Advanced Security Strategies Protecting Today's E-Business Enviro

Book Categories

Authors

Introduction 1

1. Executive Summary 5

What Are the Threats? 7

The Increased Vulnerability of E-commerce Sites 8

Countermeasures 10

The Importance of Policies and Strategies 11

Conclusion 12

2. Internal Threats 15

The Extent of the Internal Threat 15

Who Is Responsible? 17

Addressing the Threat 18

Implementing Strong Authentication Methods 18

Reusable Passwords Are Insufficient 18

Options for Strong Authentication 20

Access Control 23

Commercial Access Control Products 24

Internal Firewalls 25

Human Resource Strategies 26

Educating Employees to Deter Social Engineering Attempts 26

Monitoring Employee Internet Use 29

Developing a Strong Security Policy 33

Enforcing the Policy 36

3. External Threats 39

Common Attack Patterns 39

Attack Tools 40

Reconnaissance 42

Password Attacks 43

After the Hacker Has Entered 44

Denial-of-Service Attacks 44

Distributed Denial-of-Service Attacks 46

Smurf Attacks 48

The Teardrop Attack 50

Teardrop2 50

Land Attacks 51

User Datagram Protocol Floods 51

E-mail Bombs 51

Java and ActiveX Security Threats 52

Viruses 53

The Love Bug 55

Melissa 56

Protecting the Enterprise from Zone Transfers 56

Determining Whether an Intrusion Has Occurred 57

Using Firewalls to Repel Outside Attacks 57

Security Scanners 58

Using Intrusion Detection Systems to Monitor for and Respond to Common Attacks 59

Combating Viruses 61

Software Is Not Sufficient 63

Managing Java and ActiveX Controls 64

4. Securing Remote Access 67

Security Threats Related to Remote Workers 68

Securing Home Offices 70

The Security Implications of Broadband Access to the Home 71

Strong Authentication Measures for Remote Users 72

Security for Mobile Workers 72

Virtual Private Networks for Remote Workers and Branch Offices 72

Cost Issues 74

Authentication Issues 75

Authorization Issues 76

Accounting Issues 76

Protecting Remote Users with Virtual Private Networks 77

Using Virtual Private Networks to Connect Remote Offices 77

Placing Virtual Private Networks Relative to Firewalls 78

Virtual Private Networks: Difficulties Continue 79

Conclusion 81

5. Securing E-commerce 83

Web Site Vandalism 85

Buffer Overflow 87

Exploting Common Gateway Interface Vulnerabilities and Other Application Layer Problems 89

Securing the Web Site 90

The Importance of Software Patches 93

Antihacker Tools 93

Antihacker Web Sites 94

Using Secure Sockets Layer to Protect Online Transactions 95

Secure Sockets Layer and Server Certificates 96

Solutions and Protocols 96

Internet Protocol Security 97

IPSec Modes of Operation 98

6. Firewalls 101

Packet Filters 103

Dynamic Packet Filters 105

Proxy Firewalls 105

What Firewalls Cannot Do 108

Firewall Features and Products 109

7. Public Key Encryption 111

The Market for Public Key Infrastructures 112

How Digital Certificates Operate 114

The Legality of Encryption 116

The Importance of Directory Services 117

PKI: Overall Problems and Potential Solutions 119

Keeping Private Keys Private 119

Digital Certificate Portability 120

Digital Signature Legality 121

Shared Workstations 121

Certificate Revocation 121

Interoperability 122

The Ultimate Goal of Public Key Infrastructure 122

Approaches to Implementing a Public Key Infrastructure 124

8. Securing Extensible Markup Language 127

Banking Initiatives and XML Security 130

Building Security into a Document Type Definition Real Estate Listing Markup Language 131

