Book Home

Building Internet FirewallsSearch this book

Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Index: S

sabotage (see denial of service attacks)
SAGE (System Administrators Guild): A.6.4. System Administrators Guild (SAGE)
Samba: 17.4.1. Samba
sandbox security model: 15.4.3. Java
SANS Institute: A.6.5. System Administration, Networking, and Security (SANS) Institute
SATAN (Security Administrator's Tool for Analyzing Networks): 11.6. Running a Security Audit
B.2.4. SATAN
sc command: 12.4.1. How Are Services Managed Under Windows NT?
scanning ports: 4.8.1. Port Scanning
SCM (Service Control Manager): 12.4.1. How Are Services Managed Under Windows NT?
scorekeepers: 1.2.2.3. Scorekeepers
screened hosts
screened subnets and: 6.5.7. It's Dangerous to Use Both Screened Subnets and Screened Hosts
architecture of: 6.2. Screened Host Architectures
screened subnet, architecture of[: 6.3. Screened Subnet Architectures
screened subnets
screened hosts and: 6.5.7. It's Dangerous to Use Both Screened Subnets and Screened Hosts
architecture of: 6.3. Screened Subnet Architectures
24.1. Screened Subnet Architecture
screening routers: 4.1. What Does a Packet Look Like?
4.1. What Does a Packet Look Like?
5.2. Packet Filtering
6.1.1. Screening Router
acceptable addresses for: 8.5. Conventions for Packet Filtering Rules
choosing: 8.8. Choosing a Packet Filtering Router
configuring: 8.2. Configuring a Packet Filtering Router
proxy systems: 9. Proxy Systems
rules for: 8.5. Conventions for Packet Filtering Rules
where to use: 8.10. Where to Do Packet Filtering
Secure HTTP: 15.3.6. Securing HTTP
Secure RPC: 14.1.1. Sun RPC Authentication
secure shell (see SSH)
Secure Socket Layer (see SSL)
security (see rewalls also rewalls)
(see also rewalls)
of BSD r commands: 18.2.1. BSD "r" Commands
on Unix/Linux: 18.2.1. BSD "r" Commands
on Windows: 18.2.1.1. BSD "r" commands under Windows NT
of computer games: 23.2. Games
of database protocols: 23.1.1. Locating Database Servers
of email: 16.1.1. Keeping Mail Secret
of FTP: 17.1.4. Providing Anonymous FTP Service
of ICMP: 22.4. ICMP and Network Diagnostics
of Java: 15.4.3. Java
of JavaScript: 15.4.1. JavaScript
of lpr and lp printing systems: 17.6.1. lpr and lp
of Net8: 23.1.3.1. Security implications of SQL*Net and Net8
of NetBT name service: 20.3.6. Security Implications of NetBT Name Service and WINS
of NIS: 20.2. Network Information Service (NIS)
of NNTP: 16.9. Network News Transfer Protocol (NNTP)
of passwords: 21.2. Passwords
of PostScript printers: 17.6. Printing Protocols
of programs
indicators of: 13.5.3. Real Indicators of Security
evaluating: 13.5. Choosing Security-Critical Programs
of protocols: C.4. What Makes a Protocol Secure?
proxying and: 13.4.5. Protocol Security
of push technologies: 15.6. Push Technologies
of rdist: 22.6.1. rdist
of remote graphical interfaces
on Windows operating systems: 18.3.2. Remote Graphic Interfaces for Microsoft Operating Systems
of routing protocols: 22.2. Routing Protocols
of Sendmail: 16.2.7. Sendmail
of SQL*Net: 23.1.3.1. Security implications of SQL*Net and Net8
of SSH: 18.2.5.1. What makes SSH secure?
of VBScript: 15.4.2. VBScript
of Windows Browser: 20.4.4. Security Implications of the Windows Browser
of WINS: 20.3.6. Security Implications of NetBT Name Service and WINS
of X Window System: 18.3.1. X11 Window System
ActiveX and: 15.4.4. ActiveX
against system failure: 3.5. Fail-Safe Stance
audit: 10.10.7. Running a Security Audit
on Unix: 11.6. Running a Security Audit
of backups: 10.12. Protecting the Machine and Backups
bastion host speed and: 10.3.2. How Fast a Machine?
