues, Protecting Backups, Protecting Backups, Verify your backups, Backups, Hazards of Criminal Prosecution, Criminal Hazards, Lesson: Make frequent backups.
for archiving information, Why Make Backups?
criminal investigations, and, Hazards of Criminal Prosecution, Criminal Hazards
encryption of, Protecting Backups
keeping secure, Security for Backups, Data security for backups
laws concerning, Legal Issues
planning, What Should You Back Up?
purpose of, Why Make Backups?
retention of, How Long Should You Keep a Backup?
rotating media, Types of Backups
theft of, Protecting Backups
types of, Types of Backups
verifying, Verify your backups
BankAmericard, A Very Short History of Credit
base data elements, How P3P Works
Basic Input Output System, First Edition (see BIOS)
BB2W (Broadband2Wireless), The Big Cash-Out
BBBOnLine, Seal programs
beacon GIFs, Web Bugs
Berkeley ‘r’ commands, Minimizing Risk by Minimizing Services
Berners-Lee, Tim, Weaving the Web, History
best practices, Risk Analysis and Best Practices
bind, DNSSEC, A Taxonomy of Attacks, Protecting Your DNS
vulnerabilities, A Taxonomy of Attacks, Protecting Your DNS
biological threats, Bugs (biological)
biometrics, Biometrics: something that you are, Biometrics: something that you are, Biometrics: something that you are, Biometrics: something that you are
identification systems, Biometrics: something that you are, Biometrics: something that you are
limitations, Biometrics: something that you are
BIOS (Basic Input Output System), Booting Up Your PC
block algorithms, Symmetric Key Algorithms
blocking advertisments, Using Ad Blockers
blocking software, First Edition (see filtering software)
Blowfish, Common Symmetric Key Algorithms
bootstrap loader, Booting Up Your PC
bots, Tools of the Attacker’s Trade
branded debit cards, Refunds and Charge-Backs
Brandeis, Louis, The Tort of Privacy
Brands, Stefan, Minimal disclosure certificates
break-ins, First Edition (see attacks)
breaking running scripts, Can’t break a running script
BrightMail, Avoiding Spam and Junk Email, Use an Antispam Service or Software
browser alerts, SSL, Browser Alerts
browser cache, Browser Cache, Managing your cache with Netscape Navigator, Browser Cache, Managing your cache with Internet Explorer, Managing your cache with Netscape Navigator
configuring for privacy, Browser Cache
Internet Explorer, management, Managing your cache with Internet Explorer
Netscape Navigator, management, Managing your cache with Netscape Navigator
browsers, First Edition (see Web browsers)
brute force attacks, A Cryptographic Example, A Cryptographic Example, Key Length with Symmetric Key Algorithms, Key Length with Symmetric Key Algorithms, Key search (brute force) attacks
and computing power, Key Length with Symmetric Key Algorithms
BSafe SSL-C, History
buffer overflow, A Taxonomy of Attacks
buffers, Printer buffers
printer buffers, security risks, Printer buffers
bug tracking, Keeping Abreast of Bugs and Flaws
bugs, Risky Controls, Java Security Problems, Flash and Shockwave, Choosing Your Vendor, Choosing Your Vendor, Bugtraq
Bugtraq mailing list, Bugtraq
Java runtime system, Java Security Problems
Macromedia Shockwave plug-in, Flash and Shockwave
MS Access ActiveX, Risky Controls
bugs (biological), Bugs (biological)
bulk erasers, Sanitizing Media Before Disposal
Bureau of Export Administration (BXA), U.S. regulatory efforts and history
bytecode, Java, the Language, Safety is not security
Java, Safety is not security

C

C language, programming guidelines, Rules for C
C shell, First Edition (see csh)
cables, network, Lightning, Network cables, Network cables, Wiretapping, Wiretapping, Fiber optic cable
routing of, Lightning, Network cables
tampering detectors for, Wiretapping
wiretapping, Wiretapping
CAPI (Cryptographic API), The Authenticode SDK
carbon monoxide, Smoke
Card Shark, Card Shark
CAs (certification authorities), First Edition, S/MIME, Certification Authorities: Third-Party Registrars, Certification Authorities: Third-Party Registrars, The X.509 v3 Certificate, Exploring the X.509 v3 certificate, Types of Certificates, Certification Authorities: Some History, Certification Authorities: Some History, Certification Authorities: Some History, Multiple Certificates for a Single CA, Shortcomings of Today’s CAs, Unrealistic expiration dates, Inconsistencies for “Subject” and “Issuer” fields, How Many CAs Does Society Need?, Deciding on the Private Key Store, Signing Your Keys with Your Own Certification Authority, Signing Your Keys with Your Own Certification Authority, Obtaining a Certificate from a Commercial CA
(see also digital certificates)
certificates for, Types of Certificates
certificates, included in browsers, inconsistencies, Inconsistencies for “Subject” and “Issuer” fields
certificates, obtaining from, Obtaining a Certificate from a Commercial CA
competition of, Certification Authorities: Some History
creating for Apache web servers, Signing Your Keys with Your Own Certification Authority, Signing Your Keys with Your Own Certification Authority
history, Certification Authorities: Some History
multiple certificates offered by, Multiple Certificates for a Single CA
need for, How Many CAs Does Society Need?
private keys, protections of, Deciding on the Private Key Store
quality control problems of, Shortcomings of Today’s CAs, Unrealistic expiration dates
RSA Certification Services, Certification Authorities: Some History
types of services, Certification Authorities: Third-Party Registrars
X.509 v3 certificates, The X.509 v3 Certificate, Exploring the X.509 v3 certificate
CDA (Communications Decency Act), Communications Decency Act
CDP (CRL distribution point), Certificate revocation lists
ceilings, dropped, Raised floors and dropped ceilings
cellular telephones, Electrical noise
censorship, PICS and Censorship
censorware, First Edition (see filtering software)
CERN (European Laboratory for Particle Physics), Weaving the Web
CERT (Computer Emergency Response Team), CERT/CC’s PGP signatures, Keeping Abreast of Bugs and Flaws, CERT-advisory
CERT/CC, PGP signature, CERT/CC’s PGP signatures
Cert2SPC.exe, The Authenticode SDK
Certificate Requests, 5. Certificate Request
certificate stores, The Authenticode SDK
certificates, First Edition, S/MIME, Digital Certificates, Types of Certificates, Server Certificates, Obtaining a Certificate from a Commercial CA, Not Yet Valid and Expired Certificates, Certificate Renewal, Certificate Renewal, Use PKI and digital certificates, Client Certificates, Revoking a Digital ID, A Tour of the VeriSign Digital ID Center, Revoking a Digital ID, Revoking a Digital ID, Obtaining a Software Publishing Certificate
(see also digital certificates, CAs)
certification authorities, for, Types of Certificates
client-side, Client Certificates, Revoking a Digital ID
managing users with, Use PKI and digital certificates
obtaining from CAs, Obtaining a Certificate from a Commercial CA
renewing, Certificate Renewal
revoking, Revoking a Digital ID
short expiration times, Certificate Renewal
software publisherÕs, Obtaining a Software Publishing Certificate
SSL, causes of invalidation in, Not Yet Valid and Expired Certificates
VeriSign Digital ID Center, A Tour of the VeriSign Digital ID Center, Revoking a Digital ID
web servers under SSL, Server Certificates
CertificateVerify message, 9. CertificateVerify
certification authorities, First Edition (see CAs)
certification of public keys, PGP certification
CertMgr.exe, The Authenticode SDK
CGI (Common Gateway Interface), A Legacy of Extensibility and Risk, A Legacy of Extensibility and Risk, Fixing the problem, Programs That Should Not Be CGIs, Unintended Side Effects, Fixing the problem, Rules to Code By, General Principles for Writing Secure Scripts, Writing Scripts That Run with Additional Privileges
example script, Unintended Side Effects, Fixing the problem
extensibility of, A Legacy of Extensibility and Risk, Fixing the problem
programming guidelines, Rules to Code By, General Principles for Writing Secure Scripts
programs to exclude from, Programs That Should Not Be CGIs
cgi-bin directory, Programs That Should Not Be CGIs
challenge-response, Public Key Authentication Using SSH
change detection tools, Change-detecting tools
ChangeCipherSpec, ChangeCipherSpec Protocol
characters, filtering, Fixing the problem
charga-plates, A Very Short History of Credit
charge-backs, Refunds and Charge-Backs
charge slips, The charge slip
chargen utility, Minimizing Risk by Minimizing Services
Chaum, David, DigiCash
check digit algorithm, The charge card check digit algorithm
Perl encoding, The charge card check digit algorithm
check digits, The charge card check digit algorithm
CheckFree services, Credit Cards and ACH
checking, First Edition (see verification)
child pornography, Child pornography
ChildrenÕs Internet Protection Act, Mandatory blocking, Pornography Filtering
ChildrenÕs Privacy Protection Act, First Edition (see COPPA)
ChkTrust.exe, The Authenticode SDK
chosen plaintext attacks, Cryptanalysis
chrootuid daemon, chrootuid
CIAC (Computer Incident Advisory Capability), CIAC-notes and C-Notes
ciphers, First Edition (see encryption)
circular hunting, Working with the Phone Company
Clark, Jim, Weaving the Web
class loader, Java, Java, the Language, Safety is not security
clear GIFs, Web Bugs
client certificates, Client Certificates
‘client-sniffing’ code, A Touch of JavaScript
client/server model, The client/server model
ClientHello, 1. ClientHello
clients, The client/server model, Client Certificates, Revoking a Digital ID
client-side digital certificates, Client Certificates, Revoking a Digital ID
Clipper chip, Key Length with Symmetric Key Algorithms, U.S. regulatory efforts and history
CLSID (Class Identifier), Microsoft’s ActiveX
COCOM (Coordinating Committee for Multilateral Export Controls), International agreements on cryptography
Code of Fair Information Practices, The Code of Fair Information Practices
code signing, Signed Code Is Not Safe Code, Code Signing and Microsoft’s Authenticode, Other Code Signing Methods, Code Signing Today, Microsoft’s Authenticode Technology, Code signing from the command line, Other Code Signing Methods, Other Code Signing Methods
Authenticode, Microsoft’s Authenticode Technology, Code signing from the command line
current systems, Code Signing Today
DSig, Other Code Signing Methods
PGP, with, Other Code Signing Methods
vulnerabilities, Signed Code Is Not Safe Code
cold, impact on hardware, Temperature extremes
commerce, The Need for Identification Today, Charge card fees, Refunds and Charge-Backs, Refunds and Charge-Backs, Internet-Based Payment Systems, Gator Wallet
identification and, The Need for Identification Today
Internet-based payment systems, Internet-Based Payment Systems, Gator Wallet
merchant fees, Charge card fees
reverse charge transactions, Refunds and Charge-Backs, Refunds and Charge-Backs
Communications Decency Act (CDA), Communications Decency Act
compact policies, Support for P3P in Internet Explorer 6.0, Compact Policies
computer failure, Why Make Backups?
computer forensics, Cleaning Up After Yourself
computer networks, Hosts, gateways, and firewalls, PC to LAN to Internet
computer security, The Web Security Problem, Physically secure your computer, Unattended Terminals, Screensavers, General Computer Security
physical, Physically secure your computer
references for, General Computer Security
unattended systems, Unattended Terminals, Screensavers
Computer Security Resource Clearinghouse (CSRC), NIST CSRC
computer theft, preventing, Preventing Theft, Awareness, Locks, Tagging, Laptop Recovery Software and Services, Awareness
laptop locks, Locks
precautions, Awareness
recovery software and services, Laptop Recovery Software and Services
tagging, Tagging
computer vacuums, Dust
computer vandalism, First Edition (see vandalism)
computer worms, First Edition (see worms)
computers, environmental threats to, The Environment, Environmental monitoring
Computrace, Laptop Recovery Software and Services
confidentiality, Roles for Cryptography
configuration files, Securing the Web Server
confiscation of property, Criminal Hazards
connectors, network, Network connectors
consistency checking, General Principles for Writing Secure Scripts
content types, PICS Applications, PICS Applications, Rating Services
application/pics-labels, PICS Applications
application/pics-service, PICS Applications, Rating Services
content updating, Secure Content Updating, Secure Content Updating
contingency planning, The Disaster Recovery Plan
continuity of identification, Computer-Based Identification Techniques
cookies, Understanding Cookies, Understanding Cookies, Understanding Cookies, The Cookie Protocol, An example, Cookie Uses, Cookie Uses, Cookie Uses, Cookie Jars, Cookie Jars, Cookie Security, Disabling Cookies, Cookies, Crushing Netscape’s cookies, Crushing Internet Explorer’s cookies, Crushing Netscape’s cookies, Using Ad Blockers, Using Cookies, Using Cryptography to Strengthen Hidden Fields, Compound URLs, and Cookies, Support for P3P in Internet Explorer 6.0
applications, Understanding Cookies
cookie jars, Cookie Jars
crushing, Using Ad Blockers
disabling, Disabling Cookies
implementation and uses, Cookie Uses
Internet Explorer 6.0, and, Support for P3P in Internet Explorer 6.0
privacy, and, Cookie Uses
profiles, creating with, Cookie Uses
protocol, The Cookie Protocol
removal, Cookies, Crushing Netscape’s cookies, Crushing Internet Explorer’s cookies, Crushing Netscape’s cookies
Internet Explorer, from, Crushing Internet Explorer’s cookies
Netscape Navigator, from, Crushing Netscape’s cookies
RFC 2109, Cookie Jars
secure generation and decoding, Using Cryptography to Strengthen Hidden Fields, Compound URLs, and Cookies
security, Cookie Security
security advantages over hidden fields, Using Cookies
third-party cookies, An example
cookies.txt file, Cookie Jars
COPPA (ChildrenÕs Online Privacy Protection Act), Children’s Online Privacy Protection Act, Enforcement, Who must follow the COPPA Rule?, Basic provisions of COPPA, Verifiable parental consent, COPPA exceptions, Enforcement
exceptions, COPPA exceptions
FTC, and, Enforcement
jurisdiction, Who must follow the COPPA Rule?
parental consent, and, Verifiable parental consent
provisions, Basic provisions of COPPA
copper network cables, routing of, Lightning
COPS (Computer Oracle and Password System), COPS (Computer Oracle and Password System)
copy protection systems, Policing copyright
copyright, Copyright, Warez, Copyright Infringement, Copyright Infringement
email forwarding, and, Copyright Infringement
infringement, Copyright Infringement
core dumps, security of, General Principles for Writing Secure Scripts
core files, General Principles for Writing Secure Scripts
corporations, Protection Through Incorporation
Council of Better Business Bureaus, BBBOnLine, Seal programs
Council of Europe, International agreements on cryptography
courtesy cards, A Very Short History of Credit
CPS (certification practices statement), Certification Practices Statement (CPS), Lack of permanence for Certificate Policies field, Lack of permanence for Certificate Policies field
maintenance, problems with, Lack of permanence for Certificate Policies field
viewing, Lack of permanence for Certificate Policies field
CPU attacks, CPU and stack attacks
CPU time limits, General Principles for Writing Secure Scripts
crackers, profiles of, Understanding Your Adversaries, Rogue employees and insurance fraud
Cranor, Lorrie, P3P: The Platform for Privacy Preferences Project
credit, Charga-Plates, Diners Club, and Credit Cards, A Very Short History of Credit
history, A Very Short History of Credit
credit card sniffers, Card Shark
credit cards, Charga-Plates, Diners Club, and Credit Cards, Using Credit Cards on the Internet, Payment Cards in the United States, The charge card check digit algorithm, Charge card fees, Additional Authentication Mechanisms, Using Credit Cards on the Internet, SET, Two channels: one for the merchant, one for the bank, How to Evaluate a Credit Card Payment System, Credit Cards and ACH, Lesson: Make it easy for your customers to save you money.
authentication mechanisms, Additional Authentication Mechanisms
check digits, The charge card check digit algorithm
evaluating system for, How to Evaluate a Credit Card Payment System
fees, Charge card fees
Internet, usage on, Using Credit Cards on the Internet
SET protocol for, SET, Two channels: one for the merchant, one for the bank
United States, use in, Payment Cards in the United States
credit reports, monitoring, Protecting Yourself From Identity Theft
crimes, Preface, Beyond the Point of No Return
criminal laws, Your Legal Options After a Break-In, Hazards of Criminal Prosecution
CRL (certificate revocation list), Certificate revocation lists
crushing cookies, Using Ad Blockers
cryptanalysis, Cryptanalysis
Crypto Law Survey, U.S. regulatory efforts and history
cryptographic protocols, Working Cryptographic Systems and Protocols, Offline Encryption Systems, S/MIME, Online Cryptographic Protocols and Systems, SSH
offline, Offline Encryption Systems, S/MIME
online, Online Cryptographic Protocols and Systems, SSH
cryptographic systems, Cryptographic Strength of Symmetric Algorithms, Working Cryptographic Systems and Protocols
strength, Cryptographic Strength of Symmetric Algorithms
cryptographically enabled web servers, Securing the User’s Computer
cryptography, Understanding Cryptography, Cryptographic Algorithms and Functions, Roots of Cryptography, Cryptography as a Dual-Use Technology, A Cryptographic Example, Cryptographic Algorithms and Functions, Systems-based attacks, Cryptographic Algorithms and Functions, Public Key Algorithms, Key search attacks, Message Digest Functions, HMAC, Cryptography and Web Security, Roles for Cryptography, Roles for Cryptography, What Cryptography Can’t Do, What Cryptography Can’t Do, Legal Restrictions on Cryptography, National regulations of cryptography throughout the world, Cryptography and the Patent System, The outlook for patents, Cryptography and Trade Secret Law, Regulation of Cryptography by International and National Law, National regulations of cryptography throughout the world, International agreements on cryptography, National regulations of cryptography throughout the world, National regulations of cryptography throughout the world, Using Cryptography to Strengthen Hidden Fields, Compound URLs, and Cookies, Cryptographic Programs and Export Controls, Two channels: one for the merchant, one for the bank
applications, Cryptography as a Dual-Use Technology
attacks against, A Cryptographic Example
domestic use restrictions, National regulations of cryptography throughout the world
dual signatures, Two channels: one for the merchant, one for the bank
export controls, and, Cryptographic Programs and Export Controls
government regulation of, Regulation of Cryptography by International and National Law, National regulations of cryptography throughout the world
history, Roots of Cryptography
import/export restrictions, National regulations of cryptography throughout the world
international agreements, International agreements on cryptography
Internet, use in securing, Cryptography and Web Security, Roles for Cryptography
legal restrictions, Legal Restrictions on Cryptography, National regulations of cryptography throughout the world
limitations, What Cryptography Can’t Do, What Cryptography Can’t Do
message digests, Message Digest Functions, HMAC
patents, Cryptography and the Patent System, The outlook for patents
public keys, Cryptographic Algorithms and Functions, Public Key Algorithms, Key search attacks
roles in information systems, Roles for Cryptography
securing information sent to web applications, Using Cryptography to Strengthen Hidden Fields, Compound URLs, and Cookies
symmetric key algorithms, Cryptographic Algorithms and Functions, Systems-based attacks
trade secret laws, Cryptography and Trade Secret Law
csh (C shell), autologout variable, Built-in shell autologout
.cshrc file, Built-in shell autologout
CSRC (Computer Security Resource Clearinghouse), NIST CSRC
custom software, Lesson: If you have the time to write it, custom software always works better than what you can get off the shelf.
cvsup command, Installing Apache and mod_ssl on FreeBSD
CyberCash system, CyberCash/CyberCoin
cybercrime, First Edition (see crime)