9. Creating a Security Strategy 133

Conducting Risk Analysis 133

Security Assessment Strategies 136

Penetration Testing 136

Security Assessment Software 139

Insurance 139

Staffing Issues 141

Certified Information Systems Security Professional Certification 141

Centralizing Security 142

Security as Part of E-business Application Development 143

The Importance of Security Policy and Auditing 144

The Need for Security Education 145

Incident Response 146

Designate a Point of Contact 146

The Importance of Preserving Evidence 147

Reporting Incidents 147

After the Incident 149

Conclusion 149

Figures

Unauthorized Use of Computer Systems

Internet User Confidence

Types of Security Breaches

Most Recently Reported Security Violation

Security Breaches at E-commerce Web Sites versus Informational Sites

Security Technologies in Use

Technologies Installed and Evaluated

The Increase in Internal Security Incidents

Internet Connection as a Frequent Source of Attack

The Anatomy of a Distributed Denial-of-Service Attack

The Anatomy of a Smurf Attack

Sources of Virus Infections

Antivirus Measures Being Used

Consequences of Mobile Code Exploits

Remote Access and Virtual Private Networks

A Remote Virtual Private Network

A Site-to-Site Virtual Private Network

A Virtual Private Network Gateway on the Side of the Firewall

Attacks on Web Sites

The Frequency of Web Attacks

Types of Web Attacks

Encapsulating Security Payload Tunnel Mode

Title: Advanced Security Strategies Protecting Today's E-Business Environment

Manufacturer:

WonderClub

Item Number: 9781566070881

Number: 1

Product Description: Advanced Security Strategies Protecting Today's E-Business Environment

Universal Product Code (UPC): 9781566070881

WonderClub Stock Keeping Unit (WSKU): 9781566070881

Rating: 3/5 based on 2 Reviews

Image Location: https://wonderclub.com/images/covers/08/81/9781566070881.jpg

Category: Media >> Books

Weight: 0.200 kg (0.44 lbs)

Width: 0.000 cm (0.00 inches)

Heigh : 0.000 cm (0.00 inches)

Depth: 0.000 cm (0.00 inches)

Date Added: August 25, 2020, Added By: Ross

Date Last Edited: August 25, 2020, Edited By: Ross

Price	Condition	Delivery	Seller	Action
$577.88	Digital	Arrives between Apr 26 - May 26 Login to your account for a direct download. Some files are emailed from Dropbox. Continent $0.00 - World $0.00	WonderClub (9294 total ratings)

Question Concerning Advanced Security Strategies Protecting Today's E-Business Environment

Ask a Question about Advanced Security Strategies Protecting Today's E-Business Environment

No Question found!

Read Reviews for Advanced Security Strategies Protecting Today's E-Business Environment Write review

Curtis Robinson

reviewed Advanced Security Strategies Protecting Today's E-Business Environment on March 01, 2013

Advanced Security Strategies Protecting Today's E-Business Environment

Doctor Faustus = The Tragical History of the Life and Death of Doctor Faustus, Christopher Marlowe

The Tragical History of the Life and Death of Doctor Faustus, commonly referred to simply as Doctor Faustus, is an Elizabethan tragedy by Christopher Marlowe, based on German stories about the title character Faust, that was first performed sometime between 1588 and Marlowe's death in 1593. Two different versions of the play were published in the Jacobean era, several years later.

