start page | rating of books | rating of authors | reviews | copyrights
Search | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | Y | Z
Index: S
- S/Key password program : 10.3.1. One-Time Passwords
- sabotage : (see denial of service)
- SAGE (System Administrators Guild) : A.5.5. System Administrators Guild (SAGE)
- SATAN package
- 12.2.4. Responding to Probes
- B.2.4. SATAN
- score keepers : 1.2.2.3. Score Keepers
- screend package
- 6.5. Conventions for Packet Filtering Rules
- B.3.1. screend
- screened host architecture
- 4.2.2. Screened Host Architecture
- 9.2. Screened Host Architecture
- screened subnet architecture
- 4.2.3. Screened Subnet Architecture
- 9.1. Screened Subnet Architecture
- with dual-homed host architecture : 4.3.8. It's OK to Use Dual-Homed Hosts and Screened Subnets
- screening routers
- 4.1.1. Packet Filtering
- 6. Packet Filtering
- (see also packets, filtering)
- acceptable addresses for : 6.5. Conventions for Packet Filtering Rules
- choosing : 6.8. Choosing a Packet Filtering Router
- configuring : 6.2. Configuring a Packet Filtering Router
- proxy systems and : 7. Proxy Systems
- rules for : 6.5. Conventions for Packet Filtering Rules
- where to use : 6.8.8. It Should Have Good Testing and Validation Capabilities
- search programs : 2.6. Other Information Services
- Secure HTTP : 8.6.4. Secure HTTP
- security
- 1.4. What Is an Internet Firewall?
- 8.1.1.1. SMTP for UNIX: Sendmail
- 8.10.4. DNS Security Problems
- (see also firewalls)
- against system failure : 3.5. Fail-Safe Stance
- audit : 5.8.5. Running a Security Audit
- of backups : 5.10. Protecting the Machine and Backups
- bastion host speed and : 5.3.2. How Fast a Machine?
- choke points
- 9.1.4.3. Choke point
- 9.2.3.3. Choke point
- of commercial authentication systems : 10.4.3. Commercial Solutions
- cryptography : 10. Authentication and Inbound Services
- default deny stance : 6.2.3. Default Permit Versus Default Deny
- default permit stance : 6.2.3. Default Permit Versus Default Deny
- defense in depth
- 9.1.4.2. Defense in depth
- 9.2.3.2. Defense in depth
- designing for network : 1.4.3. Buying Versus Building
- diversity of defense
- 3.7. Diversity of Defense
- 9.1.4.7. Diversity of defense
- 9.2.3.7. Diversity of defense
- encryption, network-level : 10.5. Network-Level Encryption
- fail-safe stance
- 9.1.4.5. Fail-safe stance
- 9.2.3.5. Fail-safe stance
- host : 1.3.3. Host Security
- important of simplicity of : 3.8. Simplicity
- incident response teams : (see incident response teams)
- incidents : (see incidents)
- insecure networks : 4.4.2. Insecure Networks
- IRC and : 8.9.2. Internet Relay Chat (IRC)
- keeping checksums secure : 13.5.3. Keeping Secured Checksums
- lack of : 1.3. How Can You Protect Your Site?