D

DAT (Digital Audio Tape), Guarding Against Media Failure
Data Encryption Standard, First Edition (see DES)
data integrity, Roles for Cryptography
data protection, Policing copyright, Securing Information in Transit, Why Make Backups?, Why Make Backups?, Encryption, Protecting Your Data, Personnel, The Code of Fair Information Practices
in transit, Securing Information in Transit
theft, from, Why Make Backups?, Encryption
database servers, Securing the Web Server
david.exe, David.exe
Davies, Simon, Mondex
deadlock conditions, General Principles for Writing Secure Scripts
debit cards, What Does SSL Really Protect?, Refunds and Charge-Backs
online security of, What Does SSL Really Protect?
decryption, First Edition, Understanding Cryptography
(see also cryptography)
defamation, Libel and Defamation
Defense Trade Regulations, U.S. regulatory efforts and history
denial-of-service attacks, Securing Information in Transit, JavaScript Denial-of-Service Attacks, Script kiddies
Gibson Research Corp., Script kiddies
JavaScript, JavaScript Denial-of-Service Attacks
DES (Data Encryption Standard), A Cryptographic Example, A Cryptographic Example, Key Length with Symmetric Key Algorithms, Common Symmetric Key Algorithms, Cryptography and the Patent System
key length, Key Length with Symmetric Key Algorithms
weakness of, A Cryptographic Example
designing programs, First Edition (see programming, guidelines for)
desktop, Booting Up Your PC
destroying media, Sanitizing Media Before Disposal
detecting changes, Change-detecting tools
detectors, Smoke, Smoke, Temperature extremes, Humidity, Water, Wiretapping
cable tampering, Wiretapping
carbon-monoxide, Smoke
humidity, Humidity
smoke, Smoke
temperature alarms, Temperature extremes
water sensors, Water
dialers, Dialing up the Internet
dialup servers, unprotected, A Taxonomy of Attacks
differential attacks, Cryptanalysis
Diffie, Bailey Whitfield, Public Key Algorithms
Diffie-Hellman key exchange, Public Key Algorithms, The public key patents
patents, The public key patents
DigiCash system, DigiCash, Security and privacy
DigiCrime web site, Window system attacks
Digital Audio Tape (DAT), Guarding Against Media Failure
digital certificates, Digital Certificates, Digital Identification II: Digital Certificates, CAs, and PKI, Understanding Digital Certificates with PGP, Understanding Digital Certificates with PGP, The X.509 v3 Certificate, Exploring the X.509 v3 certificate, Types of Certificates, Types of Certificates, Types of Certificates, Revocation, Revocation, Real-time certificate validation, Short-lived certificates, Internet Explorer Preinstalled Certificates, Internet Explorer Preinstalled Certificates, Netscape Navigator Preinstalled Certificates, Multiple Certificates for a Single CA, Inconsistencies for “Subject” and “Issuer” fields, Today’s Digital Certificates Don’t Tell Enough, Digital Certificates Allow for Easy Data Aggregation, Code signing from the command line
browser-bundled certificates, inconsistencies, Inconsistencies for “Subject” and “Issuer” fields
current deficiencies of, Today’s Digital Certificates Don’t Tell Enough
fraudulent certificates, Revocation
liability insurance for, Multiple Certificates for a Single CA
PGP, and, Understanding Digital Certificates with PGP
potential uses of, Types of Certificates
preinstalled, Internet Explorer, Internet Explorer Preinstalled Certificates, Internet Explorer Preinstalled Certificates
preinstalled, Netscape Navigator, Netscape Navigator Preinstalled Certificates
privacy, and, Digital Certificates Allow for Easy Data Aggregation
real-time validation, Real-time certificate validation
revocation, Revocation
short-lived certificates, Short-lived certificates
software publishing, Code signing from the command line
types, Types of Certificates
Windows operating system, uses by, Types of Certificates
X.509 v3 certificates, The X.509 v3 Certificate, Exploring the X.509 v3 certificate
digital coins, DigiCash
Digital IDs, First Edition (see certificates)
Digital Millennium Copyright Act, First Edition (see DMCA)
digital money, Security and privacy
taxation, and, Security and privacy
digital notary, There Are Too Many Robert Smiths
digital payment systems, Digital Payments
Digital Signature Wizard, Signing a program, Signing a program
digital signatures, Cryptographic Algorithms and Functions, Public Key Algorithms, Public Key Algorithms, Uses of Public Key Encryption, Digital signatures, Message Digest Functions, Creating and Storing the Private Key, CERT/CC’s PGP signatures, Digital Identification II: Digital Certificates, CAs, and PKI, Authenticode
advantages and drawbacks, Digital Identification II: Digital Certificates, CAs, and PKI
Authenticode system, Authenticode
DSS (Digital Signature Standard), Public Key Algorithms, Message Digest Functions
PGP, example, CERT/CC’s PGP signatures
validation, Creating and Storing the Private Key
digital watermarking, Policing copyright
DinerÕs Club card, A Very Short History of Credit
Directive 95/46/EC, Directive on Protection of Personal Data, Other National and International Regulations
directories, backing up by, Types of Backups
disable Java setting, Internet Explorer, Setting Java policy in Microsoft Internet Explorer
disaster planning, Planning for the Forgotten Threats, The Disaster Recovery Plan
disclosure of private facts, The Tort of Privacy
diskettes, First Edition (see backups media)
dispersal of resources, Defending Against Acts of War and Terrorism
disposing of materials, Sanitizing Printed Media, Sanitizing Printed Media
distributed denial-of-service, What the Attacker Wants
DLLs (dynamic linked libraries), Getting the Plug-In
DMCA (Digital Millennium Copyright Act), The Digital Millennium Copyright Act, The Digital Millennium Copyright Act, Devices that Circumvent Technical Measures that Control Access to Copyrighted Works
copyright protections, disabling of, and, Devices that Circumvent Technical Measures that Control Access to Copyrighted Works
DNS (Domain Name Service), The Domain Name Service, How DNS works, The Domain Name Service, How DNS works, The Internet Corporation for Assigned Names and Numbers, DNS Logs, A Taxonomy of Attacks, Minimizing Risk by Minimizing Services, The SSL certificate format, Wrong Server Address, Protecting Your DNS
distributed database, The Domain Name Service
DNS logs, DNS Logs
DNS requests, How DNS works
name server, protecting, Protecting Your DNS
Network Solutions, domination by, The Internet Corporation for Assigned Names and Numbers
remote root exploit, A Taxonomy of Attacks
spoofing, Wrong Server Address
SSL certificates and, The SSL certificate format
DNSSEC (Domain Name Service Security), DNSSEC
doctrine of equivalence, Cryptography and the Patent System
document authentication using PGP, Document Author Identification Using PGP
document retention and destruction policies, Omniva’s Self-Destructing Email
domain names, The Domain Name Service, The Domain Name Service, Domain Names and Trademarks
IP addresses, and, The Domain Name Service
trademarks, and, Domain Names and Trademarks
domain name registration, The Domain Registrars, The Internet Corporation for Assigned Names and Numbers, Protecting Your Domain Registration, Protecting Your Domain Registration
licensing authority for, The Internet Corporation for Assigned Names and Numbers
security and maintenance, Protecting Your Domain Registration, Protecting Your Domain Registration
Domain Name Service, First Edition (see DNS)
Domain Name Service Security (DNSSEC), DNSSEC
domains and ports, How DNS works
downloaded code, risks, The Risks of Downloaded Code
downloaded software, privacy issues, Keystroke recorders and keyboard sniffers
downloading files, Protecting Local Storage
drink, Food and drink
dropped ceilings, Raised floors and dropped ceilings
DSA algorithm and PGP, Creating a public key/private key pair with PGP
DSL (Digital Subscriber Loop), PC to LAN to Internet
dual signatures, Two channels: one for the merchant, one for the bank
ducts, air, Entrance through air ducts
due care, Risk Analysis and Best Practices
dumpster diving, Sanitizing Printed Media
dust, Dust
dynamically assigned IP addresses, The Walden Network

E

earthquakes, Earthquake
eavesdropping, Public Key Authentication Using SSH, Eavesdropping, Fiber optic cable, Potential for eavesdropping and data theft, Using Encryption to Protect Against Sniffing, Using Encryption to Protect Against Sniffing
password sniffing, Using Encryption to Protect Against Sniffing, Using Encryption to Protect Against Sniffing
private keys, Public Key Authentication Using SSH
E-cash, First Edition (see DigiCash system)
echo command, Minimizing Risk by Minimizing Services
edit detections, Change-detecting tools
EES (Escrowed Encryption Standard), U.S. regulatory efforts and history
EFT (Electronic Funds Transfer), online security of, What Does SSL Really Protect?
Eich, Brendan, JavaScript
8mm video tape, Guarding Against Media Failure
electrical fires, First Edition, Smoke
(see also fire; smoke and smoking)
electrical noise, sources of, Electrical noise
electronic mail, Message Digest Functions, HMAC, Minimizing Risk by Minimizing Services, Virtual PIN, Redux, Copyright Infringement
authorizing payments by, Virtual PIN, Redux
forwarding, copyright law and, Copyright Infringement
message digests, Message Digest Functions, HMAC
electronic money, Digital Payments, Refunds and Charge-Backs, Virtual PIN, Redux, DigiCash, Security and privacy, CyberCash/CyberCoin, SET, Two channels: one for the merchant, one for the bank, Mondex
CyberCash system, CyberCash/CyberCoin
debit cards, Refunds and Charge-Backs
DigiCash system, DigiCash, Security and privacy
Mondex system, Mondex
SET protocol for, SET, Two channels: one for the merchant, one for the bank
Virtual PIN system, Virtual PIN, Redux
elliptic curve cryptosystems, Public Key Algorithms
email, Protect Your Email Address, Secure Email, Secure Email, Hotmail, Yahoo Mail, and Other Web-Based Email Services, Omniva’s Self-Destructing Email, Omniva’s Self-Destructing Email, ILOVEYOU
destruction systems, Omniva’s Self-Destructing Email
durability of, Omniva’s Self-Destructing Email
I LOVE YOU worm, ILOVEYOU
privacy of, ensuring, Hotmail, Yahoo Mail, and Other Web-Based Email Services
security aspects of, Secure Email
spam, preventing, Protect Your Email Address
embedded scripting languages, A Legacy of Extensibility and Risk
embedded web servers, A Legacy of Extensibility and Risk
encoding, PICS Applications, PICS Applications, Rating Services
application/pics-labels, PICS Applications
application/pics-service, PICS Applications, Rating Services
encrypted messaging, Uses of Public Key Encryption
encryption, First Edition, First Edition, Securing Information in Transit, Understanding Cryptography, A Cryptographic Example, Cryptographic Algorithms and Functions, Systems-based attacks, Cryptographic Algorithms and Functions, Public Key Algorithms, Key search attacks, Offline Encryption Systems, S/MIME, Online Cryptographic Protocols and Systems, SSH, Data security for backups, Data security for backups, Encryption, Lesson: Encrypt sensitive information and be careful with your decryption keys.
(see also cryptography)
attacks on, First Edition, A Cryptographic Example
(see also attacks, cryptographic)
of backups, Data security for backups
escrowing keys, Data security for backups
offline systems, Offline Encryption Systems, S/MIME
online systems, Online Cryptographic Protocols and Systems, SSH
public keys, Cryptographic Algorithms and Functions, Public Key Algorithms, Key search attacks
symmetric key algorithms, Cryptographic Algorithms and Functions, Systems-based attacks
encryption algorithms, A Cryptographic Example
Engelschall, Ralf S., History
enrollment, Internet-Based Payment Systems
environment variables, CGI/API and, Rules for Perl
erasing disks, Sanitizing Media Before Disposal, Sanitizing Media Before Disposal
errors, Why Make Backups?, Guarding Against Media Failure
human, Guarding Against Media Failure
errors, programming, First Edition (see bugs)
escrow agents, U.S. regulatory efforts and history
Escrowed Encryption Standard (EES), U.S. regulatory efforts and history
escrowing encryption keys, Data security for backups
/etc directory, backup of, Types of Backups
/etc/passwd file, Manually Setting Up Web Users and Passwords
Ethernet, A wealth of private data
packet sniffers, and, A wealth of private data
Ethernet cables, First Edition (see cables, network)
European Laboratory for Particle Physics (CERN), Weaving the Web
European Union privacy protections, Other National and International Regulations
ExecCGI option, Commands Before the <Limit>. . . </Limit> Directive
explosions, Explosion
export controls and cryptography, Cryptographic Programs and Export Controls
extensibility, A Legacy of Extensibility and Risk, Fixing the problem

