Search | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | Y | Z

Index: S

(see also firewalls)

against system failure : 3.5. Fail-Safe Stance

audit : 5.8.5. Running a Security Audit

of backups : 5.10. Protecting the Machine and Backups

bastion host speed and : 5.3.2. How Fast a Machine?

choke points

9.1.4.3. Choke point
9.2.3.3. Choke point

of commercial authentication systems : 10.4.3. Commercial Solutions

cryptography : 10. Authentication and Inbound Services

default deny stance : 6.2.3. Default Permit Versus Default Deny

default permit stance : 6.2.3. Default Permit Versus Default Deny

defense in depth

9.1.4.2. Defense in depth
9.2.3.2. Defense in depth

designing for network : 1.4.3. Buying Versus Building

diversity of defense

3.7. Diversity of Defense
9.1.4.7. Diversity of defense
9.2.3.7. Diversity of defense

encryption, network-level : 10.5. Network-Level Encryption

fail-safe stance

9.1.4.5. Fail-safe stance
9.2.3.5. Fail-safe stance

host : 1.3.3. Host Security

important of simplicity of : 3.8. Simplicity

incident response teams : (see incident response teams)

incidents : (see incidents)

insecure networks : 4.4.2. Insecure Networks

IRC and : 8.9.2. Internet Relay Chat (IRC)

keeping checksums secure : 13.5.3. Keeping Secured Checksums

lack of : 1.3. How Can You Protect Your Site?

least privilege

9.1.4.1. Least privilege
9.2.3.1. Least privilege

legal responsibilities : 11.2.3. External Factors That Influence Security Policies

of machine : 5.8.1. Securing the Machine

modem pools : 10.6. Terminal Servers and Modem Pools

netacl : 5.8.3.2. Using netacl to protect services

network : (see network)

operating system bugs : 5.8.1.2. Fix all known system bugs

policies for

1.4.1.1. A firewall is a focus for security decisions
11. Security Policies
reviewing : 11.1.1.5. Provision for reviews

of POP : 8.1.2. Post Office Protocol (POP)

practicing drills for : 13.5.7. Doing Drills

protecting the network internally : 4.4. Internal Firewalls

protocol, and proxying : 7.4.3. Protocol Security

regarding HTTP : 8.6.3. HTTP Security Concerns

resources for : A. Resources

responding to incidents : 13. Responding to Security Incidents

reviewing response strategies : 13.4.8. Periodic Review of Plans

SNMP : 8.12.1. Simple Network Management Protocol (SNMP)

strategies for : 3. Security Strategies

TCP Wrapper : 5.8.3.1. Using the TCP Wrapper package to protect services

terminal servers : 10.6. Terminal Servers and Modem Pools

through obscurity : 1.3.2. Security Through Obscurity

time information and : 8.13. Network Time Protocol (NTP)

universal participation : 3.6. Universal Participation

weakest link

3.4. Weakest Link
9.1.4.4. Weakest link
9.2.3.4. Weakest link

when proxying is ineffective : 7.8.2. Proxying Won't Secure the Service

when system crashes : 5.10.1. Watch Reboots Carefully

with whois service : 8.8.2. whois

X11 window system mechanisms : 8.16. X11 Window System

Sendmail

2.1. Electronic Mail
3.1. Least Privilege
8.1.1.1. SMTP for UNIX: Sendmail
(see also SMTP)
Morris worm : 8.1. Electronic Mail

servers

Archie, running : 8.7.3.4. Running an Archie server

DNS

for internal hosts : 8.10.5.2. Set up a real DNS server on an internal system for internal hosts to use
setting up fake : 8.10.5.1. Set up a `fake' DNS server on the bastion host for the outside world to use

routed : 5.8.2.4. Which services should you disable?

servers, proxy : (see proxy services)

services host : 9.2. Screened Host Architecture

services, inbound : (see inbound, services)

services, Internet : 2. Internet Services

booting : 5.8.2.4. Which services should you disable?

configuring : 8. Configuring Internet Services

contacting providers about incidents

13.1.4.3. Vendors and service providers
13.4.4.3. Vendors and service providers

default deny stance : 3.5.1. Default Deny Stance: That Which Is Not Expressly Permitted Is Prohibited

default permit stance : 3.5.2. Default Permit Stance: That Which Is Not Expressly Prohibited Is Permitted

direct access to : 7.1.1.1. Proxy services allow users to access Internet services `directly'

disabling those not required : 5.8.2. Disabling Nonrequired Services

filtering by : 6.7. Filtering by Service

information lookup services : 8.8. Information Lookup Services

installing and modifying : 5.8.3. Installing and Modifying Services

LAN-oriented : 5.6. Selecting Services Provided by the Bastion Host

NFS (Network File System) : 5.8.2.4. Which services should you disable?

protecting with TCP Wrapper : 5.8.3.1. Using the TCP Wrapper package to protect services

proxying with : 7.4. Using Proxying with Internet Services

"r" commands : 5.8.2.4. Which services should you disable?

real-time conferencing : 8.9. Real-Time Conferencing Services

RPC (Remote Procedure Call) : 5.8.2.4. Which services should you disable?

selecting for bastion host : 5.6. Selecting Services Provided by the Bastion Host

started by /etc/rc : 5.8.2.1. How are services managed?

