Book Home

Building Internet FirewallsSearch this book

Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Index: P

packages, auditing: 10.10.7.1. Auditing packages
Unix: 11.6. Running a Security Audit
packet altering: 4.1. What Does a Packet Look Like?
IP (see IP)
packet filtering: 5.1. Some Firewall Definitions
5.2. Packet Filtering
8. Packet Filtering
implementations, on general-purpose computers: 8.9. Packet Filtering Implementations for General-Purpose Computers
on Windows NT: 8.9.5. Windows NT Packet Filtering
by address: 8.6. Filtering by Address
administering systems: 8.4. Packet Filtering Tips and Tricks
bastion hosts, protection for: 10.10.4. Controlling Inbound Traffic
bugs in packages: 5.2.2.1. Current filtering tools are not perfect
conventions for: 8.8.3. It Should Allow Simple Specification of Rules
dynamic: 8.1.2. Stateful or Dynamic Packet Filtering
examples of: 8.12. Putting It All Together
with exterior router: 6.3.4. Exterior Router
inbound vs. outbound: 8.8.6. It Should Apply Rules Separately to Incoming and Outgoing Packets, on a Per-Interface Basis
with interior router: 6.3.3. Interior Router
perimeter, encryption and: 5.5.1. Where Do You Encrypt?
routers, configuring: 8.2. Configuring a Packet Filtering Router
rules for: 8.5. Conventions for Packet Filtering Rules
8.11. What Rules Should You Use?
8.12. Putting It All Together
24.2.2. Packet Filtering Rules
in screened subnet architecture: 24.1.2. Packet Filtering Rules
editing offline: 8.4.1. Edit Your Filtering Rules Offline
IP addresses in: 8.4.4. Always Use IP Addresses, Never Hostnames
reloading: 8.4.2. Reload Rule Sets from Scratch Each Time
sequence of: 8.8.5. It Should Apply Rules in the Order Specified
updating: 8.4.3. Replace Packet Filters Atomically
with screened host architecture: 6.2. Screened Host Architectures
by service: 8.7. Filtering by Service
by source port: 8.7.4. Risks of Filtering by Source Port
stateful: 8.1.2. Stateful or Dynamic Packet Filtering
tools for: B.3. Packet Filtering Tools
where to do: 8.10. Where to Do Packet Filtering
packet ltering
routers, choosing: 8.8. Choosing a Packet Filtering Router
testing: 8.8.8. It Should Have Good Testing and Validation Capabilities
packet sniffing attacks: 13.1.6. Packet Sniffing
protecting against: 13.1.10. Protecting Services
packets: 4. Packets and Protocols
5.1. Some Firewall Definitions
22.4.2. traceroute
(see also traceroute program)
accepted/dropped, logging: 8.8.7. It Should Be Able to Log Accepted and Dropped Packets
forged: 8.2.3. Default Permit Versus Default Deny
fragmenting: 4.1.1.2. IP layer
4.2.3. IP Fragmentation
handling (by router): 8.3. What Does the Router Do with Packets?
headers of: 4.1. What Does a Packet Look Like?
ICMP: 22.4.3. Other ICMP Packets
inbound vs. outbound: 8.2.2. Be Careful of "Inbound" Versus "Outbound" Semantics
sniffing: 4.8.4. Packet Interception
13.1.10. Protecting Services
programs: 13.1.6. Packet Sniffing
source-routed: 10.10.3. Turning Off Routing
structure: 4.1. What Does a Packet Look Like?
TCP: 4.3.1. TCP
UDP: 4.3.2. UDP
page process: 11.3.3. Which Services Should You Leave Enabled?
PAM (Pluggable Authentication Modules): 21.4.2. Pluggable Authentication Modules (PAM)
papers, security-related: A.8. Papers
passive (or PASV) mode, FTP: 17.1.1. Packet Filtering Characteristics of FTP
password aging: 26.1.2. Managing Your Accounts
passwords: 21.1. What Is Authentication?
21.1.2. Something You Know
for packet filters: 8.4.5. Password Protect Your Packet Filters
on PostScript printers: 17.6. Printing Protocols
in SSH: 18.2.5.3. SSH client authentication
on web pages: 15.2.1. Inadvertent Release of Information
automatically generated: 21.2. Passwords
cracking: 21.2. Passwords
false authentication and: 13.1.4. False Authentication of Clients
one-time: 21.1.3. Something You Have
21.3.1. One-Time Password Software
stealing with network taps: 1.2.1.3. Information theft
time-based: 21.5. Kerberos
Unix: 21.2. Passwords
Windows NT: 21.2. Passwords
patches: 26.3.2. Keeping Your Systems up to Date
pcbind service: 11.3.4.2. Other RPC services
Performance Monitor: 22.1.4. Performance Monitor and Network Monitor
performance, with multiple interior routers: 6.5.5. It's Dangerous to Use Multiple Interior Routers
perimeter networks: 5.1. Some Firewall Definitions
6.3.1. Perimeter Network
shared: 6.7.5. A Shared Perimeter Network Allows an "Arms-Length"Relationship
PGP program: 12.4.3. Next Steps After Disabling Services
ping program: 2.9.3. Network Diagnostics
22.4.1. ping
PKIX (Public-Key Infrastructure X.509): C.3.2. Certificates
plaintext: C.2.1. Encryption
platforms: 0.3. Platforms
playback attacks: 13.1.4. False Authentication of Clients
Plug and Play service: 12.4.4. Which Services Should You Leave Enabled?