F

failures, computer, Why Make Backups?
Fair Credit Reporting Act, The Code of Fair Information Practices
fair use, Copyright Infringement
‘fair use’ provisions, copyright law, Devices that Circumvent Technical Measures that Control Access to Copyrighted Works
false negatives and positives, biometrics, Biometrics: something that you are
Farmer, Dan, Network scanning programs
faults, First Edition (see bugs)
Federal Family Educational Rights and Privacy Act of 1974, The Code of Fair Information Practices
federal jurisdiction, Federal jurisdiction
federal laws, Federal Computer Crime Laws
federal trademarks, Obtaining a Trademark
fees, charge card, Charge card fees
Felten, Edward W., Java Security Problems, JavaScript Spoofing Attacks
fiber optic cables, advantages and disadvantages, First Edition, Fiber optic cable
(see also cables, network)
File Transfer Protocol, First Edition (see FTP)
files, First Edition, First Edition, First Edition, First Edition, General Principles for Writing Secure Scripts, Rules for C
access to, First Edition (see access control)
core files, General Principles for Writing Secure Scripts
log, First Edition, First Edition, First Edition (see logging)
temporary, Rules for C
filing criminal complaints, Filing a Criminal Complaint, Federal jurisdiction
filtering invalid characters, Fixing the problem
filtering software, Pornography, Filtering Software, and Censorship, Problems with Filtering Software, Pornography Filtering, Architectures for Filtering, Architectures for Filtering, Problems with Filtering Software, Problems with Filtering Software, Problems with Filtering Software, PICS, PICS and Censorship
application, protocol, and firewall levels, Architectures for Filtering
censorship, PICS and Censorship
database currency, Problems with Filtering Software
disabling of, Problems with Filtering Software
overbroad filtering criteria, Problems with Filtering Software
pornography, for, Pornography Filtering
techniques used, Architectures for Filtering
technology and censorship concerns, PICS
filtering software and pornography, Mandatory blocking
filters, air, Dust
FIN bit, Engaging the Web
finger, Weaving the Web
finger gateway, Unintended Side Effects, The problem with the script, Fixing the problem
securing, Fixing the problem
security hole in, The problem with the script
finger protocol, Minimizing Risk by Minimizing Services
finished_label, 11. Finished
fires, Fire, Smoke, Fire, Fire hazards
extinguishers, Fire
firewalls, Hosts, gateways, and firewalls, Firewalls and the Web, Types of Firewalls, Types of Firewalls, Types of Firewalls, Types of Firewalls, Protecting LANs with Firewalls, Protecting Web Servers with Firewalls, Using firewalls to implement host-based access control, Firewalls
host-based restrictions, using, Using firewalls to implement host-based access control
LANs, protection with, Protecting LANs with Firewalls
mailing list for, Firewalls
NAT support, Types of Firewalls
packet-filtering, Types of Firewalls
proxy firewalls, Types of Firewalls
VPN support, Types of Firewalls
web servers, protection with, Protecting Web Servers with Firewalls
FIRST teams, FIRST
First Virtual Holdings, Card Shark, Virtual PIN
first-party cookie, Support for P3P in Internet Explorer 6.0
Flash, Flash and Shockwave
floods, First Edition (see water)
floors, raised, Raised floors and dropped ceilings
FollowSymLinks option, Commands Before the <Limit>. . . </Limit> Directive
food risks to hardware, Food and drink
forgery-proof identification, Tamper-proofing the document
format of SSL certificates, The SSL certificate format
forwarding email messages, Copyright Infringement
fraud, electronic funds transfer, Electronic funds transfers
free software, Lesson: Remember, the “free” in “free software” refers to “freedom.”
FreeBSD, The Walden Network, Creating SSL Servers with FreeBSD, Securing Other Services, Installing Apache and mod_ssl on FreeBSD, Installing Apache and mod_ssl on FreeBSD
Apache, installation under, Installing Apache and mod_ssl on FreeBSD, Installing Apache and mod_ssl on FreeBSD
SSL servers, creating with, Creating SSL Servers with FreeBSD, Securing Other Services
Freedom anonymizers, Anonymous Web Browsing Services
Freedom of Information Act, The Code of Fair Information Practices
FTP (File Transfer Protocol), Weaving the Web, Minimizing Risk by Minimizing Services, Secure Content Updating
full backup, Types of Backups
function keys, Function keys

G

gas-charged fire extinguishers, Fire
glass walls, security aspects, Glass walls
Gosling, James, Java’s History
Graff, Michael, Key search attacks
Graphical User Interface, First Edition (see GUIs)
guest logins, Secure Content Updating
GUIs (Graphical User Interfaces), Window system attacks

H

Halon gas, Fire
handshakes, SSL/TLS, SSL 3.0/TLS Handshake, 12. Application Data
handshake_failure alert, 2. ServerHello
handshake_messages, 9. CertificateVerify
harassment, Libel and Defamation
hard disks, difficulty of sanitizing, Sanitizing Media Before Disposal
hardware, Why Make Backups?, Protecting Computer Hardware, Smoke, Temperature extremes, Food and drink
failure of, Why Make Backups?
food and drink threats, Food and drink
physical security of, Protecting Computer Hardware
smoke, effects on, Smoke
temperature, influence on, Temperature extremes
hash functions, Message Digest Functions
heat, impact on hardware, Temperature extremes
Hellman, Martin E., Public Key Algorithms
helper applications, Helper Applications and Plug-ins, Evaluating Plug-In Security, The History of Helpers
history, The History of Helpers
hidden fields, Hidden Fields and Compound URLs
hidden URLs, Hidden URLs
high safety setting, Internet Explorer, Setting Java policy in Microsoft Internet Explorer
history command, web browsers, JavaScript Security Flaws
holograms, Tamper-proofing the document
Honeynet Project, Frequency of Attack
host name resolution, How DNS works, How DNS works
host security, Host Security for Servers, Host Security for Servers, Conclusion, A Taxonomy of Attacks, A Taxonomy of Attacks, A Taxonomy of Attacks, A Taxonomy of Attacks, Frequency of Attack, Frequency of Attack, What the Attacker Wants, Securing the Host Computer, Protecting Web Servers with Firewalls, Security Through Policy, Installation II: Installing the Software and Patches, Keeping Abreast of Bugs and Flaws, Choosing Your Vendor, Choosing Your Vendor, Installation I: Inventory Your System, Installation I: Inventory Your System, Installation II: Installing the Software and Patches, Installation II: Installing the Software and Patches, Minimizing Risk by Minimizing Services, Logging, Setting up a log server, Backups, Using Security Tools, Network scanning programs, Snapshot tools, Change-detecting tools, Intrusion detection systems, Using Encryption to Protect Against Sniffing, Using Encryption to Protect Against Sniffing, Using Encryption to Protect Against Sniffing, Using Encryption to Protect Against Sniffing
attacks, increase in, Frequency of Attack
automated attacks, Frequency of Attack
backups, Backups
change-detecting tools, Change-detecting tools
compromised systems, attacks from, What the Attacker Wants
eavesdropping, prevention of, Using Encryption to Protect Against Sniffing
encryption, systems with, Using Encryption to Protect Against Sniffing
implementation, Securing the Host Computer, Protecting Web Servers with Firewalls
intrusion detection systems, Intrusion detection systems
log servers, Setting up a log server
logging, Logging
malicious programs, A Taxonomy of Attacks
patches, updating, Keeping Abreast of Bugs and Flaws
policies, implementing, Security Through Policy, Installation II: Installing the Software and Patches
remote attacks, A Taxonomy of Attacks
security tools, Using Security Tools, Network scanning programs
services, restriction of, Minimizing Risk by Minimizing Services
sniffing, prevention, Using Encryption to Protect Against Sniffing, Using Encryption to Protect Against Sniffing
social engineering, A Taxonomy of Attacks
software installation, Installation II: Installing the Software and Patches, Installation II: Installing the Software and Patches
logging, Installation II: Installing the Software and Patches
software inventory, Installation I: Inventory Your System
static auditing, Snapshot tools
system inventory, Installation I: Inventory Your System
vendor issues, Choosing Your Vendor, Choosing Your Vendor
evaluation web site, Choosing Your Vendor
vulnerabilities and attacks, A Taxonomy of Attacks
host-based restrictions, Host-Based Restrictions, Caveats with host-based access control
attacks, against, Caveats with host-based access control
hosts, Hosts, gateways, and firewalls
Hotmail, Hotmail, Yahoo Mail, and Other Web-Based Email Services
.htaccess file, Controlling Access with Apache
HTML (Hypertext Markup Language), Weaving the Web, The refer link field, JavaScript, Securely Using Fields, Hidden Fields, and Cookies, Helping User Agents Find Your Policy Reference File
embedded JavaScript, JavaScript
forms, validating, Securely Using Fields, Hidden Fields, and Cookies
refer links, The refer link field
tag and P3P, Helping User Agents Find Your Policy Reference File
htpasswd program, Manually Setting Up Web Users and Passwords
HTTP (Hypertext Transfer Protocol), Local HTTP Proxies, Requesting PICS Labels by HTTP
proxies, Local HTTP Proxies
encrypted traffic, and, Local HTTP Proxies
requesting PICS labels by, Requesting PICS Labels by HTTP
httpd.conf, The Apache mod_ssl configuration file, The Apache mod_ssl configuration file, The Apache mod_ssl configuration file, Controlling Access with Apache
access control information, Controlling Access with Apache
VirtualHost, The Apache mod_ssl configuration file
HTTPS_RANDOM variable, Rules for Perl
Hudson, Tim, SSLeay and OpenSSL, History
human error and backups, Guarding Against Media Failure
humidity, Humidity
hunt groups, Working with the Phone Company
Hushmail, Hushmail
hybrid public/private cryptosystems, Cryptographic Algorithms and Functions
Hypertext Markup Language, First Edition (see HTML)

I

I LOVE YOU worm, ILOVEYOU
IANA (Internet Assigned Numbers Authority), The Internet Corporation for Assigned Names and Numbers
ICANN (Internet Corporation for Assigned Names and Numbers), The Internet Corporation for Assigned Names and Numbers, The Internet Corporation for Assigned Names and Numbers, Protecting Your Domain Registration, Domain Names and Trademarks
incorporation, The Internet Corporation for Assigned Names and Numbers
UDRP (Uniform Dispute Resolution Policy), Protecting Your Domain Registration, Domain Names and Trademarks
ICMP ECHO packets, How DNS works, How DNS works
IDEA (International Data Encryption Algorithm), Common Symmetric Key Algorithms
identification, First Edition, First Edition, Digital Identification I: Passwords, Biometrics, and Digital Signatures, The Need for Identification Today, Paper-Based Identification Techniques, Tamper-proofing the document, Computer-Based Identification Techniques, Location: someplace where you are, Location: someplace where you are, Using Public Keys for Identification, Creating a public key/private key pair with PGP, Identity-Based Access Controls
access based on, Identity-Based Access Controls
computer-based, Computer-Based Identification Techniques, Location: someplace where you are
digital certificates for, First Edition (see certificates)
location-based, Location: someplace where you are
paper-based systems, Paper-Based Identification Techniques, Tamper-proofing the document
public keys, and, Using Public Keys for Identification, Creating a public key/private key pair with PGP
smart cards for, First Edition (see smart cards)
identity authentication, Creating and Storing the Private Key
identity theft, Identity Theft, Protecting Yourself From Identity Theft, Identity Theft, Identity Theft, Protecting Yourself From Identity Theft
consequences, Identity Theft
prevention, Protecting Yourself From Identity Theft
Social Security Administration, corruption in, Identity Theft
identity vs. identification, Private Keys Are Not People, There Are Too Many Robert Smiths
identity.pub file, Public Key Authentication Using SSH
IETF (Internet Engineering Task Force), TLS working group, The SSL/TLS Protocol
IIS (Internet Information Server), Web Software Covered by This Book, Installing an SSL Certificate on Microsoft IIS, Controlling Access with Microsoft IIS, Restricting Access to IIS Directories, Installing IIS, Downloading and Installing the IIS Patches, Controlling Access to IIS Web Pages, Restricting Access to IIS Directories
access control, Controlling Access with Microsoft IIS, Restricting Access to IIS Directories
directories, restricting access to, Restricting Access to IIS Directories
installing, Installing IIS
patches, downloading and installing, Downloading and Installing the IIS Patches
SSL certificates, installing, Installing an SSL Certificate on Microsoft IIS
web pages, controlling access to, Controlling Access to IIS Web Pages
image content blocking, Architectures for Filtering
implementation strength, Known versus published methods
Includes option, Commands Before the <Limit>. . . </Limit> Directive
IncludesNoExec option, Commands Before the <Limit>. . . </Limit> Directive
incorporation, Protection Through Incorporation
incremental backup, Types of Backups
Indexes option, Commands Before the <Limit>. . . </Limit> Directive
industrial spies, Industrial spies
information, Spoofing username/password pop-ups with Java, Secure Content Updating, Secure Content Updating, PICS and Censorship, The charge slip
asking users for, Spoofing username/password pop-ups with Java
censorship of, PICS and Censorship
on charge slips, The charge slip
secure content updating, Secure Content Updating, Secure Content Updating
information theft, A wealth of private data, A wealth of private data
informational privacy, The Tort of Privacy
input, verifying, General Principles for Writing Secure Scripts
insects, Bugs (biological)
installing, Network cables
cables, Network cables
integrity, Roles for Cryptography, Java Security Problems
intellectual property, Intellectual Property and Actionable Content, Trademark Violations
interbank payment card transaction, The Interbank Payment Card Transaction
interest on credit, Charge card fees
Intermediate Certification Authorities, Internet Explorer Preinstalled Certificates
International Data Encryption Algorithm (IDEA), Common Symmetric Key Algorithms
Internet, First Edition, Weaving the Web, The Domain Name Service, Who Owns the Internet?, Cryptography and the Web, When Good Browsers Go Bad, The Chaos Quicken Checkout, Programs That Spend Your Money, Pornography, Indecency, and Obscenity, Internet-Based Payment Systems, Gator Wallet
addressing, Weaving the Web
credit cards on, First Edition (see credit cards)
domain names, conversion to IP address, The Domain Name Service
electronic theft, The Chaos Quicken Checkout
payment systems on, Internet-Based Payment Systems, Gator Wallet
pornography, and, Pornography, Indecency, and Obscenity
programs that spend money, Programs That Spend Your Money
security aspects, Cryptography and the Web
vulnerability to scam programs, When Good Browsers Go Bad
Internet Corporation for Assigned Names and Numbers (ICANN), The Internet Corporation for Assigned Names and Numbers
Internet Exploder, Internet Exploder
Internet Explorer, Internet Explorer preferences, Internet Explorer Preinstalled Certificates, Internet Explorer Preinstalled Certificates, Cookie Jars, Disabling Cookies, Managing your cache with Internet Explorer, Crushing Internet Explorer’s cookies, Clearing Internet Explorer’s browser history, Clearing AutoComplete with Internet Explorer, Getting the Plug-In, Internet Explorer’s “security zones”, Setting Java policy in Microsoft Internet Explorer, Setting Java policy in Microsoft Internet Explorer, Setting Java policy in Microsoft Internet Explorer, Installing the Nitroba CA certificate into Internet Explorer, Support for Client-Side Digital Certificates, RSACi, Support for P3P in Internet Explorer 6.0, Support for P3P in Internet Explorer 6.0
AutoComplete feature, clearing, Clearing AutoComplete with Internet Explorer
browser cache, management, Managing your cache with Internet Explorer
browser history, clearing, Clearing Internet Explorer’s browser history
browser preferences and SSL, V. 6.0, Internet Explorer preferences
client certificates, support of, Support for Client-Side Digital Certificates
cookie storage, Cookie Jars
cookies, disabling, Disabling Cookies
cookies, removing, Crushing Internet Explorer’s cookies
digital certificates, preinstalled, Internet Explorer Preinstalled Certificates, Internet Explorer Preinstalled Certificates
Java security policies, Setting Java policy in Microsoft Internet Explorer, Setting Java policy in Microsoft Internet Explorer
Java, disabling in restricted security zone, Setting Java policy in Microsoft Internet Explorer
P3P support, Support for P3P in Internet Explorer 6.0
plug-ins, Getting the Plug-In
privacy protections, V. 6.0, Support for P3P in Internet Explorer 6.0
ratings implemented in, RSACi
security zones, Internet Explorer’s “security zones”
trusted CAs, installation of certificates, Installing the Nitroba CA certificate into Internet Explorer
Internet Information Server, First Edition (see IIS)
Internet registrars, The Domain Registrars
Internet service providers, First Edition (see ISPs)
Internet zone, Internet Explorer’s “security zones”
intrusion, The Tort of Privacy
intrusion detection programs, Intrusion detection systems
invalid characters, Fixing the problem
invisible GIFs, Web Bugs
IP (Internet Protocol), Protocols, The Walden Network, The Walden Network, The Domain Name Service, The Domain Name Service, Simple Approaches to Protecting Your IP Address, Eavesdropping over local area networks (Ethernet and twisted pair), Host-Based Restrictions, Host-Based Restrictions, Lesson: Set milestones and stick to them.
access restriction by address, Host-Based Restrictions
connectivity, Lesson: Set milestones and stick to them.
IP addresses, The Walden Network, The Walden Network, The Domain Name Service, The Domain Name Service, Simple Approaches to Protecting Your IP Address, Eavesdropping over local area networks (Ethernet and twisted pair), Host-Based Restrictions
conversion from domain names, The Domain Name Service
hiding, Simple Approaches to Protecting Your IP Address
internal addressing, The Domain Name Service
monitoring for security, Eavesdropping over local area networks (Ethernet and twisted pair)
private networks, Host-Based Restrictions
static, The Walden Network
IP numbers and packets, monitoring, Eavesdropping over local area networks (Ethernet and twisted pair)
IPsec, IPsec and IPv6
IPv4, Protocols
IPv6, Protocols, IPsec and IPv6
ISDN (Integrated Services Digital Network), PC to LAN to Internet
ISPs (Internet service providers), Your Local Internet Service Provider, Choosing a Good Service Provider, Choosing a Good Service Provider, Simple Approaches to Protecting Your IP Address, Warez, Libel and Defamation, In the Beginning, Conclusion
anonymous browsing from, Simple Approaches to Protecting Your IP Address
choosing, Choosing a Good Service Provider
copyright and, Warez
harassment policies, Libel and Defamation
management, In the Beginning, Conclusion
privacy policies of, Choosing a Good Service Provider
ITAR (International Traffic in Arms Regulation), U.S. regulatory efforts and history