books on: A.9. Books
of checksums: 27.5.3. Keeping Secured Checksums
choke points: 24.1.4.3. Choke point
24.2.4.3. Choke point
default deny stance: 8.2.3. Default Permit Versus Default Deny
default permit stance: 8.2.3. Default Permit Versus Default Deny
defense in depth: 24.1.4.2. Defense in depth
24.2.4.2. Defense in depth
designing for network: 1.6.1. Buying Versus Building
diversity of defense: 3.7. Diversity of Defense
24.1.4.7. Diversity of defense
24.2.4.7. Diversity of defense
of DNS: 20.1.4. DNS Security Problems
drills for, practicing: 27.5.7. Doing Drills
fail-safe stance: 24.1.4.5. Fail-safe stance
24.2.4.5. Fail-safe stance
host: 1.4.3. Host Security
of HTTP: 15.1. HTTP Server Security
incident response teams (see incident response teams)
incidents (see incidents)
of IRC: 19.1. Internet Relay Chat (IRC)
lack of: 1.4. How Can You Protect Your Site?
least privilege: 24.1.4.1. Least privilege
24.2.4.1. Least privilege
legal responsibilities: 25.2.3. External Factors That Influence Security Policies
of machine: 10.9. Securing the Machine
Unix/Linux: 11.2.1. Setting Up System Logs on Unix
Windows NT: 12.3.1. Setting Up System Logs Under Windows NT
models: 1.4.2. Security Through Obscurity
modem pools: 6.6. Terminal Servers and Modem Pools
netacl: 11.4.1.2. Using netacl to protect services
networks
insecure: 6.7.2. Insecure Networks
protecting: 6.7. Internal Firewalls
operating system bugs: 10.9.2. Fix All Known System Bugs
policies for: 1.5.1.1. A firewall is a focus for security decisions
25. Security Policies
reviewing: 25.1.1.6. Provision for reviews
of POP: 16.6. Post Office Protocol (POP)
resources for: A. Resources
sandbox model: 15.4.3. Java
simplicity of: 3.8. Simplicity
of SNMP: 22.1.2. Simple Network Management Protocol (SNMP)
strategies for: 3. Security Strategies
TCP Wrapper: 11.4.1. Using the TCP Wrapper Package to Protect Services
terminal servers: 6.6. Terminal Servers and Modem Pools
time information and: 22.5. Network Time Protocol (NTP)
universal participation: 3.6. Universal Participation
24.1.4.6. Universal participation
24.2.4.6. Universal participation
weakest link: 3.4. Weakest Link
24.1.4.4. Weakest link
24.2.4.4. Weakest link
when proxying is ineffective: 9.8.2. Proxying Won't Secure the Service
when system crashes: 10.12.1. Watch Reboots Carefully
of whois service: 20.7.2. whois
zones, Internet Exporer and: 15.2.5. Internet Explorer and Security Zones
security manager (Java): 15.4.3. Java
self-decrypting archives: 16.1.1. Keeping Mail Secret
Sendmail: 2.3.1. Electronic Mail
2.3.1. Electronic Mail
3.1. Least Privilege
16.2.7. Sendmail
Morris worm: 13.2.2. What Data Does the Protocol Transfer?
13.2.3.1. Does it have any other commands in it?
server
AAA: 21. Authentication and Auditing Services
caching: 15.3.4. Proxying Characteristics of HTTP
15.5. Cache Communication Protocols
database, locating: 23.1.1. Locating Database Servers
DNS
for internal hosts: 20.1.5.2. Set up a real DNS server on an internal system for internal hosts to use
setting up fake: 20.1.5.1. Set up a "fake" DNS server on the bastion host for the outside world to use
FTP, preventing attacks from: 17.1.4.3. Preventing people from using your server to attack other machines
HTTP: 15.3.2. Special HTTP Servers
security of: 15.1. HTTP Server Security
KDC: 21.5.1. How It Works
mail, evaluating: 16.1.2.1. Junk mail
proxy (see proxy services)
routed: 11.3.4.5. routed
SMB authentication: 21.6.4. SMB Authentication
SMTP
for Windows NT: 16.2.13. SMTP Servers for Windows NT
commercial: 16.2.9. Commercial SMTP Servers for Unix
freely available: 16.2.8. Other Freely Available SMTP Servers for Unix
SSH, authentication: 18.2.5.2. SSH server authentication
TIS FWTK authentication: 21.4.1. The TIS FWTK Authentication Server
web: 2.2.2. Web Server Security Issues
Windows Browser: 20.4. The Windows Browser
WINS, communication among: 20.3.4. WINS Server-Server Communication
wuarchive: 17.1.4.4. Using the wuarchive FTP daemon
Server Message Block (SMB) (see SMB)
Service Control Manager (see SCM)
service packs, services and: 12.5. Installing and Modifying Services
services: 13. Internet Services and Firewalls
booting, on Unix: 11.3.4.3. Booting services
fir commands: 11.3.4.4. BSD "r" command services
started by /etc/rc: 11.3.1.1. Services started by /etc/rc files or directories
biff: 16.2.11. biff
contacting providers about incidents: 27.1.5.3. Vendors and service providers
27.4.4.3. Vendors and service providers
disabling those not required: 10.10. Disabling Nonrequired Services
on Unix/Linux: 11.3.2. Disabling Services Under Unix
11.3.4. Specific Unix Services to Disable
on Windows NT: 12.4.2. How to Disable Services Under Windows NT
12.4.5. Specific Windows NT Services to Disable
essential
on Unix/Linux: 11.3.3. Which Services Should You Leave Enabled?
