Search |
A
| B
| C
| D
| E
| F
| G
| H
| I
| J
| K
| L
| M
| N
| O
| P
| R
| S
| T
| U
| V
| W
| X
| Y
| Z
Index: S
- S/Key password program
: 10.3.1. One-Time Passwords
- sabotage
: (see denial of service)
- SAGE (System Administrators Guild)
: A.5.5. System Administrators Guild (SAGE)
- SATAN package
- 12.2.4. Responding to Probes
- B.2.4. SATAN
- score keepers
: 1.2.2.3. Score Keepers
- screend package
- 6.5. Conventions for Packet Filtering Rules
- B.3.1. screend
- screened host architecture
- 4.2.2. Screened Host Architecture
- 9.2. Screened Host Architecture
- screened subnet architecture
- 4.2.3. Screened Subnet Architecture
- 9.1. Screened Subnet Architecture
- with dual-homed host architecture
: 4.3.8. It's OK to Use Dual-Homed Hosts and Screened Subnets
- screening routers
- 4.1.1. Packet Filtering
- 6. Packet Filtering
- (see also packets, filtering)
- acceptable addresses for
: 6.5. Conventions for Packet Filtering Rules
- choosing
: 6.8. Choosing a Packet Filtering Router
- configuring
: 6.2. Configuring a Packet Filtering Router
- proxy systems and
: 7. Proxy Systems
- rules for
: 6.5. Conventions for Packet Filtering Rules
- where to use
: 6.8.8. It Should Have Good Testing and Validation Capabilities
- search programs
: 2.6. Other Information Services
- Secure HTTP
: 8.6.4. Secure HTTP
- security
- 1.4. What Is an Internet Firewall?
- 8.1.1.1. SMTP for UNIX: Sendmail
- 8.10.4. DNS Security Problems
- (see also firewalls)
- against system failure
: 3.5. Fail-Safe Stance
- audit
: 5.8.5. Running a Security Audit
- of backups
: 5.10. Protecting the Machine and Backups
- bastion host speed and
: 5.3.2. How Fast a Machine?
- choke points
- 9.1.4.3. Choke point
- 9.2.3.3. Choke point
- of commercial authentication systems
: 10.4.3. Commercial Solutions
- cryptography
: 10. Authentication and Inbound Services
- default deny stance
: 6.2.3. Default Permit Versus Default Deny
- default permit stance
: 6.2.3. Default Permit Versus Default Deny
- defense in depth
- 9.1.4.2. Defense in depth
- 9.2.3.2. Defense in depth
- designing for network
: 1.4.3. Buying Versus Building
- diversity of defense
- 3.7. Diversity of Defense
- 9.1.4.7. Diversity of defense
- 9.2.3.7. Diversity of defense
- encryption, network-level
: 10.5. Network-Level Encryption
- fail-safe stance
- 9.1.4.5. Fail-safe stance
- 9.2.3.5. Fail-safe stance
- host
: 1.3.3. Host Security
- important of simplicity of
: 3.8. Simplicity
- incident response teams
: (see incident response teams)
- incidents
: (see incidents)
- insecure networks
: 4.4.2. Insecure Networks
- IRC and
: 8.9.2. Internet Relay Chat (IRC)
- keeping checksums secure
: 13.5.3. Keeping Secured Checksums
- lack of
: 1.3. How Can You Protect Your Site?
- least privilege
- 9.1.4.1. Least privilege
- 9.2.3.1. Least privilege
- legal responsibilities
: 11.2.3. External Factors That Influence Security Policies
- of machine
: 5.8.1. Securing the Machine
- modem pools
: 10.6. Terminal Servers and Modem Pools
- netacl
: 5.8.3.2. Using netacl to protect services
- network
: (see network)
- operating system bugs
: 5.8.1.2. Fix all known system bugs
- policies for
- 1.4.1.1. A firewall is a focus for security decisions
- 11. Security Policies
- reviewing
: 11.1.1.5. Provision for reviews
- of POP
: 8.1.2. Post Office Protocol (POP)
- practicing drills for
: 13.5.7. Doing Drills
- protecting the network internally
: 4.4. Internal Firewalls
- protocol, and proxying
: 7.4.3. Protocol Security
- regarding HTTP
: 8.6.3. HTTP Security Concerns
- resources for
: A. Resources
- responding to incidents
: 13. Responding to Security Incidents
- reviewing response strategies
: 13.4.8. Periodic Review of Plans
- SNMP
: 8.12.1. Simple Network Management Protocol (SNMP)
- strategies for
: 3. Security Strategies
- TCP Wrapper
: 5.8.3.1. Using the TCP Wrapper package to protect services
- terminal servers
: 10.6. Terminal Servers and Modem Pools
- through obscurity
: 1.3.2. Security Through Obscurity
- time information and
: 8.13. Network Time Protocol (NTP)
- universal participation
: 3.6. Universal Participation
- weakest link
- 3.4. Weakest Link
- 9.1.4.4. Weakest link
- 9.2.3.4. Weakest link
- when proxying is ineffective
: 7.8.2. Proxying Won't Secure the Service
- when system crashes
: 5.10.1. Watch Reboots Carefully
- with whois service
: 8.8.2. whois
- X11 window system mechanisms
: 8.16. X11 Window System
- Sendmail
- 2.1. Electronic Mail
- 3.1. Least Privilege
- 8.1.1.1. SMTP for UNIX: Sendmail
- (see also SMTP)
- Morris worm
: 8.1. Electronic Mail
- servers
- Archie, running
: 8.7.3.4. Running an Archie server
- DNS
- for internal hosts
: 8.10.5.2. Set up a real DNS server on an internal system for internal hosts to use
- setting up fake
: 8.10.5.1. Set up a `fake' DNS server on the bastion host for the outside world to use
- routed
: 5.8.2.4. Which services should you disable?
- servers, proxy
: (see proxy services)
- services host
: 9.2. Screened Host Architecture
- services, inbound
: (see inbound, services)
- services, Internet
: 2. Internet Services
- booting
: 5.8.2.4. Which services should you disable?
- configuring
: 8. Configuring Internet Services
- contacting providers about incidents
- 13.1.4.3. Vendors and service providers
- 13.4.4.3. Vendors and service providers
- default deny stance
: 3.5.1. Default Deny Stance: That Which Is Not Expressly Permitted Is Prohibited
- default permit stance
: 3.5.2. Default Permit Stance: That Which Is Not Expressly Prohibited Is Permitted
- direct access to
: 7.1.1.1. Proxy services allow users to access Internet services `directly'
- disabling those not required
: 5.8.2. Disabling Nonrequired Services
- filtering by
: 6.7. Filtering by Service
- information lookup services
: 8.8. Information Lookup Services
- installing and modifying
: 5.8.3. Installing and Modifying Services
- LAN-oriented
: 5.6. Selecting Services Provided by the Bastion Host
- NFS (Network File System)
: 5.8.2.4. Which services should you disable?
- protecting with TCP Wrapper
: 5.8.3.1. Using the TCP Wrapper package to protect services
- proxying with
: 7.4. Using Proxying with Internet Services
- "r" commands
: 5.8.2.4. Which services should you disable?
- real-time conferencing
: 8.9. Real-Time Conferencing Services
- RPC (Remote Procedure Call)
: 5.8.2.4. Which services should you disable?
- selecting for bastion host
: 5.6. Selecting Services Provided by the Bastion Host
- started by /etc/rc
: 5.8.2.1. How are services managed?
- Telnet
: (see Telnet)
- services, network management
: (see network, management services)
- services, proxy
: (see proxy services)
- services, store-and-forward
: 7.5. Proxying Without a Proxy Server
- setgid capability
: 5.3.1. What Operating System?
- setuid capability
: 5.3.1. What Operating System?
- shell scripts
: 5.8.2.1. How are services managed?