J

Java, SSL Java, Java’s History, Java Security Problems, Java’s History, Java’s History, Java, the Language, Java, the Language, Java, the Language, Java, the Language, Java Safety, Java Security, Safety is not security, Safety is not security, Safety is not security, Java Security Policy, Java Security Policy, Setting Java policy in Microsoft Internet Explorer, Setting Java policy in Microsoft Internet Explorer, Setting Java policy in Microsoft Internet Explorer, Setting Java policy in Netscape Navigator, Java Security Problems, Java Security Problems
bytecode verifier, Safety is not security
class loader, Java, the Language, Safety is not security
cross-platform capabilities, Java, the Language
design purpose, Java Security Policy
history, Java’s History
JVM (Java virtual machine), Java, the Language
Microsoft products, support in, Setting Java policy in Microsoft Internet Explorer
Oak, Java’s History
safety of, Java Safety
sandbox, Safety is not security
security aspects of, Java Security
security deficiencies, Java Security Problems
security policies, Java Security Policy, Setting Java policy in Microsoft Internet Explorer, Setting Java policy in Microsoft Internet Explorer, Setting Java policy in Netscape Navigator
Internet Explorer, Setting Java policy in Microsoft Internet Explorer, Setting Java policy in Microsoft Internet Explorer
Netscape Navigator 6.0, setting in, Setting Java policy in Netscape Navigator
self-defending applet killer, Java Security Problems
SSL support, SSL Java
syntax, Java, the Language
JavaScript, JavaScript, Mirror worlds, A Touch of JavaScript, JavaScript Security Overview, JavaScript Security Flaws, JavaScript Denial-of-Service Attacks, Can’t break a running script, Window system attacks, JavaScript Spoofing Attacks
alert( ) method windows attacks, Can’t break a running script
Back button function execution, Window system attacks
capabilities, A Touch of JavaScript
denial-of-service attacks, JavaScript Denial-of-Service Attacks
security aspects, JavaScript Security Overview
security flaws, JavaScript Security Flaws
spoofing attacks, JavaScript Spoofing Attacks
JavaScript Graph Builder library, A Touch of JavaScript
Joe accounts, Smoking Joes
JSAFE, SSL Java
JScript, A Touch of JavaScript
jurisdiction, Choosing jurisdiction

K

Kerberos, Kerberos, Kerberos
key escrow, U.S. regulatory efforts and history, U.S. regulatory efforts and history
risks of, U.S. regulatory efforts and history
key length, Key Length with Symmetric Key Algorithms, Key Length with Symmetric Key Algorithms, Key Length with Symmetric Key Algorithms, Public Key Algorithms
and brute force attacks, Key Length with Symmetric Key Algorithms
and cryptographic security, Key Length with Symmetric Key Algorithms
strength relative to crypographic algorithms, Public Key Algorithms
key recovery, U.S. regulatory efforts and history, U.S. regulatory efforts and history
risks of, U.S. regulatory efforts and history
key ring, PGP/OpenPGP
key search attacks, A Cryptographic Example, Key Length with Symmetric Key Algorithms
key signing parties, Key signing parties
key switches, Key Switches
keyboard monitors, Keyboard monitors
keyboard sniffers, Keystroke recorders and keyboard sniffers
KeyKatch, Keystroke recorders and keyboard sniffers
keys, Understanding Cryptography, Deciding on the Private Key Store, Signing Your Keys with Your Own Certification Authority
OpenSSL, creation with, Signing Your Keys with Your Own Certification Authority
web servers, maintenance for, Deciding on the Private Key Store
keystroke recorders, Keystroke recorders and keyboard sniffers
keyword blocking, Architectures for Filtering
KidsCom web site, Prelude to Regulation
knapsack algorithm, The public key patents
known plaintext attacks, Cryptographic Strength of Symmetric Algorithms, Cryptanalysis
Koops, Bert-Jaap, U.S. regulatory efforts and history
ksh (Korn shell), TMOUT variable, Built-in shell autologout

L

labels, PICS, First Edition (see PICS)
LaDue, Mark, Java Security Problems
LANs (local area networks), PC to LAN to Internet, Connected by LAN, Protecting LANs with Firewalls
firewalls, protection with, Protecting LANs with Firewalls
laptops, prevention of theft, Locks, Laptops and portable computers
laptop locks, Locks
Law Enforcement Access Field (LEAF), U.S. regulatory efforts and history
laws and legal issues, Legal Issues
backups, Legal Issues
laws and legal issues, The Need for Identification Today, Your Legal Options After a Break-In, Hazards of Criminal Prosecution, Your Legal Options After a Break-In, Filing a Criminal Complaint, Hazards of Criminal Prosecution, Filing a Criminal Complaint, Federal jurisdiction, Choosing jurisdiction, Federal jurisdiction, Hazards of Criminal Prosecution, The Responsibility to Report Crime, The Responsibility to Report Crime, The Responsibility to Report Crime, Criminal Hazards, Criminal Hazards, Intellectual Property and Actionable Content, Trademark Violations, Libel and Defamation, Liability for Damage
after break-in, Your Legal Options After a Break-In, Hazards of Criminal Prosecution
circumstances requiring legal action, Your Legal Options After a Break-In
compromised networks, hazards of ownership, Criminal Hazards, Criminal Hazards
criminal complaints, filing, Filing a Criminal Complaint, Federal jurisdiction
criminal prosecution, risks of pursuing, Hazards of Criminal Prosecution, The Responsibility to Report Crime
identification, The Need for Identification Today
intellectual property, Intellectual Property and Actionable Content, Trademark Violations
jurisdiction, Choosing jurisdiction, Federal jurisdiction
law enforcement, Filing a Criminal Complaint, Hazards of Criminal Prosecution, The Responsibility to Report Crime
liability for defective software, Liability for Damage
libel, Libel and Defamation
precautions, The Responsibility to Report Crime
LDAP, Use RADIUS or LDAP
LEAF (Law Enforcement Access Field), U.S. regulatory efforts and history
Lenstra, Arjen, Key search attacks
level-zero backup, Types of Backups
Leyland, Paul, Key search attacks
liability, Liability for Damage
libel, Libel and Defamation
lightning, Protecting Computer Hardware, Lightning
directive, Controlling Access with Apache
limiting access, First Edition (see access control)
links, Weaving the Web
Linux, Choosing a Server
SSL-enabled web servers, and, Choosing a Server
LiveScript, First Edition (see JavaScript)
loadable modules, A Legacy of Extensibility and Risk
loans, credit, First Edition (see credit cards)
local HTTP proxy, Local HTTP Proxies
local intranet zone, Internet Explorer’s “security zones”
local storage, Protecting Local Storage, Function keys
location-based identification, Location: someplace where you are
lock programs, Screensavers
lock-down, Eavesdropping over local area networks (Ethernet and twisted pair)
locks, Locks
log files, Log Files
log in, Booting Up Your PC
log servers, Setting up a log server
logging, Web Logs, Obscuring web logs, Why Make Backups?, Installation II: Installing the Software and Patches, Logging, Logging on Unix, Logging on Windows 2000, General Principles for Writing Secure Scripts, The Responsibility to Report Crime, Lesson: Log everything, and have lots of reports., Swatch
browser, Web Logs, Obscuring web logs
criminal investigations, and, The Responsibility to Report Crime
exclusion of sensitive information, General Principles for Writing Secure Scripts
software installations, Installation II: Installing the Software and Patches
Swatch program, Swatch
Unix systems, facilities for, Logging on Unix
Windows 2000, Logging on Windows 2000
logins and security, Secure Content Updating
logins, limiting, Lesson: Limit logins to your servers.
logout, Built-in shell autologout
Love Bug, Preface, ILOVEYOU

M

Macintosh, security and, Minimizing Risk by Minimizing Services
Macromedia Shockwave, Flash and Shockwave, Code Signing Today
digital signatures, Code Signing Today
plug-in bug, Flash and Shockwave
MACs (message authentication codes), Message Digest Algorithms at Work, Eavesdropping over local area networks (Ethernet and twisted pair), TLS Record Layer, 9. CertificateVerify
address filtering, Eavesdropping over local area networks (Ethernet and twisted pair)
CertificateVerify message, 9. CertificateVerify
TLS, TLS Record Layer
MAEs (Metropolitan Area Exchanges), Network Access Points and Metropolitan Area Exchanges
Mafiaboy, Script kiddies
mail clients, The client/server model
mail logs, Mail Logs
mail servers, The client/server model
mailing lists, Mailing Lists, RISKS
make install command, Installing Apache and mod_ssl on FreeBSD, Installing Apache and mod_ssl on FreeBSD
MakeCat.exe, The Authenticode SDK
makecert.ca script, Signing Your Keys with Your Own Certification Authority, Signing Your Keys with Your Own Certification Authority
MakeCert.exe, The Authenticode SDK, Making the certificate
MakeCTL.exe, The Authenticode SDK
malicious code, When Good Browsers Go Bad, ILOVEYOU, David.exe, The Chaos Quicken Checkout, ILOVEYOU, A Taxonomy of Attacks, Code Signing and Legal Restrictions on Cryptography
phone charge scams, David.exe
PKZIP30B.EXE, Code Signing and Legal Restrictions on Cryptography
Quiken wire transfer program, The Chaos Quicken Checkout
Visual Basic scripts, ILOVEYOU
man-in-the-middle attacks and SSL, SSL/TLS Features
Marimba Castanet code signing, Code Signing Today
marshalling, Using Cryptography to Strengthen Hidden Fields, Compound URLs, and Cookies
master secret, SSL 3.0/TLS Handshake, SSL 3.0/TLS Handshake, 11. Finished
MasterCard, A Very Short History of Credit
Maxim, Preface
Maxus Credit Card Pipeline, Preface
McCool, Rob, History
McCurley, Kevin, Window system attacks
MD2, MD4, MD5 functions, Message Digest Functions
media, Types of Backups, Guarding Against Media Failure, Smoke, Verify your backups, Sanitizing Media Before Disposal, Sanitizing Media Before Disposal, Sanitizing Media Before Disposal, Sanitizing Media Before Disposal, Sanitizing Printed Media, Sanitizing Printed Media
damage by smoke, Smoke
destroying, Sanitizing Media Before Disposal
failure of, Guarding Against Media Failure
overwriting, Sanitizing Media Before Disposal
print through process, Verify your backups
rotating for backups, Types of Backups
sanitizing, Sanitizing Media Before Disposal, Sanitizing Media Before Disposal
medium safety setting, Internet Explorer, Setting Java policy in Microsoft Internet Explorer
meet-in-the-middle plaintext attacks, Common Symmetric Key Algorithms
merchant fees, Charge card fees
message digests, Cryptographic Algorithms and Functions, Message Digest Functions, HMAC
Metcalfe, Robert, Cryptography and the Web
Metropolitan Area Exchanges (MAEs), Network Access Points and Metropolitan Area Exchanges
Microsoft, Web Software Covered by This Book, First Edition, First Edition, First Edition, Microsoft’s ActiveX, Does Authenticode Work?, Risky Controls, Risky Controls, Setting Java policy in Microsoft Internet Explorer, A Touch of JavaScript, A Taxonomy of Attacks, Why Code Signing?, Code Signing Today, The “Pledge”, The Authenticode SDK
Access, ActiveX bug, Risky Controls
ActiveX controls, First Edition (see ActiveX controls)
Authenticode, First Edition (see Authenticode)
certificates, faking of, Does Authenticode Work?
Cryptographic API (CAPI), The Authenticode SDK
Internet Explorer, Web Software Covered by This Book
Java, support for, Setting Java policy in Microsoft Internet Explorer
JScript, A Touch of JavaScript
Office 2000, Risky Controls
UA Control vulnerability, Risky Controls
Office 2000, code signing system of, Code Signing Today
OLEÚCOM Object Viewer, Microsoft’s ActiveX
software authentication, Why Code Signing?
Software PublisherÕs Pledge, The “Pledge”
Windows NT 4.0, vulnerabilities, A Taxonomy of Attacks
Internet Information Server, First Edition (see IIS)
Miller, James, PICS and Censorship, Access controls become tools for censorship, The PICS Specification
MIME (Multipurpose Internet Mail Extensions), S/MIME
minimal disclosure certificates, Minimal disclosure certificates
mirror worlds, Mirror worlds
mirroring RAID systems, Make Backups!
mkstemp( ), Rules for C
mobile code, Mobile Code I: Plug-Ins, ActiveX,and Visual Basic, Mobile Code II: Java, JavaScript, Flash, and Shockwave
interpreted languages, Mobile Code II: Java, JavaScript, Flash, and Shockwave
mod_ssl, History, Installing Apache and mod_ssl on FreeBSD, Installing Apache and mod_ssl on FreeBSD, The Apache mod_ssl configuration file, The Apache mod_ssl configuration file, The Apache mod_ssl configuration file, The Apache mod_ssl configuration file
configuration file, The Apache mod_ssl configuration file, The Apache mod_ssl configuration file
httpd.conf configuration file, The Apache mod_ssl configuration file, The Apache mod_ssl configuration file
installation on FreeBSD, Installing Apache and mod_ssl on FreeBSD, Installing Apache and mod_ssl on FreeBSD
Mondex system, Mondex
money stealing software, The Chaos Quicken Checkout
monitoring software, Monitoring Software, Lesson: Monitor your system.
Monti, Mario, Other National and International Regulations
Mozilla, Weaving the Web, SSLRef and Mozilla Network Security Services
Network Security Services system, SSLRef and Mozilla Network Security Services
Multipurpose Internet Mail Extensions, S/MIME
Museum and Library Services Act, Pornography Filtering
My Computer zone, Internet Explorer’s “security zones”

N

name/value pairs, PICS, Rating Services
names and web server certificates, Wrong Server Address
nameservers, The Domain Name Service, How DNS works, The Root and Top-Level Nameservers, An example, The Root and Top-Level Nameservers, An example, Who runs the root?, An example
querying, An example
root, How DNS works, The Root and Top-Level Nameservers, An example, Who runs the root?
ownership, Who runs the root?
top-level, The Root and Top-Level Nameservers, An example
NAPs (Network Access Points), Network Access Points and Metropolitan Area Exchanges
NAT (Network Address Translation), The Domain Name Service, Types of Firewalls
converters, The Domain Name Service
National Center for Supercomputer Applications (NCSA), Weaving the Web
National Telecommunications and Information Administration, First Edition (see NTIA)
natural disasters, First Edition, Why Make Backups?, Physical security for backups, Protecting Computer Hardware, Fire, Smoke, Earthquake, Lightning, Preventing Accidents
(see also physical security)
accidents, Preventing Accidents
earthquakes, Earthquake
fires, Fire, Smoke
lightning, Protecting Computer Hardware, Lightning
natural gas, risks to hardware, Explosion
Naughton, Patrick, Java’s History
nc, Tools of the Attacker’s Trade
NCSA (National Center for Supercomputer Applications), Weaving the Web
Netbus, Tools of the Attacker’s Trade
netcat, Tools of the Attacker’s Trade
Netscape Communications, Weaving the Web
Netscape Navigator, Web Software Covered by This Book, Weaving the Web, Browser Preferences, Netscape Navigator Preinstalled Certificates, Understanding Cookies, Understanding Cookies, Cookie Jars, Disabling Cookies, Managing your cache with Netscape Navigator, Crushing Netscape’s cookies, Clearing Netscape Navigator’s browser history, Clearing sensitive information with Netscape Navigator, Getting the Plug-In, The <OBJECT> Tag, The <OBJECT> Tag, Setting Java policy in Netscape Navigator, Installing the Nitroba CA certificate into Netscape Navigator, Support for Client-Side Digital Certificates
ActiveX controls, and, The <OBJECT> Tag
browser cache, management, Managing your cache with Netscape Navigator
browser history, clearing, Clearing Netscape Navigator’s browser history
client certificates, support of, Support for Client-Side Digital Certificates
cookies, Understanding Cookies, Understanding Cookies, Cookie Jars, Disabling Cookies
disabling, Disabling Cookies
storage, Cookie Jars
cookies, removal from, Crushing Netscape’s cookies
digital certificates, preinstalled, Netscape Navigator Preinstalled Certificates
Java policies, setting, Setting Java policy in Netscape Navigator
Password Manager, Clearing sensitive information with Netscape Navigator
plug-ins, Getting the Plug-In, The <OBJECT> Tag
security warnings, Getting the Plug-In
SSL, browser preferences, Browser Preferences
trusted CAs, installation of certificates, Installing the Nitroba CA certificate into Netscape Navigator
Netscape Object Signing, code signing system, Code Signing Today
netstat, Tools of the Attacker’s Trade
Network Access Points (NAPs), Network Access Points and Metropolitan Area Exchanges
network connections, securing, Eavesdropping over local area networks (Ethernet and twisted pair)
Network Solutions, The Internet Corporation for Assigned Names and Numbers
networks, Network cables, Network connectors, Secure Content Updating, Censoring the network, Lesson: Whenever you are pulling wires, pull more than you need., Windows System Administration
blocking software and, Censoring the network
cables for, Network cables
connectors for, Network connectors
NFS, Secure Content Updating
security references, Windows System Administration
wiring installation for, Lesson: Whenever you are pulling wires, pull more than you need.
newsyslog, Logging on Unix
NFS (Network File System), Secure Content Updating
NIST CSRC (National Institutes of Standards and Technology Computer Security Resource Clearinghouse), NIST CSRC
Nitroba CA certificate, Signing Your Keys with Your Own Certification Authority, Installing the Nitroba CA certificate into Internet Explorer, Installing the Nitroba CA certificate into Netscape Navigator
Internet Explorer, installation on, Installing the Nitroba CA certificate into Internet Explorer
Netscape Navigator, installation on, Installing the Nitroba CA certificate into Netscape Navigator
nonce, Public Key Authentication Using SSH
nonrepudiation, Roles for Cryptography
nonreusable passwords, Using Encryption to Protect Against Sniffing
NSA (National Security Agency), Key Length with Symmetric Key Algorithms
NSS (Network Security Services), SSLRef and Mozilla Network Security Services, SSL Performance
online resources, SSL Performance
NTIA (National Telecommunications and Information Administration), The Internet Corporation for Assigned Names and Numbers, The Internet Corporation for Assigned Names and Numbers
ICAAN, incorporation of, The Internet Corporation for Assigned Names and Numbers
nyms, Anonymous Web Browsing Services

O

Oak, Java’s History
OECD (Organization for Economic Development and Cooperation), privacy guidelines, OECD Guidelines
offline authentication systems, Stopping Replay Attacks with Public Key Cryptography
offline encryption systems, Offline Encryption Systems, S/MIME
OLEÚCOM Object Viewer, Microsoft’s ActiveX
Omniva Policy Systems, Omniva’s Self-Destructing Email
one-way hash functions, Message Digest Functions
online accounts, establishing, Internet-Based Payment Systems
online authentication systems, Stopping Replay Attacks with Public Key Cryptography
online cryptographic protocols, Online Cryptographic Protocols and Systems, SSH
online fraud, types of, Programs That Spend Your Money
online resources, Comments and Questions, The Walden Network, The Internet Corporation for Assigned Names and Numbers, SSLRef and Mozilla Network Security Services, SSLeay and OpenSSL, SSL Java, SSL Performance, SSL Performance, Web Bugs on Web Pages, Use an Antispam Service or Software, Tools of the Attacker’s Trade, Obtaining the Programs, Publishing with Authenticode, Web Pages and FTP Repository, WWW Security, Software Resources, UDP Packet Relayer
ICANN web site, The Internet Corporation for Assigned Names and Numbers
Java SSL, SSL Java
Microsoft Authenticode Software DeveloperÕs Kit, Publishing with Authenticode
NSS (Network Security Services), SSLRef and Mozilla Network Security Services
OpenSSL, SSLeay and OpenSSL
Privacy Foundation on web bugs, Web Bugs on Web Pages
software, Software Resources, UDP Packet Relayer
SSL, SSL Performance
SSL open source programs, Obtaining the Programs
SSL/TLS, SSL Performance
stopping spam, Use an Antispam Service or Software
trinoo, Tools of the Attacker’s Trade
Walden Network, The Walden Network
web pages and FTP sites, Web Pages and FTP Repository, WWW Security
Web Security, Privacy & Commerce, Comments and Questions
online stalking, Libel and Defamation
online transactions, security of, What Does SSL Really Protect?
OpenPGP, PGP/OpenPGP
OpenSSL, SSLeay and OpenSSL, SSL Performance, History, Signing Your Keys with Your Own Certification Authority, Signing Your Keys with Your Own Certification Authority, Signing Your Keys with Your Own Certification Authority, Securing Other Services
command line, operation from, Signing Your Keys with Your Own Certification Authority
makecert.ca script, Signing Your Keys with Your Own Certification Authority, Signing Your Keys with Your Own Certification Authority
online resources, SSL Performance
origins of, History
services, securing with, Securing Other Services
Opera, Web Software Covered by This Book
operating systems, restriction of users, A Legacy of Extensibility and Risk
optic cables, First Edition (see cables, network)
optical vampire taps, Fiber optic cable
organized crime, Organized crime
OSI (Open System Interconnection), History and Terminology
outsourced certification authorities, Certification Authorities: Third-Party Registrars
overwriting media, Sanitizing Media Before Disposal

