Index: S
Symbols
| A
| B
| C
| D
| E
| F
| G
| H
| I
| J
| K
| L
| M
| N
| O
| P
| Q
| R
| S
| T
| U
| V
| W
| X
| Y
| Z
Index: S
- sabotage (see denial of service attacks)
- SAGE (System Administrators Guild): A.6.4. System Administrators Guild (SAGE)
- Samba: 17.4.1. Samba
- sandbox security model: 15.4.3. Java
- SANS Institute: A.6.5. System Administration, Networking, and Security (SANS) Institute
- SATAN (Security Administrator's Tool for Analyzing Networks): 11.6. Running a Security Audit
- B.2.4. SATAN
- sc command: 12.4.1. How Are Services Managed Under Windows NT?
- scanning ports: 4.8.1. Port Scanning
- SCM (Service Control Manager): 12.4.1. How Are Services Managed Under Windows NT?
- scorekeepers: 1.2.2.3. Scorekeepers
- screened hosts
- screened subnets and: 6.5.7. It's Dangerous to Use Both Screened Subnets and Screened Hosts
- architecture of: 6.2. Screened Host Architectures
- screened subnet,
architecture of[: 6.3. Screened Subnet Architectures
- screened subnets
- screened hosts and: 6.5.7. It's Dangerous to Use Both Screened Subnets and Screened Hosts
- architecture of: 6.3. Screened Subnet Architectures
- 24.1. Screened Subnet Architecture
- screening routers: 4.1. What Does a Packet Look Like?
- 4.1. What Does a Packet Look Like?
- 5.2. Packet Filtering
- 6.1.1. Screening Router
- acceptable addresses for: 8.5. Conventions for Packet Filtering Rules
- choosing: 8.8. Choosing a Packet Filtering Router
- configuring: 8.2. Configuring a Packet Filtering Router
- proxy systems: 9. Proxy Systems
- rules for: 8.5. Conventions for Packet Filtering Rules
- where to use: 8.10. Where to Do Packet Filtering
- Secure HTTP: 15.3.6. Securing HTTP
- Secure RPC: 14.1.1. Sun RPC Authentication
- secure shell (see SSH)
- Secure Socket Layer (see SSL)
- security (see rewalls also rewalls)
- (see also rewalls)
- of BSD r commands: 18.2.1. BSD "r" Commands
- on Unix/Linux: 18.2.1. BSD "r" Commands
- on Windows: 18.2.1.1. BSD "r" commands under Windows NT
- of computer games: 23.2. Games
- of database protocols: 23.1.1. Locating Database Servers
- of email: 16.1.1. Keeping Mail Secret
- of FTP: 17.1.4. Providing Anonymous FTP Service
- of ICMP: 22.4. ICMP and Network Diagnostics
- of Java: 15.4.3. Java
- of JavaScript: 15.4.1. JavaScript
- of lpr and lp printing systems: 17.6.1. lpr and lp
- of Net8: 23.1.3.1. Security implications of SQL*Net and Net8
- of NetBT name service: 20.3.6. Security Implications of NetBT Name Service and WINS
- of NIS: 20.2. Network Information Service (NIS)
- of NNTP: 16.9. Network News Transfer Protocol (NNTP)
- of passwords: 21.2. Passwords
- of PostScript printers: 17.6. Printing Protocols
- of programs
- indicators of: 13.5.3. Real Indicators of Security
- evaluating: 13.5. Choosing Security-Critical Programs
- of protocols: C.4. What Makes a Protocol Secure?
- proxying and: 13.4.5. Protocol Security
- of push technologies: 15.6. Push Technologies
- of rdist: 22.6.1. rdist
- of remote graphical interfaces
- on Windows operating systems: 18.3.2. Remote Graphic Interfaces for Microsoft Operating Systems
- of routing protocols: 22.2. Routing Protocols
- of Sendmail: 16.2.7. Sendmail
- of SQL*Net: 23.1.3.1. Security implications of SQL*Net and Net8
- of SSH: 18.2.5.1. What makes SSH secure?
