C h a p t e r 6:
Implementing Security for Electronic Commerce
CERIAS
(Center for Education and Research in Information Assurance and Security.)
AdSubtract
(Cookie manager)
Blue
Spike
Computer Crime and
Intellectual Property Section
(Launched by the U.S. Department of Justice)
Cookie Cruncher
(Cookie manager)
Cookie
Crusher
(Cookie manager)
Cookie Pal
(Cookie manager)
Cookie-Server
(Cookie manager)
Cookie
Demonstration
(Click "Edit Your Profile" to display information in a cookie stored on your
machine)
Copysight
(Digital protection software from Intellectual Protocols, LLC)
Digimarc Corporation
(Digital watermark software)
Giovanni
(A watermarking technology produced by Blue Spike)
HitBox
(Produced by WebSideStory)
IEClean and NSCLean
(Cookie managers)
Information Technology
Association of America
(ITAA)
Intellectual Property Protection in Cyberspace
(A paper by the ITAA)
InterTrust Commerce
Architecture
Junkbuster
Proxy
(Cookie manager)
Macrovision Corporation
MediaBridge
(A system for linking paper-based products to the Web)
MediaBridge Participating Magazines
(A list of magazines containing MediaBridge watermarks leading to Web
sites)
Protecting
Intellectual Property
(U.S. DOJ web pages about protecting intellectual property)
Secure Digital Music Initiative (SDMI)
(Promotes digital distribution of music and copyright protection of artists'
works)
SoftLock.com
(Providing keys to unlock downloaded files)
U.S. Customs and the Protection of Intellectual Property
U.S. Department of Justice's Intellectual Property Section (CCIPS)
Verance Corporation
(Digital audio watermarking systems)
WebArmor
WebSideStory
(Provides reports profiling who visits a web site)
WebWasher
(Prevent cookies from advertising banners with this free program)
Window
Washer
(Cookie manager)
World Intellectual Property Organization
(WIPO)
Certification Authorities
Certification cost comparison
(Thawte and VeriSign)
GlobalSign
(Apply for a class 1 demo certificate)
Baltimore Technologies (formerly GTE CyberTrust)
KPMG Certification
Authority
KPMG
demonstration certificate
(Apply here for a temporary certificate)
MIT Certification
Authority
Thawte Digital Certificate
(A certification authority that merged with VeriSign)
VeriSign
(The original certification authority)
Antivirus Software
Antiviral Toolkit Pro
Critical Path
(An e-mail outsourcing solution)
eSafe Protect Enterprise
McAfee VirusScan
McAfee Clinic
(Online cleanup and virus protection suite)
MessageClick
(An ASP providing e-mail services)
Norman Virus
Control
Norton AntiVirus
Trend Micro anti-virus
products
Computer Forensics
Berryhill Computer
Forensics
Computer Forensics
Inc.
DIBS Computer Forensics
(A pioneer in the science of computer forensics)
Data
Discovery
Providing Transaction Privacy
A glossary
of encryption terms
AES
(Advanced Encryption Standard)
CommerceNet
Consortium
(S-HTTP developers)
Cracking the 56-bit DES system
Cryptography
Data Encryption Standard
(DES)
DES Draft Proposal and RFC
(Proposed new triple DES standard)
Electronic Frontier Foundation Freedom Forum Online
Encryption algorithms:
Blowfish,DES, IDEA, MD2-5, RC2, RC4, RC5, RC6, RSA,
Skipjack, Triple DES
Encryption algorithms and protocols overview
(RSA)
Freedom Forum
Online
(Free speech and free press organization)
National Institute of Standards and Technology (NIST)
(Working with industry to develop and apply technology, measurements, and
standards)
Netcraft Secure Server
Survey
(A list of CAs and their market share percentages)
Privacy
Enhancement for Internet Electronic Mail
(RFC--older but interesting)
Public-key encryption
(Netscape's Dev Edge Online)
RSA
Secure Sockets Layer
SSL 2.0 certificate formats
What does it all mean?
(A description of Netcraft's SSL query response page)
What's that SSL site running?
(Which HTTPS server, which SSL ciphers, and when does their certificate expire?)
Ensuring Transaction Integrity
Digital Signature Standard (DSS)
(PDF version only)
Electronic Signature Legislation
(U.S. act covering electronic signatures)
MD5 Message Digest Algorithm
(RFC 1321, IETF, 1992)
Ron Rivest
Guaranteeing Transaction Delivery
A TCP/IP Tutorial
(ASCII text, but a good source of information)
TCP And UDP, Explaining the terms and idiosyncrasies of each
(Good overview of TCP/IP and UDP)
Access Control and Authentication
NIH guide to selecting good passwords
Choosing a good password
CryptoCard remote control access
Mosaic User Authentication Tutorial
NCSA's Selecting Good Passwords
Operating System Controls
Microsoft security information
COSsecure UNIX secure access control
(A software product add-on)
UNIX Guru Universe (UGU)
(Click to enter and then select security topics)
Firewalls
Check Point Software Technologies
Firewall Product Developer's Consortium
Secure Computing Firewall for NT
Secure Computing Sidewinder Firewall
SunScreen SPF-200 Firewall
(Sun Systems)
Exercise 2
Thawte
Test your newly acquired digital ID
VeriSign's Digital IDs for Browsers
Advanced Encryption Standard (AES)
(Replacement for aging DES algorithm proposed by the U.S. Department of Commerce)
Center for Democracy and Technology
(Advocates using encryption software; tracks free speech legislation and Internet privacy issues)
CERT Center
(Carnegie Mellon University group that tracks security incidents and issues advisories)
Coalition Against Unsolicited
Commercial Email
(An all-volunteer group that lobbies for anti-spam legislation)
COAST Archive
(Security articles and links maintained at Purdue University)
Computer
Security Institute
Computer Security Resource Clearinghouse
ContentGuard
(With this product from Xerox, you can embed
copyright protections in any type of digital document)
Cryptography and electronic commerce
(Collected links to lots of sites in one location)
Database
security
Enonymous.com
(Protect your privacy while browsing)
Free PGP
FireWall-1
(Excellent firewall product suite from Check Point Software Technologies, Ltd)
Glossary of security terms
(Netcraft)
International Computer Security Association
(ICSA provides Internet security services and has an extensive white paper library)
ICSA TruSecure System
InvisiMail Deluxe
(A comprehensive e-mail security product including encryption, certificates, and authentication)
Network Associates (formerly Trusted Information Systems)
PGP
(McAfee, Network Associates' PGP product)
Security Docs
Security links
(A mind numbing number of links to security-related sites)
SGI Security
Tripwire Security Systems
(Data integrity for UNIX systems)
TRUSTe
VISA Secure Electronic Transactions
|