Telnet : (see Telnet)

services, network management : (see network, management services)

services, proxy : (see proxy services)

services, store-and-forward : 7.5. Proxying Without a Proxy Server

setgid capability : 5.3.1. What Operating System?

setuid capability : 5.3.1. What Operating System?

shell scripts : 5.8.2.1. How are services managed?

shutting down

13.1.2. Disconnect or Shut Down, as Appropriate
13.4.3. Planning for Disconnecting or Shutting Down Machines

Simple Mail Transfer Protocol : (see SMTP)

Simple Network Management Protocol : (see SNMP)

single-purpose routers : 6.8.2. It Can Be a Single-Purpose Router or a General-Purpose Computer

smap package : 8.1.1.3. Improving SMTP security with smap and smapd

smapd program : 8.1.1.3. Improving SMTP security with smap and smapd

SMTP (Simple Mail Transfer Protocol)

2.1. Electronic Mail

5.6. Selecting Services Provided by the Bastion Host

7.5. Proxying Without a Proxy Server

8.1.1. Simple Mail Transfer Protocol (SMTP)

configuring

firewalls and : 8.1.1.6. Configuring SMTP to work with a firewall
in screened host architecture : 9.2.1.3. SMTP
in screened subnet architecture : 9.1.1.3. SMTP

for UNIX : (see Sendmail)

snapshots, system

13.1.5. Snapshot the System
13.4.5. Planning for Snapshots

sniffing for passwords

1.2.1.3. Information Theft
10.1.2. Packet Sniffing
10.3.1. One-Time Passwords
(see also network, taps)

SNK-004 card, TIS FWTK : 10.3.3. Challenge-Response Schemes

SNMP (Simple Network Management Protocol) : 2.10. Network Management Services

configuring : 8.12.1. Simple Network Management Protocol (SNMP)

snuffle program : 5.8.2.2. How to disable services

sockets : C.12.3. Sockets

SOCKS package

4.1.2. Proxy Services

7.6. Using SOCKS for Proxying

B.4.2. SOCKS

(see also proxy services)

functions : 7.6. Using SOCKS for Proxying

HTTP proxying on

in screened subnet architecture : 9.1.1.5. HTTP

modified finger service : 8.8.1.2. Proxying characteristics of finger

software

to automatically monitor the system : 5.9.2. Consider Writing Software to Automate Monitoring

installing on machine : 5.8.4. Reconfiguring for Production

proxying

4.1.2. Proxy Services
7.1.2.1. Proxy services lag behind nonproxied services
7.2. How Proxying Works
(see also proxy services)

router : (see routers)

viruses and : 1.4.2.4. A firewall can't protect against viruses

source address

filtering by : 6.6.1. Risks of Filtering by Source Address
forgery : 6.6.1. Risks of Filtering by Source Address

source port, filtering by : 6.7.4. Risks of Filtering by Source Port

source routing

5.8.2.5. Turning off routing
6.3.2.1. IP options

speed, processing : 5.3.2. How Fast a Machine?

spell command, UNIX : 5.8.5.3. About checksums for auditing

spies : 1.2.2.4. Spies (Industrial and Otherwise)

startup scripts : 5.8.2.1. How are services managed?

store-and-forward services : 7.5. Proxying Without a Proxy Server

subnet architecture, screened

4.2.3. Screened Subnet Architecture
9.1. Screened Subnet Architecture

subnets : C.9.2. Subnets

Sun RPC : (see RPC)

supporting Internet services : (see services, Internet)

SWATCH program

5.9.2. Consider Writing Software to Automate Monitoring
B.6.4. SWATCH

SYN (synchronize sequence numbers) bit : C.6.2. Transmission Control Protocol

syslog : 5.8.1.4. Safeguard the system logs

configuring : 8.11. syslog
example output from : 12.2.2. What Should You Watch For?
SWATCH program with : 5.9.2. Consider Writing Software to Automate Monitoring

system

autonomous : C.10. Internet Routing Architecture

crashes, watching carefully : 5.10.1. Watch Reboots Carefully

customized : 13.1.6. Restore and Recover

defense, diversity of : 3.7. Diversity of Defense

documenting after incident

13.1.5. Snapshot the System
13.4.5. Planning for Snapshots

failure of : 3.5. Fail-Safe Stance

keeping up-to-date : 12.3.2. Keeping Your Systems Up To Date

labeling and diagramming : 13.5.2. Labeling and Diagraming Your System

logging activity : (see logs)

monitoring

5.9.2. Consider Writing Software to Automate Monitoring
12.2. Monitoring Your System

operating, testing reload of : 13.5.6. Testing the Reload of the Operating System

rebuilding : 13.1.6. Restore and Recover

restoring after incident : 13.1.6. Restore and Recover

planning for : 13.4.6. Planning for Restoration and Recovery

shutting down : 13.1.2. Disconnect or Shut Down, as Appropriate

System Dynamics cards : 10.3.2. Time-based Passwords

Search | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | Y | Z