The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Developing Trust: Online Privacy and Security'

Cover of Developing Trust: Online Privacy and Security
TitleDeveloping Trust: Online Privacy and Security
Author(s)Matt Curtin, Peter G. Neumann
ISBN1893115720
LanguageEnglish
PublishedDecember 2001
PublisherAPress
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Back to shelf Privacy
Amazon.com info for Developing Trust: Online Privacy and Security

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Developing Trust: Online Privacy and Security':

Reviewer amazon.com wrote:
Suitable for the IP manager or developer seeking to improve Web privacy and security, Developing Trust: Online Privacy and Security provides an intriguing, though at times somewhat theoretical, guide to the issues surrounding privacy today.Interestingly, this book straddles an expert-eye, theoretical overview of what privacy is and a more practical view of how it is often undermined on the Internet today. Early sections cover basic terms and concepts of privacy at a fairly high level. Mixing in sometimes erudite commentary (and an occasional rant), the author's expert-level view does a good job of explaining what privacy is and the larger principles used to protect it. From anonymity to "verinymity" (where sites know who you are), Curtin makes a good case that anonymity is often eventually undermined on today's Web sites. A good section early in the book outlines how a potential attacker might attack a hypothetical Web site for security holes. (We never see the attack carried out, perhaps because it would be irresponsible to do so, but this material establishes Curtin's expertise for the reader.)Though the early sections largely avoid specific standards and real Internet software, the book soon delves into the nuts and bolts of the Web, for example HTTP, HTML, URLs, and cookies, with an eye to privacy. For most readers, the most fascinating sections of this text will be the author's five case studies on real privacy problems with some of today's leading Web sites and vendors (including Netscape and DoubleClick). He shows how certain features--like cookies--can undermine privacy (or even the ability to "opt out" successfully). A follow-up chapter cements the argument that if Web sites collect "anonymous" browsing behavior, it is all too easy to connect users' real identities to their supposedly anonymous profiles later on, putting privacy in jeopardy. Finally, the author makes a good argument that protecting privacy is good business sense.The book concludes with more practical advice on implementing good security practices, including an excellent discussion of firewalls, DMZs, including their limitations, and a checklist for beefing up security in your organization. The text closes with a final case study of a hypothetical Web site (which serves up content from third parties) that arguably "does it right" regarding privacy, based on the author's earlier discussion.While the mix of theoretical and practical here will not suit everyone, there's little doubt that the author's in-depth understanding of the issues surrounding privacy today can help your organization do better with privacy and security. While this title will not help you configure Internet Information Server, for instance, it will help you plan high-level strategies for improved security, as well as show you why protecting user and organizational privacy makes good business sense.
Reviewer Rob Slade wrote:
The title, foreword, preface, and introduction aren't terribly clear about the purpose of the book. Ultimately, the key word seems to be not trust, but privacy: the work appears to be directed at providing tips for developers, of all stripes, to help maintain the confidentiality of information. Part one is a generic introduction to security and privacy. Chapter one, entitled "Why Privacy," seems, ironically, to move us even further away from the topic of privacy. The emphasis of the chapter is on intrusions, although the reconnaissance phase does get the most space. (The subtitle, "Why This Book," does not appear to be addressed.) The discussion of privacy theory, in chapter two, flips back and forth between the technical issues of identity authentication and access control, and the social concepts of privacy, failing to make hard relations between the two ideas. A partial list of basic conceptual security terms are reasonably well defined in chapter three. Chapter four does start to get into privacy issues, specifying a number of notions important to protecting confidentiality in an online (generally Web based) environment. A number (but not an exhaustive list) of threats to privacy are discussed in chapter five. Part two looks at the problem. Chapter six provides a concise list of the basic principles of development of secure applications. (Interestingly, Curtin uses the principle of least common mechanism as an argument for the adoption of modular code, where others might say that it was a reason to avoid modularity.) Background concepts for the Internet and Web, the basic development environment assumed for the book, are given in chapter seven. Some specific examples of privacy problems on the Web are presented in chapter eight. Part three outlines the cure. Chapter nine reviews some basic security protections, such as firewalls and constrained systems. Opt out systems are criticized in chapter ten. "Earning Trust," in chapter eleven, points out that providing privacy for customers is not just a cost and a nuisance, but good business. A structure for analyzing and designing secure Web systems is proposed in chapter twelve. Strangely, while the book is disjointed and difficult to pin down as to the central theme, ultimately it could be quite valuable. In the end, the title is appropriate, albeit in a punning fashion: the content is directed at developing trustworthy applications. The literature in the field of developing secure applications is not extensive, and much of it is either ethereally academic or completely language specific. This book attempts to be practical, and, while hardly ever touching on implementation, the precepts suggested are a sound foundation. Security professionals would find the general background limited, but developers will neither be snowed under by esoteric discussions nor left with too many vulnerabilities uncovered. The specifics in the book deal with the Web, but the tenets of secure design are applicable to all systems. copyright Robert M. Slade, 2002
Add my review for Developing Trust: Online Privacy and Security

Book description:

Although the harrowing number of Internet-based attacks in recent years has elevated the importance of maintaining secure electronic networks, many developers continue to employ passive security administration strategies, addressing issues by using patches in a non-systematic fashion. This counterproductive strategy can be largely attributed to a lack of knowledge regarding the general concepts required to effectively prevent the attack and potential compromise of networked systems. "Developing Trust: Online Privacy and Security" is an indispensable resource for system administrators and application developers, providing a means to understand, create, and maintain secure Internet systems. Curtin's instructional approach facilitates a comprehensive understanding of online security by separating the core material into three sections: "Understanding Security and Privacy", which introduces attack models, general privacy theory and policy, online privacy concepts, and provides a synopsis of the mechanics of threats to privacy. Next is "Prevention", which delves into secure design principles and deployment environments, closing with several case studies of major security problems uncovered by the author himself. Finally, "The Cure" investigates the mechanics of identifying and repairing flawed security design techniques before they are incorporated into the final product. Discussion regarding the failure of "Opt-Out"' systems to protect privacy is also included in this section.His present focus is to understand how complex systems interact in "the large picture" and how that affects security, privacy, and reliability. Findings of this work have been widely covered in major news media around the world. A frequent lecturer and author, Matt also teaches Programming in Common Lisp and Operating Systems Laboratory at The Ohio State University's Department of Computer and Information Science. Matt is both a student and a teacher of life.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement