[ Pobierz całość w formacie PDF ]
.DES has 256 (or approximately 72 quadril-also can be used for legitimate network security pur-lion) different keys, and almost all these keys were con-poses; for example, to audit the security of a company ssidered secure until only a few years ago when DESwireless network by performing penetration testing.was first cracked.Because of the internal operation ofSee Also: footprinting, penetration testing, sniffing,the cryptographic algorithm DES is based on, however,wardialing, Wireless Equivalent Privacy (WEP)a small number of these keys are actually trivial tocrack.Specifically, 4 keys are considered weak and 12Wassenaar Arrangement semiweak because of the simple values they express atAn international agreement on export controls for con- certain points in the cipher process, namely, blocks ofventional arms and dual-use goods and technologies.all ones or all zeros.Cryptanalysts do not consider theexistence of such keys as significant in relation to theOverviewsecurity of DES, however, since the chance of one ofThe Wassenaar Arrangement was ratified in 1996 by 33these keys being randomly generated is about 4 qua-nations to provide an international mechanism for con-drillion to 1.trolling the proliferation of arms and dual-use technolo-gies that could be used for military purposes.From an See Also: Data Encryption Standard (DES), encrypinformation security perspective, the agreement is tion algorithm, keyimportant because it includes restrictions concerningboth hardware (advanced materials, materials process-Web anonymizering, electronics, and computers) and software (crypto-Any tool for anonymous Web browsing, any method forgraphic systems and technologies).The agreement isbrowsing the World Wide Web anonymously.reviewed periodically by the nations involved to takeinto account changes in technology and the geopoliticalSee: anonymous Web browsingscene.The agreement acts as an umbrella for nationalpolicies and laws regarding arms and dual-use goods.Web bugAn invisible graphic embedded in a Web page and usedto monitor a user visiting the page.W364web of trust Web permissionsOverviewweb of trustWeb bugs are usually tiny image files one pixel in sizeThe approach used by Pretty Good Privacy (PGP) forand the same color as the background of the Web pagemanaging trust between users.on which they reside.The image file doesn t reside onOverviewthe site itself the IMG tag on the page simply uses aPGP differs from most other public key cryptographyUniform Resource Locator (URL) to load the bug fromsystems in that instead of using a hierarchy of certifi-a different site, usually one belonging to a marketing orcate authorities (CAs) for issuing keys and verifyingadvertising company.When the page is loaded, thedigital certificates, it allows each user to decide whichimage is called from the remote site and a log is createdkeys of other users to trust.This trust model is calledthat can be used to collect information about the userdirect trust and results in a complex mesh or web ofloading the page, such as the Internet Protocol (IP)trust relationships between users of PGP.PGP alsoaddress of the computer, the URL of the page visited,allows a user to be a trusted introducer for other usersand the time the visit occurred.The word bug in Weband to act as a mini-CA for others.Trust also can bebug originates because such covert monitoring activitygranted at various levels, including implicit, complete,is called planting a bug in the espionage trade, andmarginal, and no trust.Certificate revocation can be per-many users find Web bugs and similar technologies aformed either by the owner of a certificate or someone theviolation of their privacy if such practices are notowner designates as a trusted revoker. Such a system isexplicitly mentioned in the online privacy policy for thesimple to manage but does not scale as well as a hierar-site users are visiting.chical Public Key Infrastructure (PKI) system does.Web bugs can be used for a number of purposes, includ-See Also: certificate authority (CA), Pretty Good Priing the following:vacy (PGP), Public Key Infrastructure (PKI)Ï% Track visits to a site to better target marketingeffortsWeb permissionsÏ% Track the browsing habits of users as they traverseSpecial permissions for configuring access to Web con-links across the sitetent in Microsoft Internet Information Services (IIS).Ï% Exchange information between sites concerningOverviewvisitors who visit both sitesAlthough NTFS permissions are the primary methodfor controlling access to Web content on IIS Web serv-Marketplaceers, another set of permissions called Web permissionsThe hard way of detecting Web bugs is to view thealso is involved in the process.These Web permissionsHypertext Markup Language (HTML) source of eachare similar to shared folder permissions for networkWeb page you visit, looking for an embedded URL thatshares in that they affect all users the same way, asreferences a tiny invisible image on another site.A freeopposed to the user-level security implemented withtool called Bugnosis from Privacy FoundationNTFS.The Web permissions available on IIS 5 and 6(www.bugnosis
[ Pobierz całość w formacie PDF ]