ØªØ§Ø±ÛŒØ® Ù†Ø®Ø³ØªÛŒÙ† Ø®ÙˆØ§Ù†Ø´: Ø±ÙˆØ² Ù‡ÙØ¯Ù‡Ù… Ù…Ø§Ù‡ Ú˜Ø§Ù†ÙˆÛŒÙ‡ Ø³Ø§Ù„ 1980Ù…ÛŒÙ„Ø§Ø¯ÛŒ

Ø¹Ù†ÙˆØ§Ù†: Ø¯Ú©ØªØ± ÙØ§Ø³ØªÙˆØ³Ø› Ø§Ø«Ø±: Ú©Ø±ÛŒØ³ØªÙˆÙØ± Ù…Ø§Ø±Ù„ÙˆØ› Ù…ØªØ±Ø¬Ù…: Ù„Ø·ÙØ¹Ù„ÛŒ ØµÙˆØ±ØªÚ¯Ø±Ø› Ù…Ø´Ø®ØµØ§Øª Ù†Ø´Ø± ØªÙ‡Ø±Ø§Ù†ØŒ Ø¨Ù†Ú¯Ø§Ù‡ ØªØ±Ø¬Ù…Ù‡ Ùˆ Ù†Ø´Ø± Ú©ØªØ§Ø¨ØŒ 1340ØŒ Ø¯Ø± 88ØµØŒ Ú†Ø§Ù¾ Ø¯ÙˆÙ… 1359Ù‡Ø¬Ø±ÛŒ Ø®ÙˆØ±Ø´ÛŒØ¯ÛŒ Ù…ÙˆØ¶ÙˆØ¹ Ø¯Ø§Ø³ØªØ§Ù†Ù‡Ø§ÛŒ Ù†ÙˆÛŒØ³Ù†Ø¯Ú¯Ø§Ù† Ø¨Ø±ÛŒØªØ§Ù†ÛŒØ§ÛŒÛŒ - Ø³Ø¯Ù‡ 16Ù…

ØªØ§Ø±ÛŒØ®Ú†Ù‡ ØªØ±Ø§Ú˜Ø¯ÛŒ Ú¯ÙˆÙ†Ù‡ Ø²Ù†Ø¯Ú¯ÛŒ Ùˆ Ù…Ø±Ú¯ Ø¯Ú©ØªØ± Â«ÙØ§Ø³ØªÙˆØ³Â»ØŒ Ù†ÙˆØ´ØªÙ‡ ÛŒ: Â«Ú©Ø±ÛŒØ³ØªÙˆÙØ± Ù…Ø§Ø±Ù„ÙˆÂ»ØŒ Ù†Ù…Ø§ÛŒØ´Ù†Ø§Ù…Ù‡ Ù†ÙˆÛŒØ³ Ø³Ø¯Ù‡ ÛŒ Ø´Ø§Ù†Ø²Ø¯Ù‡Ù… Ù…ÛŒÙ„Ø§Ø¯ÛŒ Ø§Ù†Ú¯Ù„Ø³ØªØ§Ù† Ø§Ø³ØªØ› Ù†Ù…Ø§ÛŒØ´Ù†Ø§Ù…Ù‡ Â«Ø¯Ú©ØªØ± ÙØ§Ø³ØªÙˆØ³Â»ØŒ Ø§Ø² Ø¨Ø±Ø¬Ø³ØªÙ‡ ØªØ±ÛŒÙ† Ù†Ù…Ø§ÛŒØ´Ù†Ø§Ù…Ù‡ Ù‡Ø§ÛŒ Ø¹ØµØ± Â«Ø§Ù„ÛŒØ²Ø§Ø¨ØªÂ» Ø§Ø³ØªØŒ Ø¯Ø±ÙˆÙ†Ù…Ø§ÛŒÙ‡ ÛŒ Ø¢Ø«Ø§Ø± Â«Ú©Ø±ÛŒØ³ØªÙˆÙØ± Ù…Ø§Ø±Ù„ÙˆÂ» Ø§ØºÙ„Ø¨ Ø¨Ù‡ Ø³Ø±Ø§Ù†Ø¬Ø§Ù… Ø´ÙˆÙ…ÛŒ Ù…ÛŒØ§Ù†Ø¬Ø§Ù…Ø¯ØŒ Ú©Ù‡ Ú¯Ø±ÛŒØ¨Ø§Ù†Ú¯ÛŒØ± Ù‚Ù‡Ø±Ù…Ø§Ù†Ø§Ù† Ø¯Ø§Ø³ØªØ§Ù† Ø§Ø³ØªØŒ Ø¯Ø± ØØ§Ù„ÛŒÚ©Ù‡ Ù…Ù…Ú©Ù† Ø§Ø³Øª Ø¨Ù‡ Ù‚ÛŒÙ…Øª Ø²ÛŒØ± Ù¾Ø§ Ú¯Ø°Ø§Ø´ØªÙ† Ø§Ù†Ø³Ø§Ù†ÛŒØª Ùˆ ÙˆØ¬Ø¯Ø§Ù†ØŒ Ù‡Ù…ÙˆØ§Ø±Ù‡ Ø¯Ø± ØØ¯ Ú©Ù…Ø§Ù„ØŒ Ø§Ø² Ø®ÙˆØ§Ø³ØªÙ‡ Ù‡Ø§ Ùˆ Ù„Ø°Ø§ÛŒØ° Ù…Ø§Ø¯ÛŒ Ø²Ù†Ø¯Ú¯ÛŒØŒ Ø³Ø±Ø´Ø§Ø± Ø´ÙˆÙ†Ø¯