- of VBScript: 15.4.2. VBScript
- of Windows Browser: 20.4.4. Security Implications of the Windows Browser
- of WINS: 20.3.6. Security Implications of NetBT Name Service and WINS
- of X Window System: 18.3.1. X11 Window System
- ActiveX and: 15.4.4. ActiveX
- against system failure: 3.5. Fail-Safe Stance
- audit: 10.10.7. Running a Security Audit
- on Unix: 11.6. Running a Security Audit
- of backups: 10.12. Protecting the Machine and Backups
- bastion host speed and: 10.3.2. How Fast a Machine?
- books on: A.9. Books
- of checksums: 27.5.3. Keeping Secured Checksums
- choke points: 24.1.4.3. Choke point
- 24.2.4.3. Choke point
- default deny stance: 8.2.3. Default Permit Versus Default Deny
- default permit stance: 8.2.3. Default Permit Versus Default Deny
- defense in depth: 24.1.4.2. Defense in depth
- 24.2.4.2. Defense in depth
- designing for network: 1.6.1. Buying Versus Building
- diversity of defense: 3.7. Diversity of Defense
- 24.1.4.7. Diversity of defense
- 24.2.4.7. Diversity of defense
- of DNS: 20.1.4. DNS Security Problems
- drills for, practicing: 27.5.7. Doing Drills
- fail-safe stance: 24.1.4.5. Fail-safe stance
- 24.2.4.5. Fail-safe stance
- host: 1.4.3. Host Security
- of HTTP: 15.1. HTTP Server Security
- incident response teams (see incident response teams)
- incidents (see incidents)
- of IRC: 19.1. Internet Relay Chat (IRC)
- lack of: 1.4. How Can You Protect Your Site?
- least privilege: 24.1.4.1. Least privilege
- 24.2.4.1. Least privilege
- legal responsibilities: 25.2.3. External Factors That Influence Security Policies
- of machine: 10.9. Securing the Machine
- Unix/Linux: 11.2.1. Setting Up System Logs on Unix
- Windows NT: 12.3.1. Setting Up System Logs Under Windows NT
- models: 1.4.2. Security Through Obscurity
- modem pools: 6.6. Terminal Servers and Modem Pools
- netacl: 11.4.1.2. Using netacl to protect services
- networks
- insecure: 6.7.2. Insecure Networks
- protecting: 6.7. Internal Firewalls
- operating system bugs: 10.9.2. Fix All Known System Bugs
- policies for: 1.5.1.1. A firewall is a focus for security decisions
- 25. Security Policies
- reviewing: 25.1.1.6. Provision for reviews
- of POP: 16.6. Post Office Protocol (POP)
- resources for: A. Resources
- sandbox model: 15.4.3. Java
- simplicity of: 3.8. Simplicity
- of SNMP: 22.1.2. Simple Network Management Protocol (SNMP)
- strategies for: 3. Security Strategies
- TCP Wrapper: 11.4.1. Using the TCP Wrapper Package to Protect Services
- terminal servers: 6.6. Terminal Servers and Modem Pools
- time information and: 22.5. Network Time Protocol (NTP)
- universal participation: 3.6. Universal Participation
- 24.1.4.6. Universal participation
- 24.2.4.6. Universal participation
- weakest link: 3.4. Weakest Link
- 24.1.4.4. Weakest link
- 24.2.4.4. Weakest link
- when proxying is ineffective: 9.8.2. Proxying Won't Secure the Service
- when system crashes: 10.12.1. Watch Reboots Carefully
- of whois service: 20.7.2. whois
- zones, Internet Exporer and: 15.2.5. Internet Explorer and Security Zones
- security manager (Java): 15.4.3. Java
- self-decrypting archives: 16.1.1. Keeping Mail Secret
- Sendmail: 2.3.1. Electronic Mail
- 2.3.1. Electronic Mail
- 3.1. Least Privilege
- 16.2.7. Sendmail
- Morris worm: 13.2.2. What Data Does the Protocol Transfer?