- least privilege
- 9.1.4.1. Least privilege
- 9.2.3.1. Least privilege
- legal responsibilities : 11.2.3. External Factors That Influence Security Policies
- of machine : 5.8.1. Securing the Machine
- modem pools : 10.6. Terminal Servers and Modem Pools
- netacl : 5.8.3.2. Using netacl to protect services
- network : (see network)
- operating system bugs : 5.8.1.2. Fix all known system bugs
- policies for
- 1.4.1.1. A firewall is a focus for security decisions
- 11. Security Policies
- reviewing : 11.1.1.5. Provision for reviews
- of POP : 8.1.2. Post Office Protocol (POP)
- practicing drills for : 13.5.7. Doing Drills
- protecting the network internally : 4.4. Internal Firewalls
- protocol, and proxying : 7.4.3. Protocol Security
- regarding HTTP : 8.6.3. HTTP Security Concerns
- resources for : A. Resources
- responding to incidents : 13. Responding to Security Incidents
- reviewing response strategies : 13.4.8. Periodic Review of Plans
- SNMP : 8.12.1. Simple Network Management Protocol (SNMP)
- strategies for : 3. Security Strategies
- TCP Wrapper : 5.8.3.1. Using the TCP Wrapper package to protect services
- terminal servers : 10.6. Terminal Servers and Modem Pools
- through obscurity : 1.3.2. Security Through Obscurity
- time information and : 8.13. Network Time Protocol (NTP)
- universal participation : 3.6. Universal Participation
- weakest link
- 3.4. Weakest Link
- 9.1.4.4. Weakest link
- 9.2.3.4. Weakest link
- when proxying is ineffective : 7.8.2. Proxying Won't Secure the Service
- when system crashes : 5.10.1. Watch Reboots Carefully
- with whois service : 8.8.2. whois
- X11 window system mechanisms : 8.16. X11 Window System
- Sendmail
- 2.1. Electronic Mail
- 3.1. Least Privilege
- 8.1.1.1. SMTP for UNIX: Sendmail
- (see also SMTP)
- Morris worm : 8.1. Electronic Mail
- servers
- Archie, running : 8.7.3.4. Running an Archie server
- DNS
- for internal hosts : 8.10.5.2. Set up a real DNS server on an internal system for internal hosts to use
- setting up fake : 8.10.5.1. Set up a `fake' DNS server on the bastion host for the outside world to use
- routed : 5.8.2.4. Which services should you disable?
- servers, proxy : (see proxy services)
- services host : 9.2. Screened Host Architecture
- services, inbound : (see inbound, services)
- services, Internet : 2. Internet Services
- booting : 5.8.2.4. Which services should you disable?
- configuring : 8. Configuring Internet Services
- contacting providers about incidents
- 13.1.4.3. Vendors and service providers
- 13.4.4.3. Vendors and service providers
- default deny stance : 3.5.1. Default Deny Stance: That Which Is Not Expressly Permitted Is Prohibited
- default permit stance : 3.5.2. Default Permit Stance: That Which Is Not Expressly Prohibited Is Permitted
- direct access to : 7.1.1.1. Proxy services allow users to access Internet services `directly'
- disabling those not required : 5.8.2. Disabling Nonrequired Services
- filtering by : 6.7. Filtering by Service
- information lookup services : 8.8. Information Lookup Services
- installing and modifying : 5.8.3. Installing and Modifying Services
- LAN-oriented : 5.6. Selecting Services Provided by the Bastion Host
- NFS (Network File System) : 5.8.2.4. Which services should you disable?
- protecting with TCP Wrapper : 5.8.3.1. Using the TCP Wrapper package to protect services
- proxying with : 7.4. Using Proxying with Internet Services
- "r" commands : 5.8.2.4. Which services should you disable?
- real-time conferencing : 8.9. Real-Time Conferencing Services
- RPC (Remote Procedure Call) : 5.8.2.4. Which services should you disable?
- selecting for bastion host : 5.6. Selecting Services Provided by the Bastion Host
- started by /etc/rc : 5.8.2.1. How are services managed?
- Telnet : (see Telnet)
- services, network management : (see network, management services)
- services, proxy : (see proxy services)
- services, store-and-forward : 7.5. Proxying Without a Proxy Server
- setgid capability : 5.3.1. What Operating System?
- setuid capability : 5.3.1. What Operating System?
- shell scripts : 5.8.2.1. How are services managed?