Ø¬Ø§Ù‡ Ø·Ù„Ø¨ÛŒØŒ ØØ±ØµØŒ Ø¢Ø²ØŒ Ùˆ Ù‚Ø¯Ø±Øª Ø·Ù„Ø¨ÛŒØŒ Ø§Ø² ØªÙ… Ù‡Ø§ÛŒ Ø¯ÛŒÚ¯Ø± Ø¢Ø«Ø§Ø± Ø§ÛŒØ´Ø§Ù†ØŒ Ø¨Ù‡ Ø´Ù…Ø§Ø± Ù…ÛŒØ±ÙˆÙ†Ø¯Ø› Â«ÙØ§Ø³ØªÙˆØ³Â» Ú©Ù‡ Ø¯Ø§Ù†Ø´Ù…Ù†Ø¯ÛŒ Ø¨Ø²Ø±Ú¯ØŒ Ø§Ø² Ø§Ù‡Ø§Ù„ÛŒ Â«ÙˆØ±ØªÙ…Ø¨Ø±Ú¯ Ø¢Ù„Ù…Ø§Ù†Â»ØŒ Ùˆ Ø³Ø±Ø¢Ù…Ø¯ Ù‡Ù…Ù‡ ÛŒ Ù¾Ø§Ø±Ø³Ø§ÛŒØ§Ù†ØŒ Ùˆ Ø¯Ø§Ù†Ø§ÛŒØ§Ù† Ø²Ù…Ø§Ù† Ø®ÙˆØ¯ Ø§Ø³ØªØ› ÙˆÙ‚ØªÛŒ Ø¯Ø± Ø¯Ø§Ù†Ø´ Ø¨Ù‡ Ú©Ù…Ø§Ù„ Ù…ÛŒØ±Ø³Ø¯ØŒ Ø§Ù†Ù‚Ù„Ø§Ø¨ÛŒ Ø¯Ø± Ø§Ùˆ Ù¾Ø¯ÛŒØ¯ Ù…ÛŒØ¢ÛŒØ¯ØŒ Ú©Ù‡ Ù‡Ù…Ù‡ ÛŒ Ø¯Ø§Ù†Ø´Ù‡Ø§ Ø±Ø§ Ø¨ÛŒÙ‡ÙˆØ¯Ù‡ Ù…ÛŒÛŒØ§Ø¨Ø¯Ø› Ø§Ùˆ Ú©Ù‡ Ø¯ÛŒÚ¯Ø± Ø§Ø² Ø¹Ù„Ù… Ùˆ ÙÙ„Ø³ÙÙ‡ Ø¨ÛŒØ²Ø§Ø± Ø´Ø¯Ù‡ØŒ Ùˆ Ø§Ø±Ø§Ø¯Ù‡ Ø§Ø´ Ù…ÛŒÙ„ Ø¨Ù‡ Ù‚Ø¯Ø±Øª Ø¯Ø§Ø±Ø¯Ø› Ø¯Ø±ØµØ¯Ø¯ Ø¨Ø±Ù…ÛŒØ¢ÛŒØ¯ØŒ Ú©Ù‡ Ø¨Ù‡ Ø¬Ø§Ø¯ÙˆÚ¯Ø±ÛŒ Ø±Ùˆ Ú©Ù†Ø¯ØŒ ØªØ§ Ø¨Ø§ Ø¢Ù† Ø¨ØªÙˆØ§Ù†Ø¯ Ø¬Ù‡Ø§Ù† Ø±Ø§ ØªØØª Ø³Ù„Ø·Ù‡ ÛŒ Ø®ÙˆØ¯ØŒ Ø¯Ø±Ø¢ÙˆØ±Ø¯Ø› Ù¾Ø³ Â«ÙØ§Ø³ØªÙˆØ³Â» Ø¨Ù‡ Ø¯Ù†Ø¨Ø§Ù„ Ø¯Ùˆ Ø³Ø§ØØ±ØŒ Ùˆ Ø§Ø³ØªØ§Ø¯ Ø¬Ø§Ø¯ÙˆÚ¯Ø±ÛŒØŒ Ù…ÛŒÙØ±Ø³ØªØ¯ØŒ ØªØ§ Ø¹Ù„Ù… Ø¬Ø§Ø¯Ùˆ Ø±Ø§ØŒ Ø¨Ù‡ Ø§Ùˆ Ø¨ÛŒØ§Ù…ÙˆØ²Ù†Ø¯Ø› Ø³Ø§ØØ±Ù‡Ø§ Ù…ÛŒØ¢ÛŒÙ†Ø¯ Ùˆ Ø§Ùˆ Ø±Ø§ Ø§Ø² Ù‚Ø¯Ø±ØªÙ‡Ø§ØŒ Ùˆ Ù…Ø²Ø§ÛŒØ§ÛŒÛŒ Ú©Ù‡ Ø§ÛŒÙ†Ú©Ø§Ø± Ø¯Ø§Ø±Ø¯ØŒ Ø¢Ú¯Ø§Ù‡ Ù…ÛŒÚ©Ù†Ù†Ø¯.Ø› Â«ÙØ§Ø³ØªÙˆØ³Â» Ø¯Ø± Ø§Ø¯Ø§Ù…Ù‡ØŒ Ø¨Ø§ Ø§ÙˆØ±Ø§Ø¯ Ùˆ Ø§Ø°Ú©Ø§Ø±ÛŒ Ú©Ù‡ Ù…ÛŒØ®ÙˆØ§Ù†Ø¯ØŒ Ù†Ø§Ø¦Ø¨ Ø±Ø¦ÛŒØ³ Ø´ÛŒØ·Ø§Ù†ØŒ Â«Ù…ÙÛŒØ³ØªÙˆÙÙ„ÛŒØ³Â» Ø±Ø§ Ø¸Ø§Ù‡Ø± Ù…ÛŒÚ©Ù†Ø¯ØŒ Ùˆ Ø§Ø² Ø§Ùˆ Ù…ÛŒØ®ÙˆØ§Ù‡Ø¯ØŒ Ú©Ù‡ Ù¾ÛŒÙˆØ³ØªÙ‡ Ù…Ù„Ø§Ø²Ù…Ø´ Ø¨Ø§Ø´Ø¯ØŒ Ùˆ Ù‡Ø±Ú†Ù‡ Ù…ÛŒØ®ÙˆØ§Ù‡Ø¯ØŒ ØØªÛŒ Ø®Ø§Ø±Ø¬ Ú©Ø±Ø¯Ù† Ù…Ø§Ù‡ Ø§Ø² Ù…Ø¯Ø§Ø± Ø®ÙˆØ¯ØŒ Ùˆ ÙØ±Ùˆ Ø¨Ø±Ø¯Ù† Ú©Ù„ Ø²Ù…ÛŒÙ† Ø¯Ø± ØºØ±Ù‚Ø§Ø¨ Ø±Ø§ØŒ Ø¨Ø±Ø§ÛŒØ´ Ù…Ù…Ú©Ù† Ú©Ù†Ø¯.Ø› Ø§Ù…Ø§ Â«Ù…ÙÛŒØ³Â» Ù…ÛŒÚ¯ÙˆÛŒØ¯ØŒ Ú©Ù‡ Ø¨Ù†Ø¯Ù‡ ÛŒ Â«Ø§Ø¨Ù„ÛŒØ³Â» Ø§Ø³ØªØŒ Ùˆ Ø§Ú¯Ø± Â«Ø§Ø¨Ù„ÛŒØ³Â» Ú†Ù†ÛŒÙ† ÙØ±Ù…Ø§Ù†ÛŒ Ø¨Ø¯Ù‡Ø¯ØŒ Ø§Ùˆ Ù…ÛŒØªÙˆØ§Ù†Ø¯ ØªØ§ Ù¾Ø§ÛŒØ§Ù† Ø¹Ù…Ø± Ù…Ù„Ø§Ø²Ù…Ø´ Ø¨Ø§Ø´Ø¯ØŒ Ùˆ Ù‚Ø±Ø§Ø± Ù…ÛŒØ´ÙˆØ¯ØŒ Â«Ù…ÙÛŒØ³Â» Ù†Ø²Ø¯ Â«Ø§Ø¨Ù„ÛŒØ³Â» Ø¨Ø±ÙˆØ¯ØŒ Ùˆ Ú©Ø³Ø¨ Ø§Ø¬Ø§Ø²Ù‡ Ú©Ù†Ø¯.Ø› Ùˆ ...Ø›