- 13.2.3.1. Does it have any other commands in it?
- server
- AAA: 21. Authentication and Auditing Services
- caching: 15.3.4. Proxying Characteristics of HTTP
- 15.5. Cache Communication Protocols
- database, locating: 23.1.1. Locating Database Servers
- DNS
- for internal hosts: 20.1.5.2. Set up a real DNS server on an internal system for internal hosts to use
- setting up fake: 20.1.5.1. Set up a "fake" DNS server on the bastion host for the outside world to use
- FTP, preventing attacks from: 17.1.4.3. Preventing people from using your server to attack other machines
- HTTP: 15.3.2. Special HTTP Servers
- security of: 15.1. HTTP Server Security
- KDC: 21.5.1. How It Works
- mail, evaluating: 16.1.2.1. Junk mail
- proxy (see proxy services)
- routed: 11.3.4.5. routed
- SMB authentication: 21.6.4. SMB Authentication
- SMTP
- for Windows NT: 16.2.13. SMTP Servers for Windows NT
- commercial: 16.2.9. Commercial SMTP Servers for Unix
- freely available: 16.2.8. Other Freely Available SMTP Servers for Unix
- SSH, authentication: 18.2.5.2. SSH server authentication
- TIS FWTK authentication: 21.4.1. The TIS FWTK Authentication Server
- web: 2.2.2. Web Server Security Issues
- Windows Browser: 20.4. The Windows Browser
- WINS, communication among: 20.3.4. WINS Server-Server Communication
- wuarchive: 17.1.4.4. Using the wuarchive FTP daemon
- Server Message Block (SMB) (see SMB)
- Service Control Manager (see SCM)
- service packs, services and: 12.5. Installing and Modifying Services
- services: 13. Internet Services and Firewalls
- booting, on Unix: 11.3.4.3. Booting services
- fir commands: 11.3.4.4. BSD "r" command services
- started by /etc/rc: 11.3.1.1. Services started by /etc/rc files or directories
- biff: 16.2.11. biff
- contacting providers about incidents: 27.1.5.3. Vendors and service providers
- 27.4.4.3. Vendors and service providers
- disabling those not required: 10.10. Disabling Nonrequired Services
- on Unix/Linux: 11.3.2. Disabling Services Under Unix
- 11.3.4. Specific Unix Services to Disable
- on Windows NT: 12.4.2. How to Disable Services Under Windows NT
- 12.4.5. Specific Windows NT Services to Disable
- essential
- on Unix/Linux: 11.3.3. Which Services Should You Leave Enabled?
- on Windows NT: 12.4.4. Which Services Should You Leave Enabled?
- evaluating risks of: 13.2.1. What Operations Does the Protocol Allow?
- information lookup: 20.7. Information Lookup Services
- installing and modifying: 10.10.5. Installing and Modifying Services
- on Windows NT: 12.5. Installing and Modifying Services
- on Unix/Linux: 11.4. Installing and Modifying Services
- LAN-oriented: 10.6. Selecting Services Provided by a Bastion Host
- management of, on Unix/Linux: 11.3.1. How Are Services Managed Under Unix?
- network management (see network, management services)
- protecting with TCP Wrapper: 11.4.1. Using the TCP Wrapper Package to Protect Services
- proxy (see proxy services)
- real-time conferencing: 19. Real-Time Conferencing Services
- registry keys for: 12.4.1.1. Registry keys
- selecting for bastion host: 10.6. Selecting Services Provided by a Bastion Host
- Windows NT: 12.4.1. How Are Services Managed Under Windows NT?