P

P3P (Platform for Privacy Preferences Project), P3P, Support for P3P in Internet Explorer 6.0, Support for P3P in Internet Explorer 6.0, Support for P3P in Internet Explorer 6.0, P3P: The Platform for Privacy Preferences Project, Simple P3P-Enabled Web Site Example, How P3P Works, How P3P Works, How P3P Works, Deploying P3P, Compact Policies, Generating a P3P Policy and Policy Reference File, Helping User Agents Find Your Policy Reference File, Helping User Agents Find Your Policy Reference File, Helping User Agents Find Your Policy Reference File, Compact Policies, Compact Policies, Simple P3P-Enabled Web Site Example
base data elements, How P3P Works
compact policies, Support for P3P in Internet Explorer 6.0, Compact Policies
deploying, Deploying P3P, Compact Policies
enabled web site, example, Simple P3P-Enabled Web Site Example
HTTP responses, P3P headers, Helping User Agents Find Your Policy Reference File
Internet Explorer, support by, Support for P3P in Internet Explorer 6.0
policy reference files, How P3P Works, Generating a P3P Policy and Policy Reference File, Helping User Agents Find Your Policy Reference File, Helping User Agents Find Your Policy Reference File
tags, Helping User Agents Find Your Policy Reference File
well-known locations, Helping User Agents Find Your Policy Reference File
privacy policy, creating, Compact Policies
PrivacySealExample program, How P3P Works
packets, Packets and postcards, Protocols, How DNS works, Engaging the Web, Engaging the Web, Engaging the Web, Engaging the Web, Engaging the Web, Engaging the Web
ACK packets, Engaging the Web
acknowledgment or retransmission, Engaging the Web
byte count, Engaging the Web
displaying text, Engaging the Web
DNS requests, How DNS works
size, Protocols
SYN packets, Engaging the Web
SYNÚACK packets, Engaging the Web
packet sniffers, A wealth of private data
Ethernet interfaces, and, A wealth of private data
packet sniffing, Lesson: Defeat packet sniffing.
packet switching, Building the Internet, Packets and postcards
packet-filtering firewalls, Hosts, gateways, and firewalls, Types of Firewalls
paper, Sanitizing Printed Media, Sanitizing Printed Media
shredders for, Sanitizing Printed Media
throwing out, Sanitizing Printed Media
parity RAID systems, Make Backups!
partitions, First Edition, Types of Backups
backup by, Types of Backups
root, First Edition (see root directory)
passwords, Password-based systems: something that you know, Password-based systems: something that you know, Picking a Great Password, Password sniffers, Bad Passwords: Open Doors, Bad Passwords: Open Doors, Bad Passwords: Open Doors, Good Passwords: Locked Doors, Good Passwords: Locked Doors, Writing Down Passwords, Strategies for Managing Multiple Usernames and Passwords, Password classes, Password keepers, Sharing Passwords, Password sniffers, Password sniffers, Spoofing username/password pop-ups with Java, A Taxonomy of Attacks, Using Encryption to Protect Against Sniffing, Using Encryption to Protect Against Sniffing, Using Encryption to Protect Against Sniffing, Identity-Based Access Controls, Manually Setting Up Web Users and Passwords
bad passwords, characteristics, Bad Passwords: Open Doors
choosing, Good Passwords: Locked Doors
classes, bases, and rotation, Password classes
good passwords, characteristics, Good Passwords: Locked Doors
hit lists of, Bad Passwords: Open Doors
ISPs, requirements for, Bad Passwords: Open Doors
management, multiple passwords, Strategies for Managing Multiple Usernames and Passwords
nonreusable, Using Encryption to Protect Against Sniffing
password files, setting up, Manually Setting Up Web Users and Passwords
password keepers, Password keepers
password sniffers, Password sniffers, Password sniffers, Using Encryption to Protect Against Sniffing, Using Encryption to Protect Against Sniffing
protocols, secure against, Password sniffers
sharing of, Sharing Passwords
spoofing requests for, Spoofing username/password pop-ups with Java
theft of, A Taxonomy of Attacks
writing down, Writing Down Passwords
patches, Keeping Abreast of Bugs and Flaws
patents, Patents
patents, cryptographic systems, Cryptography and the Patent System, The outlook for patents
PCT (Private Communications Technology), PCT, SSL Versions
peering agreements, Network Access Points and Metropolitan Area Exchanges
PEM certification format, example, Signing Your Keys with Your Own Certification Authority
performance, First Edition, Rules for C, Lesson: Monitor your system.
(see also resources)
C programs, Rules for C
monitoring resources, Lesson: Monitor your system.
Perl programming language, Fixing the problem, Fixing the problem, Rules for Perl, Rules for Perl
scripts, filtering, Fixing the problem
system function, Fixing the problem
tainting, Rules for Perl
PERL.EXE and the cgi-bin directory, Programs That Should Not Be CGIs
personal certificates, Types of Certificates
personal information, Personal, Private, and Personally Identifiable Information, Choosing a Good Service Provider
ISPs, available to, Choosing a Good Service Provider
personally identifiable information, First Edition (see PII)
personnel, security aspects of, Personnel
PGP (Pretty Good Privacy), PGP/OpenPGP, PGP/OpenPGP, PGP public keys, Creating a public key/private key pair with PGP, Creating a public key/private key pair with PGP, Document Author Identification Using PGP, CERT/CC’s PGP signatures, PGP certification, PGP certification, Understanding Digital Certificates with PGP, Understanding Digital Certificates with PGP, Certifying Your Own Key, Certifying Your Own Key, Certifying Other People’s Keys: PGP’s “Web of Trust”, Software Resources
digital certificates, and, Understanding Digital Certificates with PGP
document authentication, Document Author Identification Using PGP
DSA algorithm, and, Creating a public key/private key pair with PGP
fraudulent keys, Certifying Your Own Key
key certification, Certifying Other People’s Keys: PGP’s “Web of Trust”
key-pair generation, Creating a public key/private key pair with PGP
keys, certification, Certifying Your Own Key
public keys and digital certificates, Understanding Digital Certificates with PGP
signatures, CERT/CC’s PGP signatures, PGP certification, PGP certification
certification, PGP certification
software signature, Software Resources
phf script, Programs That Should Not Be CGIs
phishing (identity theft scams), Identity Theft
phone charge scams, David.exe
physical security, Security for Backups, Data security for backups, Physical Security for Servers, Nothing to Lose?, The Physical Security Plan, Physical Access
access control, Physical Access
of backups, Security for Backups, Data security for backups
plan, The Physical Security Plan
physical tokens, Physical tokens: something that you have
PICS (Platform for Internet Content Selection), PICS, Censoring the network, The PICS Specification, Requesting a Label from a Rating Service, Rating Services, Rating Services, PICS Labels, Labeled Documents, Requesting PICS Labels by HTTP, Requesting a Label from a Rating Service
HTTP label requests, Requesting PICS Labels by HTTP
label specification, PICS Labels
MPAA movie-rating example, Rating Services
name/value pairs, Rating Services
rating services, label requests from, Requesting a Label from a Rating Service
RFC 822 header, document labeling with, Labeled Documents
PII (personally identifiable information), Personal, Private, and Personally Identifiable Information, Support for P3P in Internet Explorer 6.0
ping, How DNS works, A Taxonomy of Attacks
ping of death, A Taxonomy of Attacks
piracy of software, Access Devices and Copyrighted Software, Software Piracy and the SPA
PKI (public key infrastructure), Digital Identification II: Digital Certificates, CAs, and PKI, Public Key Infrastructure, Unrealistic expiration dates, Open Policy Issues, Proof
barriers to development, Open Policy Issues, Proof
PKZIP virus, Code Signing and Legal Restrictions on Cryptography
plaintext, Common Symmetric Key Algorithms, Cryptanalysis
Platform for Internet Content Selection, First Edition (see PICS)
Platform for Privacy Preferences Project, First Edition, First Edition (see P3P)
plug-ins, Helper Applications and Plug-ins, Evaluating Plug-In Security, The History of Helpers, Getting the Plug-In, Getting the Plug-In, Getting the Plug-In, Evaluating Plug-In Security, Evaluating Plug-In Security, Flash and Shockwave, A Legacy of Extensibility and Risk
history, The History of Helpers
installation, Getting the Plug-In
Internet Explorer, Getting the Plug-In
Netscape plug-in security warning, Getting the Plug-In
security aspects, Evaluating Plug-In Security, Evaluating Plug-In Security
security concerns, Flash and Shockwave
Polaroid Corporation, identification products, Tamper-proofing the document
policy reference files, How P3P Works, Generating a P3P Policy and Policy Reference File, Helping User Agents Find Your Policy Reference File
well-known locations, Helping User Agents Find Your Policy Reference File
policy, security, Security Through Policy
pornography and the Internet, Pornography, Indecency, and Obscenity, Mandatory blocking, Child pornography, Pornography Filtering
child pornography, Child pornography
filtering software, Mandatory blocking, Pornography Filtering
portmap service, portmap
portrayal of information in false light, The Tort of Privacy
ports, How DNS works, SSL/TLS Features, Installing Apache and mod_ssl on FreeBSD
SSL on TCPÚIP, SSL/TLS Features
updating, Installing Apache and mod_ssl on FreeBSD
POSIX specification, system calls, General Principles for Writing Secure Scripts
Postel, Jon, The Internet Corporation for Assigned Names and Numbers
power surges, First Edition, Protecting Computer Hardware, Electrical noise
(see also lightning)
PPP (Point-to-Point Protocol), PC to LAN to Internet
preventing theft, Preventing Theft
Princton University Secure Internet Programming group, Java Security Problems
print through process, Verify your backups
printer spoolers, security risks, Printer buffers
printers, security risks, Printer buffers
privacy, Digital Certificates Allow for Easy Data Aggregation, Understanding Privacy, The Tort of Privacy, The refer link field, Cookie Uses, Privacy-Protecting Techniques, Protecting Yourself From Identity Theft, Keystroke recorders and keyboard sniffers, Keystroke recorders and keyboard sniffers, Hotmail, Yahoo Mail, and Other Web-Based Email Services, JavaScript Security Flaws, Internet-Based Payment Systems, Security and privacy, Security and privacy, Publicity and Privacy, Lesson: It is very difficult to change a phone number. So pick your company’s phone number early and use it consistently.
cookies, and, Cookie Uses
digital cash systems, Internet-Based Payment Systems, Security and privacy, Security and privacy
digital certificates, and, Digital Certificates Allow for Easy Data Aggregation
downloaded software, from, Keystroke recorders and keyboard sniffers
email and, Hotmail, Yahoo Mail, and Other Web-Based Email Services
JavaScript and, JavaScript Security Flaws
protecting, Privacy-Protecting Techniques, Protecting Yourself From Identity Theft
torts, The Tort of Privacy
violations, refer link field, The refer link field
web browser extensions, from, Keystroke recorders and keyboard sniffers
Privacy Act of 1974, The Code of Fair Information Practices
Privacy Foundation, Web Bugs on Web Pages
web bugs, guidelines for use, Web Bugs on Web Pages
privacy policies, User-Provided Information, Deploying P3P, Compact Policies
P3P, deploying, Deploying P3P, Compact Policies
privacy protections, The Code of Fair Information Practices, The Code of Fair Information Practices, The Code of Fair Information Practices, The Code of Fair Information Practices, Other National and International Regulations, OECD Guidelines, Other National and International Regulations, Other National and International Regulations, “Voluntary Regulation” Privacy Policies, Seal programs, Children’s Online Privacy Protection Act, Enforcement, Support for P3P in Internet Explorer 6.0
American business, self regulation, “Voluntary Regulation” Privacy Policies
Canada, Other National and International Regulations
Code of Fair Information Practices, The Code of Fair Information Practices
COPPA, Children’s Online Privacy Protection Act, Enforcement
early US legislation, The Code of Fair Information Practices
European legislation, The Code of Fair Information Practices, Other National and International Regulations
European Union, Other National and International Regulations
Fair Credit Reporting Act, The Code of Fair Information Practices
Internet Explorer 6.0, built into, Support for P3P in Internet Explorer 6.0
OECD guidelines, OECD Guidelines
seal programs, Seal programs
privacy-protecting technologies, Privacy-Protecting Technologies
PrivacySealExample Program, How P3P Works
Private Communications Technology (PCT), First Edition, PCT
private information, Personal, Private, and Personally Identifiable Information
private keys, Cryptographic Algorithms and Functions, Creating and Storing the Private Key, Smart cards, Creating and Storing the Private Key
generation and storage, Creating and Storing the Private Key
management, Creating and Storing the Private Key, Smart cards
privileges, CGI scripts and, Writing Scripts That Run with Additional Privileges
profiles, Cookie Uses
programmed threats, Computer Viruses and Programmed Threats
programming, First Edition, Rules to Code By, Rules for the Unix Shell, Unix System Administration
errors, First Edition (see bugs)
guidelines for, Rules to Code By, Rules for the Unix Shell
references for, Unix System Administration
programs that spend money, Programs That Spend Your Money
Promo Line, Inc., David.exe
proprietary encryption algorithms, Cryptography and Trade Secret Law
protocols, Protocols
proxies, Hosts, gateways, and firewalls
proxy firewalls, Types of Firewalls
proxy servers, Obscuring web logs, Local HTTP Proxies
public key cryptography, Cryptographic Algorithms and Functions, Cryptographic Algorithms and Functions, Cryptographic Algorithms and Functions, Attacks on Public Key Algorithms, The public key patents, Stopping Replay Attacks with Public Key Cryptography, Creating and Storing the Private Key, Smart cards, Creating a public key/private key pair with PGP, Real-World Public Key Examples, Public Key Authentication Using SSH, Public Key Authentication Using SSH, Public Key Authentication Using SSH, Understanding Digital Certificates with PGP, Certifying Other People’s Keys: PGP’s “Web of Trust”, Hushmail
algorithms, attacks on, Attacks on Public Key Algorithms
authentication using SSH, Public Key Authentication Using SSH, Public Key Authentication Using SSH
challenge-response, Public Key Authentication Using SSH
digital certificates, Understanding Digital Certificates with PGP
Hushmail, Hushmail
key certification, Certifying Other People’s Keys: PGP’s “Web of Trust”
Web of Trust, Certifying Other People’s Keys: PGP’s “Web of Trust”
patents, The public key patents
PGP, key generation with, Creating a public key/private key pair with PGP
private key management, Creating and Storing the Private Key, Smart cards
public key systems, Cryptographic Algorithms and Functions, Cryptographic Algorithms and Functions, Cryptographic Algorithms and Functions
computational expense, Cryptographic Algorithms and Functions
real-world examples, Real-World Public Key Examples
replay attacks, preventing, Stopping Replay Attacks with Public Key Cryptography
public keys, Cryptographic Algorithms and Functions, Cryptographic Algorithms and Functions, Cryptographic Algorithms and Functions, Public Key Algorithms, Key search attacks, Using Public Keys for Identification, Creating a public key/private key pair with PGP, PGP public keys, Creating and Storing the Private Key
cryptographic algorithms, Public Key Algorithms, Key search attacks
identification, using for, Using Public Keys for Identification, Creating a public key/private key pair with PGP
PGP, PGP public keys
smart cards, and, Creating and Storing the Private Key
public libraries and anonymous browsing, Simple Approaches to Protecting Your IP Address
public terminals, security risks, Beware of public terminals
public/private key pairs for web servers, Deciding on the Private Key Store
publicity, Publicity and Privacy, Lesson: It is very difficult to change a phone number. So pick your company’s phone number early and use it consistently.
punch-down blocks vs. RJ11 plugs, Lesson: Use centrally located punch-down blocks for computer and telephone networks.
purchasing over Internet, Internet-Based Payment Systems, Gator Wallet

Q

quantum computing, Key Length with Symmetric Key Algorithms
Quicken wire transfer program, The Chaos Quicken Checkout

R

‘r’ commands, Minimizing Risk by Minimizing Services
race conditions, General Principles for Writing Secure Scripts
radio eavesdropping, Eavesdropping by radio and using TEMPEST
radio interference and computers, Electrical noise
RADIUS (Remote Authentication Dial-In User Service), RADIUS Logs, Use RADIUS or LDAP
RAID (Redundant Arrays of Inexpensive Disk) systems, Make Backups!
rain, First Edition (see water)
raised floors, Raised floors and dropped ceilings
RAM, theft of, RAM theft
RASC (Recreational Software Advisory Council), RSACi
rating services, RSACi, The PICS Specification, Requesting a Label from a Rating Service
RSACi, RSACi
RC2, RC5, and RC4 algorithms, Common Symmetric Key Algorithms
rcp program, Secure Content Updating
rdist program, Secure Content Updating
real-time validation of certificates, Real-time certificate validation
recommended books, About This Book
records, TLS Record Layer
Recreational Software Advisory Council (RASC), RSACi
redundancy, The Walden Network, Protecting Via Redundancy
protection using, Protecting Via Redundancy
refer links and refer link fields, The refer link field
refunds, Refunds and Charge-Backs, Refunds and Charge-Backs
Regulations E and Z, What Does SSL Really Protect?
relative humidity, Humidity
relative identification, Computer-Based Identification Techniques
remote attacks, A Taxonomy of Attacks
remote content updating, Secure Content Updating, Secure Content Updating
renewing certificates, Certificate Renewal
replay attacks, SSL/TLS Features, SSL/TLS Features, Replay Attacks, Stopping Replay Attacks with Public Key Cryptography
public key cryptography, preventing with, Stopping Replay Attacks with Public Key Cryptography
SSL, level of security from, SSL/TLS Features
Requests for Comments (RFCs), The Internet Corporation for Assigned Names and Numbers
Resnick, Paul, PICS and Censorship, Access controls become tools for censorship, The PICS Specification
resources, Window system attacks, Lesson: Monitor your system.
GUIs and, Window system attacks
monitoring, Lesson: Monitor your system.
restricted sites zone, Internet Explorer’s “security zones”
restricting access, First Edition (see access control)
retention, Retention and Rotation, How Long Should You Keep a Backup?
of backups, How Long Should You Keep a Backup?
reverse charge transactions, Refunds and Charge-Backs, Refunds and Charge-Backs
revocation of digital certificates, Revocation, Revoking a Digital ID
RFCs (Requests for Comments), The Domain Name Service, The Internet Corporation for Assigned Names and Numbers, Cryptography and the Web, Cookie Jars, Host-Based Restrictions, Labeled Documents
RFC 1918, The Domain Name Service, Host-Based Restrictions
RFC 2109, Cookie Jars
RFC 602, Cryptography and the Web
RFC 822 header, Labeled Documents
.rhost file, Secure Content Updating
Rinjdael (AES) algorithm, Key Length with Symmetric Key Algorithms, Key Length with Symmetric Key Algorithms, Common Symmetric Key Algorithms
key length, Key Length with Symmetric Key Algorithms
risk analysis, Risk Analysis and Best Practices
Rivest, Ronald L., Public Key Algorithms, Message Digest Functions
RJ11 plugs vs. punch-down blocks, Lesson: Use centrally located punch-down blocks for computer and telephone networks.
root (/) directory, backups of, Types of Backups
root kits, Tools of the Attacker’s Trade
root nameservers, First Edition (see under nameservers)
rotating backup media, Types of Backups
rotation, Retention and Rotation
routers, Hosts, gateways, and firewalls
RSA algorithm, Common Symmetric Key Algorithms, Public Key Algorithms, The public key patents, Creating a public key/private key pair with PGP, Public Key Authentication Using SSH, History
patents, The public key patents
PGP, and, Creating a public key/private key pair with PGP
SSH, authentication, Public Key Authentication Using SSH
SSL, and, History
RSA Data Security, Certification Authorities: Some History
RSA Data Security Inc., Key search attacks, Digital Certificates, Certification Authorities: Some History, History
BSafe-SSL-C, History
certificates, SSL support, Digital Certificates
certification services, Certification Authorities: Some History
factoring challenges, Key search attacks
RSACi rating system, RSACi

