Who should attend: Anyone responsible for running a Web site who wants to under stand the tradeoffs in making it secure. Anyone seeking to understand how the Web is likely to be secured.

What you will learn: A comparison of available methods of Web security.

The World Wide Web is perhaps the most important enabler (so far) of electronic commerce. It has grabbed the popular imagination and the engineering and marketing efforts of a generation of on-line entrepreneurs and con sumers. But the Web was initially designed with little thought to industrial-strength secur ity. Over the past several years numerous proposals have surfaced to secure the Web. This course will survey them with the goal of understanding the strengths and weaknesses of each.

Topics include:

- Client-server network security
- A brief overview of encryption and its role in all security
- Simple schemes: Basic Auth
- Prevailing protocols: SSL, S-HTTP, PCT
- IP security
- Payment protocols: Cybercash, Digicash, Open Market, First Virtual, Visa/Mastercard (SET) and others
- Secure operation: Configuration, containment, interaction with firewalls, replication, proxy servers, logging

Daniel E. Geer, Jr. is vice president of CertCo, LLC, a market leader in digital certification for electronic commerce. He has a long history in network security and distributed computing management as an entrepreneur, consultant, teacher, and architect. He is co-author of the Web Security Sourcebook. He earned a BS from MIT and a PhD from Harvard.

Jon Rochlis is a senior consultant for SystemExperts Corp. He provides high-level advice on network security, distri buted systems design and management, high-availa bility, and electronic commerce. Before joining SystemExperts, he was engineering manager with BBN Planet.

Tutorials at-a-Glance     Tutorial Instructors