- setgid/setuid capabilities: 11. Unix and Linux Bastion Hosts
- sharing files: 2.4. File Transfer, File Sharing, and Printing
- 2.4.2. File Sharing
- 17.3. Network File System (NFS)
- on Microsoft networks: 17.4. File Sharing for Microsoft Networks
- SHA/SHA-1 algorithms: C.5.3. Cryptographic Hashes and Message Digests
- shell scripts: 11.3.1.1. Services started by /etc/rc files or directories
- shutting down systems: 27.1.3. Disconnect or Shut Down, as Appropriate
- 27.4.3. Planning for Disconnecting or Shutting Down Machines
- Simple Mail Transfer Protocol (see SMTP)
- Simple Network Management Protocol (see SNMP)
- Simple Public Key Infrastructure (SPKI): C.3.2. Certificates
- Simple TCP/IP printing services, disabling: 12.4.5. Specific Windows NT Services to Disable
- single-purpose routers: 8.8.2. It Can Be a Single-Purpose Router or a General-Purpose Computer
- S/Key password program: 21.3.1. One-Time Password Software
- Skipjack algorithm: C.5.1. Encryption Algorithms
- smail program: 16.2.8.1. smail
- smap/smapd programs: 16.2.8.2. Postfix
- 16.2.10. Improving SMTP Security with smap and smapd
- Smart Card service: 12.4.4. Which Services Should You Leave Enabled?
- SMB (Server Message Block): 14.4. Common Internet File System (CIFS) and Server Message Block (SMB)
- 14.4. Common Internet File System (CIFS) and Server Message Block (SMB)
- 17.4. File Sharing for Microsoft Networks
- authentication: 14.4.1. Authentication and SMB
- 21.6.4. SMB Authentication
- S/MIME: 16.1.4. S/MIME and OpenPGP
- SMS (System Management Server): 22.1.3. System Management Server (SMS)
- SMTP (Simple Mail Transfer Protocol): 2.3.1. Electronic Mail
- 10.6. Selecting Services Provided by a Bastion Host
- 16.2. Simple Mail Transfer Protocol (SMTP)
- configuring: 24.2.1.2. SMTP
- firewalls and: 16.2.6. Configuring SMTP to Work with a Firewall
- in screened subnet architecture: 24.1.1.2. SMTP
- proxying: 9.4. Proxying Without a Proxy Server
- servers
- for Windows NT: 16.2.13. SMTP Servers for Windows NT
- commercial: 16.2.9. Commercial SMTP Servers for Unix
- freely available: 16.2.8. Other Freely Available SMTP Servers for Unix
- for Unix (see Sendmail)
- snapshots, system: 27.1.6. Snapshot the System
- planning for: 27.4.5. Planning for Snapshots
- sniffers: 1.2.1.3. Information theft
- 13.1.6. Packet Sniffing
- protecting against: 13.1.10. Protecting Services
- sniffing for passwords: 21.3.1. One-Time Password Software
- SNMP (Simple Network Management Protocol): 2.9.1. System Management
- 22.1.2. Simple Network Management Protocol (SNMP)
- disabling, on Windows NT: 12.4.5. Specific Windows NT Services to Disable
- snuffie program: 10.10.1.1. Next steps after disabling services
- social manipulation attacks: 2.3.1. Electronic Mail
- SOCKS package: 5.3. Proxy Services
- 9.5. Using SOCKS for Proxying
- B.4.2. SOCKS
- functions: 9.5.4. Converting Clients to Use SOCKS
- HTTP proxying on, in screened subnet architecture: 24.1.1.1. HTTP and HTTPS
- modified finger service: 20.7.1.2. Proxying characteristics of finger
- proxy system for ping: 22.4.1.2. Proxying characteristics of ping
- versions: 9.5.1. Versions of SOCKS
- software
- installing on machine: 10.10.6. Reconfiguring for Production
- 11.5. Reconfiguring for Production
- proxying: 5.3. Proxy Services
- 5.3.2.1. Proxy services lag behind nonproxied services
- 5.3.2.1. Proxy services lag behind nonproxied services
- 9.2. How Proxying Works
- routers (see routers)
- system monitoring: 10.11.2. Consider Using Software to Automate Monitoring
- viruses: 1.5.2.4. A firewall can't fully protect against viruses
- source address
- filtering by: 8.6.1. Risks of Filtering by Source Address
- forgery: 8.6.1. Risks of Filtering by Source Address
- source port, filtering by: 8.7.4. Risks of Filtering by Source Port
- source routing: 10.10.3. Turning Off Routing
- option, IP: 4.2.2. IP Options
- spam: 16.1.2.1. Junk mail
- speed, processing: 10.3.2. How Fast a Machine?