- shutting down
- 13.1.2. Disconnect or Shut Down, as Appropriate
- 13.4.3. Planning for Disconnecting or Shutting Down Machines
- Simple Mail Transfer Protocol : (see SMTP)
- Simple Network Management Protocol : (see SNMP)
- single-purpose routers : 6.8.2. It Can Be a Single-Purpose Router or a General-Purpose Computer
- smap package : 8.1.1.3. Improving SMTP security with smap and smapd
- smapd program : 8.1.1.3. Improving SMTP security with smap and smapd
- SMTP (Simple Mail Transfer Protocol)
- 2.1. Electronic Mail
- 5.6. Selecting Services Provided by the Bastion Host
- 7.5. Proxying Without a Proxy Server
- 8.1.1. Simple Mail Transfer Protocol (SMTP)
- configuring
- firewalls and : 8.1.1.6. Configuring SMTP to work with a firewall
- in screened host architecture : 9.2.1.3. SMTP
- in screened subnet architecture : 9.1.1.3. SMTP
- for UNIX : (see Sendmail)
- snapshots, system
- 13.1.5. Snapshot the System
- 13.4.5. Planning for Snapshots
- sniffing for passwords
- 1.2.1.3. Information Theft
- 10.1.2. Packet Sniffing
- 10.3.1. One-Time Passwords
- (see also network, taps)
- SNK-004 card, TIS FWTK : 10.3.3. Challenge-Response Schemes
- SNMP (Simple Network Management Protocol) : 2.10. Network Management Services
- configuring : 8.12.1. Simple Network Management Protocol (SNMP)
- snuffle program : 5.8.2.2. How to disable services
- sockets : C.12.3. Sockets
- SOCKS package
- 4.1.2. Proxy Services
- 7.6. Using SOCKS for Proxying
- B.4.2. SOCKS
- (see also proxy services)
- functions : 7.6. Using SOCKS for Proxying
- HTTP proxying on
- in screened subnet architecture : 9.1.1.5. HTTP
- modified finger service : 8.8.1.2. Proxying characteristics of finger
- software
- to automatically monitor the system : 5.9.2. Consider Writing Software to Automate Monitoring
- installing on machine : 5.8.4. Reconfiguring for Production
- proxying
- 4.1.2. Proxy Services
- 7.1.2.1. Proxy services lag behind nonproxied services
- 7.2. How Proxying Works
- (see also proxy services)
- router : (see routers)
- viruses and : 1.4.2.4. A firewall can't protect against viruses
- source address
- filtering by : 6.6.1. Risks of Filtering by Source Address
- forgery : 6.6.1. Risks of Filtering by Source Address
- source port, filtering by : 6.7.4. Risks of Filtering by Source Port
- source routing
- 5.8.2.5. Turning off routing
- 6.3.2.1. IP options
- speed, processing : 5.3.2. How Fast a Machine?
- spell command, UNIX : 5.8.5.3. About checksums for auditing
- spies : 1.2.2.4. Spies (Industrial and Otherwise)
- startup scripts : 5.8.2.1. How are services managed?
- store-and-forward services : 7.5. Proxying Without a Proxy Server
- subnet architecture, screened
- 4.2.3. Screened Subnet Architecture
- 9.1. Screened Subnet Architecture
- subnets : C.9.2. Subnets
- Sun RPC : (see RPC)
- supporting Internet services : (see services, Internet)
- SWATCH program
- 5.9.2. Consider Writing Software to Automate Monitoring
- B.6.4. SWATCH
- SYN (synchronize sequence numbers) bit : C.6.2. Transmission Control Protocol
- syslog : 5.8.1.4. Safeguard the system logs
- configuring : 8.11. syslog
- example output from : 12.2.2. What Should You Watch For?
- SWATCH program with : 5.9.2. Consider Writing Software to Automate Monitoring
- system
- autonomous : C.10. Internet Routing Architecture
- crashes, watching carefully : 5.10.1. Watch Reboots Carefully
- customized : 13.1.6. Restore and Recover
- defense, diversity of : 3.7. Diversity of Defense
- documenting after incident
- 13.1.5. Snapshot the System
- 13.4.5. Planning for Snapshots
- failure of : 3.5. Fail-Safe Stance
- keeping up-to-date : 12.3.2. Keeping Your Systems Up To Date
- labeling and diagramming : 13.5.2. Labeling and Diagraming Your System
- logging activity : (see logs)
- monitoring
- 5.9.2. Consider Writing Software to Automate Monitoring
- 12.2. Monitoring Your System
- operating, testing reload of : 13.5.6. Testing the Reload of the Operating System
- rebuilding : 13.1.6. Restore and Recover
- restoring after incident : 13.1.6. Restore and Recover
- planning for : 13.4.6. Planning for Restoration and Recovery
- shutting down : 13.1.2. Disconnect or Shut Down, as Appropriate
- System Dynamics cards : 10.3.2. Time-based Passwords
Search | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | Y | Z
Copyright © 1999 O'Reilly & Associates, Inc. All Rights Reserved.