ØªØ§Ø±ÛŒØ® Ø¨Ù‡Ù†Ú¯Ø§Ù… Ø±Ø³Ø§Ù†ÛŒ 14/09/1399Ù‡Ø¬Ø±ÛŒ Ø®ÙˆØ±Ø´ÛŒØ¯ÛŒØ› Ø§. Ø´Ø±Ø¨ÛŒØ§Ù†ÛŒ

Advanced Security Strategies Protecting Today's E-Business Environment Book

Book Categories

Authors

WonderClub

Question Concerning Advanced Security Strategies Protecting Today's E-Business Environment

Read Reviews for Advanced Security Strategies Protecting Today's E-Business Environment Write review

Login

Complaints

Blog

Games

Digital Media

Souls

Obituary

Contact Us

FAQ

You must be logged in to add to Wishlist

This item is in your Wish List

This item is in your Collection

This Item is in Your Inventory

You must be logged in to review the products

Add Advanced Security Strategies Protecting Today's E-Business Environment, , Advanced Security Strategies Protecting Today's E-Business Environment to the inventory that you are selling on WonderClub

Add Advanced Security Strategies Protecting Today's E-Business Environment, , Advanced Security Strategies Protecting Today's E-Business Environment to your collection on WonderClub

	Introduction	1
1.	Executive Summary	5
	What Are the Threats?	7
	The Increased Vulnerability of E-commerce Sites	8
	Countermeasures	10
	The Importance of Policies and Strategies	11
	Conclusion	12
2.	Internal Threats	15
	The Extent of the Internal Threat	15
	Who Is Responsible?	17
	Addressing the Threat	18
	Implementing Strong Authentication Methods	18
	Reusable Passwords Are Insufficient	18
	Options for Strong Authentication	20
	Access Control	23
	Commercial Access Control Products	24
	Internal Firewalls	25
	Human Resource Strategies	26
	Educating Employees to Deter Social Engineering Attempts	26
	Monitoring Employee Internet Use	29
	Developing a Strong Security Policy	33
	Enforcing the Policy	36
3.	External Threats	39
	Common Attack Patterns	39
	Attack Tools	40
	Reconnaissance	42
	Password Attacks	43
	After the Hacker Has Entered	44
	Denial-of-Service Attacks	44
	Distributed Denial-of-Service Attacks	46
	Smurf Attacks	48
	The Teardrop Attack	50
	Teardrop2	50
	Land Attacks	51
	User Datagram Protocol Floods	51
	E-mail Bombs	51
	Java and ActiveX Security Threats	52
	Viruses	53
	The Love Bug	55
	Melissa	56
	Protecting the Enterprise from Zone Transfers	56
	Determining Whether an Intrusion Has Occurred	57
	Using Firewalls to Repel Outside Attacks	57
	Security Scanners	58
	Using Intrusion Detection Systems to Monitor for and Respond to Common Attacks	59
	Combating Viruses	61
	Software Is Not Sufficient	63
	Managing Java and ActiveX Controls	64
4.	Securing Remote Access	67
	Security Threats Related to Remote Workers	68
	Securing Home Offices	70
	The Security Implications of Broadband Access to the Home	71
	Strong Authentication Measures for Remote Users	72
	Security for Mobile Workers	72
	Virtual Private Networks for Remote Workers and Branch Offices	72
	Cost Issues	74
	Authentication Issues	75
	Authorization Issues	76
	Accounting Issues	76
	Protecting Remote Users with Virtual Private Networks	77