S

S/Key system, Using Encryption to Protect Against Sniffing
S/MIME (Secure/MIME), S/MIME
safeWeb, Anonymous Web Browsing Services, Anonymous Web Browsing Services
Triangle Boy service, Anonymous Web Browsing Services
sandbox, Java, Safety is not security
sanitizing media, Sanitizing Media Before Disposal, Sanitizing Media Before Disposal
SATAN, Network scanning programs, SATAN
saving backup media, First Edition, How Long Should You Keep a Backup?
(see also archiving information; backups)
scp program, Secure Content Updating
screen savers, Screensavers
password-protected, Screensavers
screensavers, Card Shark
security risks, Card Shark
script kiddies, Script kiddies
scripts, Securing the Web Server, JavaScript, Can’t break a running script, Securing Web Applications, General Principles for Writing Secure Scripts, General Principles for Writing Secure Scripts
breaking, Can’t break a running script
using time-outs, General Principles for Writing Secure Scripts
writing in security, General Principles for Writing Secure Scripts
search warrants, Hazards of Criminal Prosecution, Criminal Hazards
secret key algorithms, Cryptographic Algorithms and Functions
secrets, SSL/TLS Features
Secure Electronic Transaction (SET), SET, SET
secure email, Secure Email
Secure Hash Algorithms (SHA, SHA-1), Message Digest Functions
Secure Shell (SSH), SSH
Secure Sockets Layer, First Edition, First Edition (see SSL)
Secure Tracking of Office Property, Tagging
secure tunneling, Anonymous Web Browsing Services
secure web servers, Securing the User’s Computer
Secure/MIME, S/MIME
securing the web server, Securing the Web Server
security, Uses of Message Digest Functions, Tamper-proofing the document, Disabling Cookies, Security for Backups, Data security for backups, Physical Security for Servers, Nothing to Lose?, The Physical Security Plan, Security Through Policy, Installation II: Installing the Software and Patches, Using Security Tools, Network scanning programs, Intrusion detection systems, Using Encryption to Protect Against Sniffing, Securing Web Applications, Conclusion, Rules to Code By, General Principles for Writing Secure Scripts, General Principles for Writing Secure Scripts, How to Evaluate a Credit Card Payment System
against eavesdropping, Using Encryption to Protect Against Sniffing
design principles, General Principles for Writing Secure Scripts
disabling cookies, Disabling Cookies
evaluating credit card systems, How to Evaluate a Credit Card Payment System
evaluating site security, Using Security Tools, Network scanning programs
holograms, Tamper-proofing the document
intrusion detection programs, Intrusion detection systems
message digests, Uses of Message Digest Functions
policies, implementing, Security Through Policy, Installation II: Installing the Software and Patches
programming guidelines, Rules to Code By, General Principles for Writing Secure Scripts
protecting backups, Security for Backups, Data security for backups
serversÕ physical environment, Physical Security for Servers, Nothing to Lose?
web applications, and, Securing Web Applications, Conclusion
security holes, Bugtraq
mailing list for, Bugtraq
security mailing lists, Keeping Abreast of Bugs and Flaws
security perimeter, The Physical Security Plan
security plan, The Physical Security Plan
confidentiality of, The Physical Security Plan
security policies, Java, Java Security Policy
security risks, Protecting Local Storage, X terminals, Function keys, Screensavers, Key Switches, Personnel, Story: A Failed Site Inspection
data storage, Protecting Local Storage
function keys, Function keys
personnel, Personnel
real world examples, Story: A Failed Site Inspection
single-user boot up, Key Switches
vendor supplied screensavers, Screensavers
X Windows terminals, X terminals
security tools, Using Security Tools, Network scanning programs
security zones, Internet Explorer’s “security zones”
SecurityManager class (Java), Safety is not security
sensors, First Edition (see detectors)
server certificates, Types of Certificates
server key exchange message, 4. Server key exchange
ServerHello, 2. ServerHello
servers, First Edition, The client/server model, Web Logs, Obscuring web logs, Obscuring web logs, Physical Security for Servers, Nothing to Lose?
access to, First Edition (see access control)
log files, Web Logs, Obscuring web logs
physical security of, Physical Security for Servers, Nothing to Lose?
proxy, Obscuring web logs
services, minimizing, Simplification of services
session cookies, Support for P3P in Internet Explorer 6.0
session hijacking, Using Encryption to Protect Against Sniffing
session keys, Cryptographic Algorithms and Functions
SET (Secure Electronic Transaction) protocol, SET, SET, Two channels: one for the merchant, one for the bank
Set-Cookie header, The Cookie Protocol
SetReg.exe, The Authenticode SDK
settlement, Internet-Based Payment Systems
setuid( ) and setgid( ), Writing Scripts That Run with Additional Privileges
sexygirls.com, David.exe
SHA, SHA-1 (Secure Hash Algorithms), Message Digest Functions
Shamir, Adi, Public Key Algorithms
shell scripts, Rules for the Unix Shell
Shockwave, Flash and Shockwave, Flash and Shockwave
plug-in, Flash and Shockwave
shredders, Protecting Yourself From Identity Theft, Sanitizing Printed Media
signature authentication with PGP, CERT/CC’s PGP signatures, PGP certification
SignCode.exe, The Authenticode SDK, Signing a program, Signing a program, Code signing from the command line, Code signing from the command line
command line operation, Code signing from the command line, Code signing from the command line
Sims, Joe, The Internet Corporation for Assigned Names and Numbers
single-user boot up, Key Switches
SIP (Secure Internet Programming) group, Java Security Problems
site exclusion lists, Architectures for Filtering
site inspection, Story: A Failed Site Inspection
site security, Using Security Tools, Network scanning programs
evaluating, Using Security Tools, Network scanning programs
SLAs (Service Level Agreements), Providing for Redundancy
smart cards, Identity-Based Access Controls, Smart cards
smart cards and public keys, Creating and Storing the Private Key
smoke, effects on computer equipment, Smoke
‘Snake Oil’ self-signed certificate, Installing Apache and mod_ssl on FreeBSD
snapshots, Snapshot tools
social engineering, Sanitizing Printed Media, Sanitizing Printed Media, A Taxonomy of Attacks
employee phonebooks, and, Sanitizing Printed Media
social engineering attacks, Resist social engineering attacks, Spoofing username/password pop-ups with Java
SOCKS, SOCKS
software, First Edition, Access Devices and Copyrighted Software, The “Pledge”, Obtaining a Software Publishing Certificate, Patents, Lesson: Remember, the “free” in “free software” refers to “freedom.”, Lesson: If you have the time to write it, custom software always works better than what you can get off the shelf., Monitoring Software, Lesson: Monitor your system.
custom, Lesson: If you have the time to write it, custom software always works better than what you can get off the shelf.
free, Lesson: Remember, the “free” in “free software” refers to “freedom.”
liability, First Edition (see liability)
for monitoring, Monitoring Software, Lesson: Monitor your system.
patents, Patents
piracy, Access Devices and Copyrighted Software
publishing, The “Pledge”, Obtaining a Software Publishing Certificate
software failure, Why Make Backups?
software key escrow, U.S. regulatory efforts and history
software patents, Cryptography and the Patent System
software piracy, Software Piracy and the SPA
Software PublisherÕs Pledge, The “Pledge”
Software Publishers Association (SPA), Software Piracy and the SPA
software publishing certificates, Types of Certificates, Microsoft’s ActiveX, Code signing from the command line
obtaining, Code signing from the command line
SomarSoft, Network scanning programs
source address, Packets and postcards
SPA (Software Publishers Association), Software Piracy and the SPA
spam, Avoiding Spam and Junk Email, Use Address Munging, Use an Antispam Service or Software
preventing, Avoiding Spam and Junk Email, Use Address Munging, Use an Antispam Service or Software
address munging, Use Address Munging
anti-spam software and services, Use an Antispam Service or Software
Spam Exterminator, Use an Antispam Service or Software
SpamCop, Use an Antispam Service or Software
SpammerSlammer, Use an Antispam Service or Software
spies, Ideologues and national agents
spoofing, Tamper-proofing the document, Wrong Server Address
DNS spoofing, Wrong Server Address
forgery-proof identification, Tamper-proofing the document
spoofing attacks, JavaScript Spoofing Attacks, Spoofing username/password pop-ups with Java, Lesson: Beware of TCP/IP spoofing.
sprinkler systems, First Edition, Fire
(see also water)
SRI-NIC, The Internet Corporation for Assigned Names and Numbers
SSH (Secure Shell), SSH, Public Key Authentication Using SSH, Public Key Authentication Using SSH, Public Key Authentication Using SSH, Public Key Authentication Using SSH, Public Key Authentication Using SSH, Public Key Authentication Using SSH, SSH
nonce challenge, Public Key Authentication Using SSH
public key authentication, Public Key Authentication Using SSH, Public Key Authentication Using SSH
RSA authentication, Public Key Authentication Using SSH
viewing the key, Public Key Authentication Using SSH
ssh-keygen program, Public Key Authentication Using SSH
SSL (Secure Sockets Layer), Securing Information in Transit, Message Digest Functions, SSL, Understanding SSL and TLS, What Is SSL?, SSL/TLS Features, SSL/TLS Features, What Does SSL Really Protect?, Digital Certificates, SSL Implementations, SSLRef and Mozilla Network Security Services, SSLRef and Mozilla Network Security Services, SSLeay and OpenSSL, SSL Java, SSL Performance, SSL Performance, SSL Performance, Browser Preferences, Internet Explorer preferences, Browser Alerts, Certification Authorities: Some History, Deploying SSL Server Certificates, Wrong Server Address, Planning for Your SSL Server, Choosing a Server, Choosing a Server, The SSL certificate format, Creating SSL Servers with FreeBSD, Securing Other Services, History, Obtaining the Programs, The Apache mod_ssl configuration file, Securing Other Services, Installing an SSL Certificate on Microsoft IIS, Not Yet Valid and Expired Certificates, Wrong Server Address, The SSL/TLS Protocol, 12. Application Data, History
browser alerts, Browser Alerts
browser preferences, Browser Preferences, Internet Explorer preferences
certificates, format, The SSL certificate format
certificates, installation on IIS, Installing an SSL Certificate on Microsoft IIS
certificates, supported, Digital Certificates
history of, History
implementations of, SSL Implementations
invalid certificates, causes of, Not Yet Valid and Expired Certificates
invention by Netscape, Certification Authorities: Some History
Java, support in, SSL Java
key-caching, SSL Performance
MD5, use of, Message Digest Functions
NSS, SSLRef and Mozilla Network Security Services
open source programs, online resources, Obtaining the Programs
OpenSSL, SSLeay and OpenSSL
performance, SSL Performance
RSA public key algorithm, and, History
security deficits, What Does SSL Really Protect?, SSL Performance
server addresses,checking, Wrong Server Address
server certificates, deploying, Deploying SSL Server Certificates, Wrong Server Address
servers, Planning for Your SSL Server, Choosing a Server, Choosing a Server, Creating SSL Servers with FreeBSD, Securing Other Services
choosing, Choosing a Server
FreeBSD, creation with, Creating SSL Servers with FreeBSD, Securing Other Services
planning, Planning for Your SSL Server
supporting packages, Choosing a Server
SSLRef, SSLRef and Mozilla Network Security Services
TCPÚIP, ports used on top of, SSL/TLS Features
transparency to user, SSL/TLS Features
Unix daemons, adding encryption to, Securing Other Services
Version 3.0, The SSL/TLS Protocol, 12. Application Data
web server, The Apache mod_ssl configuration file
VirtualHost, The Apache mod_ssl configuration file
SSL Hello, What Is SSL?
SSL/TLS, First Edition, SSL/TLS Features, SSL/TLS Features, SSL/TLS Features, SSL Performance, The SSL/TLS Protocol, 12. Application Data, SSL/TLS Protocols, ChangeCipherSpec Protocol, Alert Protocol, ChangeCipherSpec Protocol, SSL 3.0/TLS Handshake, 12. Application Data, Sequence of Events, 1. ClientHello, 2. ServerHello, 4. Server key exchange, 5. Certificate Request, 9. CertificateVerify
(see also SSL, TLS)
alerts, Alert Protocol
ChangeCipherSpec protocol, ChangeCipherSpec Protocol
compression support, SSL/TLS Features
handshake protocol, SSL 3.0/TLS Handshake, 12. Application Data, Sequence of Events, 1. ClientHello, 2. ServerHello, 4. Server key exchange, 5. Certificate Request, 9. CertificateVerify
Certificate Reaquests, 5. Certificate Request
CertificateVerify message, 9. CertificateVerify
client/server exchange, Sequence of Events
ClientHello, 1. ClientHello
server key exchange message, 4. Server key exchange
ServerHello, 2. ServerHello
online resources, SSL Performance
protocols, SSL/TLS Protocols, ChangeCipherSpec Protocol
SSLeay, SSLeay and OpenSSL, History
sslwrap program, Securing Other Services
stack attacks, CPU and stack attacks
static audits, Snapshot tools
static electricity, Electrical noise
static IP addresses, The Walden Network
stolen property, First Edition (see theft)
stolen usernames and passwords, A Taxonomy of Attacks
storage, Protecting Local Storage, Function keys
storing private keys, Creating and Storing the Private Key
stream algorithms, Symmetric Key Algorithms
strength of cryptographic systems, Cryptographic Strength of Symmetric Algorithms
strength, cryptographic, Cryptographic Strength of Symmetric Algorithms
string command, Screensavers
strings(1) command, Engaging the Web
striping, Make Backups!
subject.commonName field, wildcards, The SSL certificate format
substitution ciphers, Roots of Cryptography
SUID and SGID privileges, Writing Scripts That Run with Additional Privileges
Sun Java SDK, Code Signing Today
code signing system, Code Signing Today
Sun Microsystems, Java’s History
Superincreasing Knapsack Problem, Analytic attacks
Surety Technologies, Inc., There Are Too Many Robert Smiths
surge suppressors, Lightning
surges, First Edition (see power surges)
Swatch program, Swatch
SymLinksIfOwnerMatch option, Commands Before the <Limit>. . . </Limit> Directive
symmetric key algorithms, Cryptographic Algorithms and Functions, Systems-based attacks, Common Symmetric Key Algorithms
common schemes, Common Symmetric Key Algorithms
symmetric keys, Cryptographic Algorithms and Functions, Cryptographic Algorithms and Functions, Cryptographic Algorithms and Functions
exchange, problems with, Cryptographic Algorithms and Functions
security issues, Cryptographic Algorithms and Functions
uniqueness, problems with, Cryptographic Algorithms and Functions
SYN packets, Engaging the Web
SYNÚACK packets, Engaging the Web
syslog, General Principles for Writing Secure Scripts
system administration, Why Make Backups?, Sanitizing Media Before Disposal, Unix System Administration
errors by, Why Make Backups?
references on, Unix System Administration
sanitizing media, Sanitizing Media Before Disposal
system calls, checking return codes from, General Principles for Writing Secure Scripts
systems-based crytpographic attacks, Systems-based attacks