- shutting down
- 13.1.2. Disconnect or Shut Down, as Appropriate
- 13.4.3. Planning for Disconnecting or Shutting Down Machines
- Simple Mail Transfer Protocol
: (see SMTP)
- Simple Network Management Protocol
: (see SNMP)
- single-purpose routers
: 6.8.2. It Can Be a Single-Purpose Router or a General-Purpose Computer
- smap package
: 8.1.1.3. Improving SMTP security with smap and smapd
- smapd program
: 8.1.1.3. Improving SMTP security with smap and smapd
- SMTP (Simple Mail Transfer Protocol)
- 2.1. Electronic Mail
- 5.6. Selecting Services Provided by the Bastion Host
- 7.5. Proxying Without a Proxy Server
- 8.1.1. Simple Mail Transfer Protocol (SMTP)
- configuring
- firewalls and
: 8.1.1.6. Configuring SMTP to work with a firewall
- in screened host architecture
: 9.2.1.3. SMTP
- in screened subnet architecture
: 9.1.1.3. SMTP
- for UNIX
: (see Sendmail)
- snapshots, system
- 13.1.5. Snapshot the System
- 13.4.5. Planning for Snapshots
- sniffing for passwords
- 1.2.1.3. Information Theft
- 10.1.2. Packet Sniffing
- 10.3.1. One-Time Passwords
- (see also network, taps)
- SNK-004 card, TIS FWTK
: 10.3.3. Challenge-Response Schemes
- SNMP (Simple Network Management Protocol)
: 2.10. Network Management Services
- configuring
: 8.12.1. Simple Network Management Protocol (SNMP)
- snuffle program
: 5.8.2.2. How to disable services
- sockets
: C.12.3. Sockets
- SOCKS package
- 4.1.2. Proxy Services
- 7.6. Using SOCKS for Proxying
- B.4.2. SOCKS
- (see also proxy services)
- functions
: 7.6. Using SOCKS for Proxying
- HTTP proxying on
- in screened subnet architecture
: 9.1.1.5. HTTP
- modified finger service
: 8.8.1.2. Proxying characteristics of finger
- software
- to automatically monitor the system
: 5.9.2. Consider Writing Software to Automate Monitoring
- installing on machine
: 5.8.4. Reconfiguring for Production
- proxying
- 4.1.2. Proxy Services
- 7.1.2.1. Proxy services lag behind nonproxied services
- 7.2. How Proxying Works
- (see also proxy services)
- router
: (see routers)
- viruses and
: 1.4.2.4. A firewall can't protect against viruses
- source address
- filtering by
: 6.6.1. Risks of Filtering by Source Address
- forgery
: 6.6.1. Risks of Filtering by Source Address
- source port, filtering by
: 6.7.4. Risks of Filtering by Source Port
- source routing
- 5.8.2.5. Turning off routing
- 6.3.2.1. IP options
- speed, processing
: 5.3.2. How Fast a Machine?
- spell command, UNIX
: 5.8.5.3. About checksums for auditing
- spies
: 1.2.2.4. Spies (Industrial and Otherwise)
- startup scripts
: 5.8.2.1. How are services managed?
- store-and-forward services
: 7.5. Proxying Without a Proxy Server
- subnet architecture, screened
- 4.2.3. Screened Subnet Architecture
- 9.1. Screened Subnet Architecture
- subnets
: C.9.2. Subnets
- Sun RPC
: (see RPC)
- supporting Internet services
: (see services, Internet)
- SWATCH program
- 5.9.2. Consider Writing Software to Automate Monitoring
- B.6.4. SWATCH
- SYN (synchronize sequence numbers) bit
: C.6.2. Transmission Control Protocol
- syslog
: 5.8.1.4. Safeguard the system logs
- configuring
: 8.11. syslog
- example output from
: 12.2.2. What Should You Watch For?
- SWATCH program with
: 5.9.2. Consider Writing Software to Automate Monitoring
- system
- autonomous
: C.10. Internet Routing Architecture
- crashes, watching carefully
: 5.10.1. Watch Reboots Carefully
- customized
: 13.1.6. Restore and Recover
- defense, diversity of
: 3.7. Diversity of Defense
- documenting after incident
- 13.1.5. Snapshot the System
- 13.4.5. Planning for Snapshots
- failure of
: 3.5. Fail-Safe Stance
- keeping up-to-date
: 12.3.2. Keeping Your Systems Up To Date
- labeling and diagramming
: 13.5.2. Labeling and Diagraming Your System
- logging activity
: (see logs)
- monitoring
- 5.9.2. Consider Writing Software to Automate Monitoring
- 12.2. Monitoring Your System
- operating, testing reload of
: 13.5.6. Testing the Reload of the Operating System
- rebuilding
: 13.1.6. Restore and Recover
- restoring after incident
: 13.1.6. Restore and Recover
- planning for
: 13.4.6. Planning for Restoration and Recovery
- shutting down
: 13.1.2. Disconnect or Shut Down, as Appropriate
- System Dynamics cards
: 10.3.2. Time-based Passwords
Search |
A
| B
| C
| D
| E
| F
| G
| H
| I
| J
| K
| L
| M
| N
| O
| P
| R
| S
| T
| U
| V
| W
| X
| Y
| Z
Copyright © 1999
O'Reilly & Associates, Inc.
All Rights Reserved.