	Using Virtual Private Networks to Connect Remote Offices	77
	Placing Virtual Private Networks Relative to Firewalls	78
	Virtual Private Networks: Difficulties Continue	79
	Conclusion	81
5.	Securing E-commerce	83
	Web Site Vandalism	85
	Buffer Overflow	87
	Exploting Common Gateway Interface Vulnerabilities and Other Application Layer Problems	89
	Securing the Web Site	90
	The Importance of Software Patches	93
	Antihacker Tools	93
	Antihacker Web Sites	94
	Using Secure Sockets Layer to Protect Online Transactions	95
	Secure Sockets Layer and Server Certificates	96
	Solutions and Protocols	96
	Internet Protocol Security	97
	IPSec Modes of Operation	98
6.	Firewalls	101
	Packet Filters	103
	Dynamic Packet Filters	105
	Proxy Firewalls	105
	What Firewalls Cannot Do	108
	Firewall Features and Products	109
7.	Public Key Encryption	111
	The Market for Public Key Infrastructures	112
	How Digital Certificates Operate	114
	The Legality of Encryption	116
	The Importance of Directory Services	117
	PKI: Overall Problems and Potential Solutions	119
	Keeping Private Keys Private	119
	Digital Certificate Portability	120
	Digital Signature Legality	121
	Shared Workstations	121
	Certificate Revocation	121
	Interoperability	122
	The Ultimate Goal of Public Key Infrastructure	122
	Approaches to Implementing a Public Key Infrastructure	124
8.	Securing Extensible Markup Language	127
	Banking Initiatives and XML Security	130
	Building Security into a Document Type Definition Real Estate Listing Markup Language	131
9.	Creating a Security Strategy	133
	Conducting Risk Analysis	133
	Security Assessment Strategies	136
	Penetration Testing	136
	Security Assessment Software	139
	Insurance	139
	Staffing Issues	141
	Certified Information Systems Security Professional Certification	141
	Centralizing Security	142
	Security as Part of E-business Application Development	143
	The Importance of Security Policy and Auditing	144
	The Need for Security Education	145
	Incident Response	146
	Designate a Point of Contact	146
	The Importance of Preserving Evidence	147
	Reporting Incidents	147
	After the Incident	149
	Conclusion	149
	Figures
	Unauthorized Use of Computer Systems
	Internet User Confidence
	Types of Security Breaches
	Most Recently Reported Security Violation
	Security Breaches at E-commerce Web Sites versus Informational Sites
	Security Technologies in Use
	Technologies Installed and Evaluated
	The Increase in Internal Security Incidents
	Internet Connection as a Frequent Source of Attack
	The Anatomy of a Distributed Denial-of-Service Attack
	The Anatomy of a Smurf Attack
	Sources of Virus Infections
	Antivirus Measures Being Used
	Consequences of Mobile Code Exploits
	Remote Access and Virtual Private Networks
	A Remote Virtual Private Network
	A Site-to-Site Virtual Private Network
	A Virtual Private Network Gateway on the Side of the Firewall
	Attacks on Web Sites
	The Frequency of Web Attacks
	Types of Web Attacks
	Encapsulating Security Payload Tunnel Mode