T

tagging, Tagging
tags, The <OBJECT> Tag, JavaScript
tainting Perl, Rules for Perl
tamper-proofing of documents, Tamper-proofing the document
tandem backup, Guarding Against Media Failure
tax collection and digital money, Security and privacy
TCP/IP (Transmission Control Protocol/Internet Protocol), Protocols, Engaging the Web, What Is SSL?, Lesson: Beware of TCP/IP spoofing.
connections, Engaging the Web
spoofing, Lesson: Beware of TCP/IP spoofing.
tcpdump, How DNS works, How DNS works, Engaging the Web
three-way handshakes, Engaging the Web
tcpwrapper system, tcpwrapper
telephone billing fraud, Telephone billing records
telephones, cellular, Electrical noise
Telnet service, Minimizing Risk by Minimizing Services
temperature, impact on hardware, Temperature extremes
TEMPEST system, Eavesdropping by radio and using TEMPEST
temporary files, Rules for C
terrorists, Ideologues and national agents
testing, First Edition (see evaluating verifying)
theft, A wealth of private data, A wealth of private data, Preventing Theft, RAM theft, Protecting Backups, Potential for eavesdropping and data theft
of backups, Protecting Backups
information theft, A wealth of private data, A wealth of private data
prevention, Preventing Theft
RAM, RAM theft
third-party certification authorities, Certification Authorities: Third-Party Registrars
third-party cookies, An example, Support for P3P in Internet Explorer 6.0
Thomas, Robert and Carleen, Amateur Action
threats, First Edition, Why Make Backups?, Guarding Against Media Failure, Security for Backups, Data security for backups, Can’t break a running script, Mirror worlds, Bugs (biological), Vandalism, Network connectors, Sanitizing Printed Media, Sanitizing Printed Media, Unattended Terminals, Screensavers, General Principles for Writing Secure Scripts, Writing Scripts That Run with Additional Privileges, Hazards of Criminal Prosecution, The Responsibility to Report Crime, Trademark Violations, RISKS, Computer Viruses and Programmed Threats
to backups, Security for Backups, Data security for backups
biological, Bugs (biological)
computer failures, Why Make Backups?
criminal prosecution, risks of pursuing, Hazards of Criminal Prosecution, The Responsibility to Report Crime
disposed materials, Sanitizing Printed Media, Sanitizing Printed Media
inability to break running scripts, Can’t break a running script
mailing list for, RISKS
media failure, Guarding Against Media Failure
mirror worlds, Mirror worlds
programmed, Computer Viruses and Programmed Threats
race conditions, General Principles for Writing Secure Scripts
spoofing, First Edition (see spoofing)
SUID and SGID privileges, Writing Scripts That Run with Additional Privileges
trademark violation, Trademark Violations
unattended terminals, Unattended Terminals, Screensavers
vandalism, Vandalism, Network connectors
three-way handshakes, Engaging the Web
Thwate Holdings, Certification Authorities: Some History
Tiger, Tiger
Tiger utility, Snapshot tools
Time Warner, Java’s History
timeouts, General Principles for Writing Secure Scripts
TIS Internet Firewall Toolkit (FWTK), TIS Internet Firewall Toolkit
Title III, Elementary and Secondary Education Act, Pornography Filtering
TLS (Transport Layer Security), First Edition, Understanding SSL and TLS, SSL Versions, The SSL/TLS Protocol, 12. Application Data, TLS Record Layer, TLS Record Layer
(see also SSL, SSLÚTLS)
MACs (message authentication codes), TLS Record Layer
origins, Understanding SSL and TLS
record layer, TLS Record Layer
TMOUT variable, Built-in shell autologout
Útmp directory, security of, General Principles for Writing Secure Scripts
tobacco smoke, effects on computer equipment, Smoke
token-based authentication, Using Encryption to Protect Against Sniffing
tokens, Physical tokens: something that you have, Physical tokens: something that you have
top-level nameservers, First Edition (see under nameservers)
tort of privacy, The Tort of Privacy
traceroutes, Transit
tracing programs, Laptop Recovery Software and Services
trade secret law and cryptography, Cryptography and Trade Secret Law
trademarks, Trademarks, Trademark Violations, Obtaining a Trademark, Obtaining a Trademark, Trademark Violations, Domain Names and Trademarks
domain names, and, Domain Names and Trademarks
establishing a trademark, Obtaining a Trademark
infringement, Trademark Violations
registration, Obtaining a Trademark
traffic, Network Access Points and Metropolitan Area Exchanges
traffic analysis, Key Length with Symmetric Key Algorithms
transborder data flows, OECD Guidelines
transit, Transit
transit agreements, Network Access Points and Metropolitan Area Exchanges
Transmission Control Protocol/Internet Protocol, First Edition (see TCP/IP)
transmitted data blocking, Architectures for Filtering
transmitters, radio, Electrical noise
transposition ciphers, Roots of Cryptography
trashing, Sanitizing Printed Media
Triangle Boy, Anonymous Web Browsing Services
triangulation, Personal, Private, and Personally Identifiable Information
trinoo, Tools of the Attacker’s Trade
Triple-DES algorithm, Common Symmetric Key Algorithms
Tripwire, Change-detecting tools, Tripwire
Trojan horses, A Taxonomy of Attacks
trust, Trust and validity, Spoofing username/password pop-ups with Java, Spoofing browser status with JavaScript
domains, Spoofing browser status with JavaScript
Java applets, Spoofing username/password pop-ups with Java
trust hierarchies, Public Key Infrastructure
TRUSTe, Seal programs
Trusted Root Certification Authorities, Internet Explorer Preinstalled Certificates
trusted sites zone, Internet Explorer’s “security zones”
tunnels, SSH
two-factor authentication, Physical tokens: something that you have
two-key cryptography, Cryptographic Algorithms and Functions

U

UCD (Uniform Call Distribution), Lesson: Design your systems to fail gracefully.
UDP (User Datagram Protocol), Protocols, UDP Packet Relayer
Packet Relayer, UDP Packet Relayer
UDRP (Uniform Dispute Resolution Policy), Protecting Your Domain Registration, Domain Names and Trademarks
unattended terminals, Unattended Terminals, Screensavers
uniform resource locators, First Edition (see URLs)
uninterruptable power supply (UPS), Fire
United States, Federal jurisdiction, Federal Computer Crime Laws, Payment Cards in the United States
federal computer crime laws, Federal Computer Crime Laws
federal jurisdiction, Federal jurisdiction
payment cards in, Payment Cards in the United States
Unix, Engaging the Web, Logging on Unix, Logging on Unix, Logging on Unix, Rules for the Unix Shell, Securing Other Services, Unix System Administration
logging, Logging on Unix, Logging on Unix
pruning of log files, Logging on Unix
newsyslog command, Logging on Unix
programming references, Unix System Administration
shell scripts, Rules for the Unix Shell
sslwrap program, Securing Other Services
strings(1) command, Engaging the Web
Unix shell, security vulnerabilities, The problem with the script
unroutable IP addresses, The Domain Name Service
unsecure hosts, Current Host Security Problems
unspoofable areas, Spoofing browser status with JavaScript
updating content securely, Secure Content Updating, Secure Content Updating
uploading stored information, Protecting Local Storage
UPS (uninterruptable power supply), Fire
URLs (uniform resource locators), Weaving the Web, Mirror worlds, Hidden URLs
hidden, Hidden URLs
mirror worlds, Mirror worlds
Usenet groups, Usenet Groups
user education, Securing the User’s Computer
user error, Why Make Backups?
usernames, Smoking Joes, A Taxonomy of Attacks
doubling as passwords (Joes), Smoking Joes
theft of, A Taxonomy of Attacks
users, First Edition, Biometrics: something that you are, Cookie Uses, Spoofing username/password pop-ups with Java, Unattended Terminals, Screensavers, A Legacy of Extensibility and Risk, General Principles for Writing Secure Scripts, Identity-Based Access Controls, Manually Setting Up Web Users and Passwords
access based on, Identity-Based Access Controls
asking for information/action, Spoofing username/password pop-ups with Java
authenticating, Manually Setting Up Web Users and Passwords
biometric identification systems, Biometrics: something that you are
checking values from, General Principles for Writing Secure Scripts
cookies for, Cookie Uses
operating system restrictions of, A Legacy of Extensibility and Risk
spoofing/impersonating, First Edition (see spoofing)
unattended terminals, Unattended Terminals, Screensavers

V

vacuums, computer, Dust
validity, Trust and validity
vampire taps, Fiber optic cable
vandalism, Vandalism, Network connectors
VBA signing, Code Signing Today
VC-I video encryption algorithm, Systems-based attacks
vendors, choosing, Choosing Your Vendor, Choosing Your Vendor
evaluation web site, Choosing Your Vendor
Venema, Wietse, Network scanning programs
ventilation, First Edition, Entrance through air ducts, Ventilation holes
(see also dust; smoke and smoking)
air ducts, Entrance through air ducts
holes (in hardware), Ventilation holes
verification, First Edition, Safety is not security, General Principles for Writing Secure Scripts, The charge card check digit algorithm
(see also authentication)
credit card check digit, The charge card check digit algorithm
Java bytecode, Safety is not security
user input, General Principles for Writing Secure Scripts
verifying, Verify your backups
backups, Verify your backups
VeriSign, Certification Authorities: Third-Party Registrars, Certification Authorities: Some History, Multiple Certificates for a Single CA, Multiple Certificates for a Single CA, A Tour of the VeriSign Digital ID Center, Revoking a Digital ID, The “Pledge”, Obtaining a Software Publishing Certificate
digital certificates of, Multiple Certificates for a Single CA, Multiple Certificates for a Single CA
software publishing and, The “Pledge”, Obtaining a Software Publishing Certificate
vibration, Vibration
video tape, Guarding Against Media Failure
vigilantes, Ideologues and national agents
Vineyard.NET, In the Beginning, Conclusion
Virtual PIN system, Virtual PIN, Redux
virtual private networks (VPNs), IPsec and IPv6
VirtualHost, The Apache mod_ssl configuration file
viruses, A Taxonomy of Attacks, Computer Viruses and Programmed Threats
references on, Computer Viruses and Programmed Threats
Visa, A Very Short History of Credit
voltage spikes, Electrical noise
VPN (Virtual Private Networks), Types of Firewalls
VPNs (virtual private networks), IPsec and IPv6
VTN (VeriSign Trust Network), Certification Authorities: Third-Party Registrars

W

W3C, First Edition (see World Wide Web Consortium)
Walden Network, The Walden Network
Walt Disney Company, collecting information on children, Prelude to Regulation
warez, Warez
Warren, Samuel, The Tort of Privacy
Wassenaar treaty, International agreements on cryptography
water, Fire, Fire, Fire, Humidity, Water
humidity, Humidity
sprinkler systems, Fire
sprinkler systems (fire suppression), Fire
stopping fires with, Fire
web applications, Securing Web Applications, Conclusion, A Legacy of Extensibility and Risk, A Legacy of Extensibility and Risk
securing of, Securing Web Applications, Conclusion
security risk, A Legacy of Extensibility and Risk
technologies used in, A Legacy of Extensibility and Risk
web browsers, Securing the User’s Computer, Web Logs, Obscuring web logs, Understanding Cookies, Understanding Cookies, Keystroke recorders and keyboard sniffers, Browser Cache, Managing your cache with Netscape Navigator, Browser History, Clearing Netscape Navigator’s browser history, Passwords, Form-Filling, and AutoComplete Settings, Blocking Ads and Crushing Cookies, Spoofing browser status with JavaScript, Securely Using Fields, Hidden Fields, and Cookies
advertising, and, Blocking Ads and Crushing Cookies
cache, Browser Cache, Managing your cache with Netscape Navigator
convenience features, security risks, Passwords, Form-Filling, and AutoComplete Settings
cookies, Understanding Cookies, Understanding Cookies
extensions, privacy issues, Keystroke recorders and keyboard sniffers
history, clearing, Browser History, Clearing Netscape Navigator’s browser history
log files of, Web Logs, Obscuring web logs
shopping cart vulnerability, Securely Using Fields, Hidden Fields, and Cookies
spoofing status of, Spoofing browser status with JavaScript
vulnerabilities, Securing the User’s Computer
web bugs, Web Bugs, Uses of Web Bugs, Web Bugs on Web Pages, Web Bugs on Web Pages, Uses of Web Bugs
Privacy FoundationÕs usage guidelines, Web Bugs on Web Pages
uses, Uses of Web Bugs
web pages, on, Web Bugs on Web Pages
web forms, assuring security of fields, Using Fields Securely
web logs, What’s in a web log?, Obscuring web logs, RADIUS Logs, Mail Logs, DNS Logs
DNS logs, DNS Logs
information stored in, What’s in a web log?
limiting data transfer to, Obscuring web logs
mail logs, Mail Logs
RADIUS, RADIUS Logs
Web of Trust, Certifying Other People’s Keys: PGP’s “Web of Trust”, Trust and validity
web profiles, Cookie Uses
web security, The Web Security Landscape, The Web Security Problem, The Web Security Problem
primary elements, The Web Security Problem
Web Security, Privacy & Commerce, About This Book, Organization of This Book, Comments and Questions
book web site, Comments and Questions
summary of content, About This Book, Organization of This Book
web servers, Web Software Covered by This Book, Securing the Web Server, Securing the Web Server, Simplification of services, Securing the User’s Computer, Programs That Should Not Be CGIs, Planning for Your SSL Server, Deciding on the Private Key Store, Controlling Access to Your Web Content, Identity-Based Access Controls
access control, Controlling Access to Your Web Content, Identity-Based Access Controls
attacks on, examples, Securing the Web Server
flawed distributions, Programs That Should Not Be CGIs
private keys, maintaining, Deciding on the Private Key Store
restricting access, Simplification of services
secure web servers, Securing the User’s Computer
securing, Securing the Web Server
SSL, planning, Planning for Your SSL Server
web services, Securing Your Web Service, Protecting Your Domain Registration
prevention of outages, Securing Your Web Service, Protecting Your Domain Registration
web sites, Internet Explorer’s “security zones”, Using Security Tools, Network scanning programs, Secure Content Updating, Secure Content Updating
secure updating, Secure Content Updating, Secure Content Updating
security levels, assignment to, Internet Explorer’s “security zones”
security, evaluating, Using Security Tools, Network scanning programs
web-based email services and privacy, Hotmail, Yahoo Mail, and Other Web-Based Email Services
Westin, Alan, The Tort of Privacy
whitelist, Use an Antispam Service or Software
wildcards, subject.commonName field, The SSL certificate format
Windows, Types of Certificates, Card Shark, Frequency of Attack, Logging on Windows 2000, Choosing a Server, NT-security
certificates, Types of Certificates
keystroke monitoring screensavers, Card Shark
logging, Windows 2000, Logging on Windows 2000
mailing list, Windows NT, NT-security
SSL-enabled web servers, and, Choosing a Server
Windows 98, file sharing weakness, Frequency of Attack
windows (glass), security aspects, Glass walls
windows, attacks on, Window system attacks
wireless LANs, security of, Eavesdropping on 802.11 wireless LANs
wiretapping, Wiretapping
wiring buildings for networks, Lesson: Whenever you are pulling wires, pull more than you need.
wiring, configuration of, Lesson: Pull all your wires in a star configuration, from a central point out to each room, rather than daisy-chained from room to room. Wire both your computers and your telephone networks as stars. It makes it much easier to expand or rewire in the future.
World Wide Web, Preface, Preface, Beyond the Point of No Return, Building in Security, Weaving the Web, Cryptography and the Web, The refer link field, Understanding Cookies, Understanding Cookies, JavaScript Security Flaws, Mirror worlds, Web Pages and FTP Repository, WWW Security
convenience vs. security, Building in Security
cookies, Understanding Cookies, Understanding Cookies
crime, Preface, Beyond the Point of No Return
history command, JavaScript Security Flaws
impact, Preface
mirror worlds, Mirror worlds
refer links, The refer link field
references on, Web Pages and FTP Repository, WWW Security
security aspects, Cryptography and the Web
World Wide Web Consortium, First Edition, Other Code Signing Methods, PICS
code signing certificates, Other Code Signing Methods
P3P protocol, First Edition (see P3P)
PICS (Platform for Internet Content Selection), PICS
worms, Securing the User’s Computer, A Taxonomy of Attacks
write-protecting backups, Write-protect your backups
writing programs, First Edition (see programming, guidelines for)

X

X Window System, security aspects, X terminals
X.509 v3 certificates, The X.509 v3 Certificate, Exploring the X.509 v3 certificate, X.509 v3 Does Not Allow Selective Disclosure, Certificate Renewal
renewal, Certificate Renewal
selective disclosure, and, X.509 v3 Does Not Allow Selective Disclosure

Y

Yahoo Mail, Hotmail, Yahoo Mail, and Other Web-Based Email Services
Young, Eric A., SSLeay and OpenSSL, History

Z

Zero Knowledge Systems, Minimal disclosure certificates, Anonymous Web Browsing Services
Freedom anonymizer, Anonymous Web Browsing Services
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.16.50.71