plug-gw proxy: 9.6.3. Generic Proxying with TIS FWTK
plug-ins: 2.2.1. Web Client Security Issues
15.2.2. External Viewers
Pluggable Authentication Modules (PAM): 21.4.2. Pluggable Authentication Modules (PAM)
PlugPlayServiceType registry key: 12.4.1.1. Registry keys
Point-to-Point Protocol (PPP): 14.11. Point-to-Point Tunneling Protocol (PPTP)
Pointcast program: 15.6. Push Technologies
policy, security (see security, policies for)
POP (Post Ofce Protocol): 2.3.1. Electronic Mail
POP (Post Office Protocol): 16.6. Post Office Protocol (POP)
port forwarding, in SSH: 18.2.5.6. Port forwarding
port numbers
assigned: 13.4.4. Assigned Ports
finding: 13.3. Analyzing Other Protocols
client: 13. Internet Services and Firewalls
setting: 14.1.3. Packet Filtering Characteristics of RPC
portmap service: 11.3.4.2. Other RPC services
11.3.4.2. Other RPC services
B.5.7. portmap
portmapper server: 14.1. Remote Procedure Call (RPC)
17.3.6. Packet Filtering Characteristics of NFS
ports
network address translation: 5.4.2.5. Dynamic allocation of ports may interfere with packet filtering
scanning: 4.8.1. Port Scanning
source, filtering by: 8.7.4. Risks of Filtering by Source Port
Postfix program: 16.2.8.2. Postfix
PostScript
files: 15.2.2. External Viewers
printers, attacks from: 17.6. Printing Protocols
PPP (Point-to-Point Protocol): 14.11. Point-to-Point Tunneling Protocol (PPTP)
printing: 3.1. Least Privilege
17.6. Printing Protocols
Hewlett-Packard printers: 17.6.3. Other Printing Systems
PostScript printers: 17.6. Printing Protocols
systems: 2.4.3. Printing Systems
Windows-based: 17.6.2. Windows-based Printing
private newsgroups: 2.3.2. Usenet News
privileges, root: 16.2.7. Sendmail
probes, responding to: 26.2.5. Responding to Probes
procedures for proxying, custom: 9.2.3. Using Proxy-Aware User Procedures for Proxying
processing speed: 10.3.2. How Fast a Machine?
programming languages, web-related: 15.4. Mobile Code and Web-Related Languages
programs
uploading on HTTP servers: 15.1.1.2. Running unexpected external programs
evaluating security of: 13.5. Choosing Security-Critical Programs
external
on HTTP clients: 15.2.3. Extension Systems
on HTTP servers: 15.1.1. HTTP Extensions
removing nonessential: 11.5.2. Remove Nonessential Programs
removing nonessential on Windows NT: 12.4.3. Next Steps After Disabling Services
promiscuous mode: 10.5. Locating Bastion Hosts on the Network
Protected Storage service: 12.4.4. Which Services Should You Leave Enabled?
protocol checking: 8.1.3. Protocol Checking
protocol modification: 13.4.5. Protocol Security
protocols
from OSI: 16.3. Other Mail Transfer Protocols
analyzing: 13.2.4. What Else Can Come in If I Allow This Service?
assigned port numbers: 13.4.4. Assigned Ports
bidirectionality of: 8.2.1. Protocols Are Usually Bidirectional
custom: 23.1.1.4. Using a custom protocol to connect to a perimeter web server
evaluating: 13.2.1. What Operations Does the Protocol Allow?
file synchronization: 22.6. File Synchronization
implementation of, evaluating: 13.2.3. How Well Is the Protocol Implemented?
above IP: 4.3. Protocols Above IP
below IP: 4.4. Protocols Below IP
non-IP: 4.7. Non-IP Protocols
routing: 22.2. Routing Protocols
security of: C.4. What Makes a Protocol Secure?
proxying and: 13.4.5. Protocol Security
time-dependence of: 22.5. Network Time Protocol (NTP)
Proxy Server: 9.7. Using Microsoft Proxy Server
proxy services: 5.1. Some Firewall Definitions
5.3. Proxy Services
9. Proxy Systems
without proxy server: 9.4. Proxying Without a Proxy Server
advantages/disadvantages: 5.3.1. Advantages of Proxying
application- versus circuit-level: 9.3.1. Application-Level Versus Circuit-Level Proxies
generic vs. dedicated: 9.3.2. Generic Versus Dedicated Proxies
intelligent servers: 9.3.3. Intelligent Proxy Servers
Microsoft Proxy Server: 9.7. Using Microsoft Proxy Server
multiple operating systems: 9.1. Why Proxying?
protocol security: 13.4.5. Protocol Security
SOCKS package for: 9.5. Using SOCKS for Proxying
software for: 9.2. How Proxying Works
TIS Internet Firewalls Toolkit for: 9.6. Using the TIS Internet Firewall Toolkit for Proxying
tools for: B.4. Proxy Systems Tools
when unable to provide: 9.8. What If You Can't Proxy?
public key cryptography: C.2.1.1. Kinds of encryption algorithms
C.4.3. Sharing a Secret
in SSH: 18.2.5.2. SSH server authentication
18.2.5.3. SSH client authentication
Public-Key Infrastructure X.509 (PKIX): C.3.2. Certificates
pull technology: 15.6. Push Technologies
pursuing intruders: 27.3. Pursuing and Capturing the Intruder
push technologies: 15.6. Push Technologies


Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z


Library Navigation Links

Copyright © 2002 O'Reilly & Associates, Inc. All Rights Reserved.