- spell command, Unix: 11.6. Running a Security Audit
- spies: 1.2.2.4. Spies (industrial and otherwise)
- SPKI (Simple Public Key Infrastructure): C.3.2. Certificates
- split-screened subnets, architecture of: 6.4.1. Split-Screened Subnet
- Spooler service: 12.4.4. Which Services Should You Leave Enabled?
- SQL Server: 23.1.6. Microsoft SQL Server
- SQL*Net: 23.1.3. Oracle SQL*Net and Net8
- SSH (secure shell): 18.2.5. Secure Shell (SSH)
- configuring, in screened subnet architecture: 24.1.1.4. SSH
- security of: 18.2.5.1. What makes SSH secure?
- X Window System, support for: 18.2.5.7. Remote X11 Window System support
- SSL (Secure Socket Layer): 14.7. Transport Layer Security (TLS) and Secure Socket Layer (SSL)
- email and: 16.2.2. TLS/SSL, SSMTP, and STARTTLS
- SSMTP: 16.2.2. TLS/SSL, SSMTP, and STARTTLS
- Start registry key: 12.4.1.1. Registry keys
- STARTTLS: 16.2.2. TLS/SSL, SSMTP, and STARTTLS
- startup scripts: 11.3.1.1. Services started by /etc/rc files or directories
- statd: 17.3.4. File Locking with NFS
- Subkeys registry key: 12.4.1.1. Registry keys
- subnet architecture, screened: 6.3. Screened Subnet Architectures
- 24.1. Screened Subnet Architecture
- Sun RPC: 14.1. Remote Procedure Call (RPC)
- 14.1. Remote Procedure Call (RPC)
- authentication: 14.1.1. Sun RPC Authentication
- swap process: 11.3.3. Which Services Should You Leave Enabled?
- Sybase: 23.1.5. Sybase
- syslog protocol: 22.1.1. syslog
- daemons: 11.2.1. Setting Up System Logs on Unix
- example output from: 26.2.3. What Should You Watch For?
- syslogd process: 11.3.3. Which Services Should You Leave Enabled?
- system
- crashes, watching carefully: 10.12.1. Watch Reboots Carefully
- cryptographic, components of: C.2. Key Components of Cryptographic Systems
- customized: 27.1.7. Restore and Recover
- defense, diversity of: 3.7. Diversity of Defense
- documenting after incident: 27.1.6. Snapshot the System
- 27.4.5. Planning for Snapshots
- failure of: 3.5. Fail-Safe Stance
- keeping up-to-date: 26.3.2. Keeping Your Systems up to Date
- labeling and diagramming: 27.5.2. Labeling and Diagramming Your System
- logs (see logs)
- monitoring: 10.11.2. Consider Using Software to Automate Monitoring
- 26.2. Monitoring Your System
- operating, testing reload of: 27.5.6. Testing the Reload of the Operating System
- rebuilding: 27.1.7. Restore and Recover
- restoring after incident: 27.1.7. Restore and Recover
- planning for: 27.4.6. Planning for Restoration and Recovery
- shutting down: 27.1.3. Disconnect or Shut Down, as Appropriate
- System Management Server (SMS): 22.1.3. System Management Server (SMS)
Symbols
| A
| B
| C
| D
| E
| F
| G
| H
| I
| J
| K
| L
| M
| N
| O
| P
| Q
| R
| S
| T
| U
| V
| W
| X
| Y
| Z
Copyright © 2002
O'Reilly & Associates, Inc.
All Rights Reserved.