on Windows NT: 12.4.4. Which Services Should You Leave Enabled?
evaluating risks of: 13.2.1. What Operations Does the Protocol Allow?
information lookup: 20.7. Information Lookup Services
installing and modifying: 10.10.5. Installing and Modifying Services
on Windows NT: 12.5. Installing and Modifying Services
on Unix/Linux: 11.4. Installing and Modifying Services
LAN-oriented: 10.6. Selecting Services Provided by a Bastion Host
management of, on Unix/Linux: 11.3.1. How Are Services Managed Under Unix?
network management (see network, management services)
protecting with TCP Wrapper: 11.4.1. Using the TCP Wrapper Package to Protect Services
proxy (see proxy services)
real-time conferencing: 19. Real-Time Conferencing Services
registry keys for: 12.4.1.1. Registry keys
selecting for bastion host: 10.6. Selecting Services Provided by a Bastion Host
Windows NT: 12.4.1. How Are Services Managed Under Windows NT?
setgid/setuid capabilities: 11. Unix and Linux Bastion Hosts
sharing files: 2.4. File Transfer, File Sharing, and Printing
2.4.2. File Sharing
17.3. Network File System (NFS)
on Microsoft networks: 17.4. File Sharing for Microsoft Networks
SHA/SHA-1 algorithms: C.5.3. Cryptographic Hashes and Message Digests
shell scripts: 11.3.1.1. Services started by /etc/rc files or directories
shutting down systems: 27.1.3. Disconnect or Shut Down, as Appropriate
27.4.3. Planning for Disconnecting or Shutting Down Machines
Simple Mail Transfer Protocol (see SMTP)
Simple Network Management Protocol (see SNMP)
Simple Public Key Infrastructure (SPKI): C.3.2. Certificates
Simple TCP/IP printing services, disabling: 12.4.5. Specific Windows NT Services to Disable
single-purpose routers: 8.8.2. It Can Be a Single-Purpose Router or a General-Purpose Computer
S/Key password program: 21.3.1. One-Time Password Software
Skipjack algorithm: C.5.1. Encryption Algorithms
smail program: 16.2.8.1. smail
smap/smapd programs: 16.2.8.2. Postfix
16.2.10. Improving SMTP Security with smap and smapd
Smart Card service: 12.4.4. Which Services Should You Leave Enabled?
SMB (Server Message Block): 14.4. Common Internet File System (CIFS) and Server Message Block (SMB)
14.4. Common Internet File System (CIFS) and Server Message Block (SMB)
17.4. File Sharing for Microsoft Networks
authentication: 14.4.1. Authentication and SMB
21.6.4. SMB Authentication
S/MIME: 16.1.4. S/MIME and OpenPGP
SMS (System Management Server): 22.1.3. System Management Server (SMS)
SMTP (Simple Mail Transfer Protocol): 2.3.1. Electronic Mail
10.6. Selecting Services Provided by a Bastion Host
16.2. Simple Mail Transfer Protocol (SMTP)
configuring: 24.2.1.2. SMTP
firewalls and: 16.2.6. Configuring SMTP to Work with a Firewall
in screened subnet architecture: 24.1.1.2. SMTP
proxying: 9.4. Proxying Without a Proxy Server
servers
for Windows NT: 16.2.13. SMTP Servers for Windows NT
commercial: 16.2.9. Commercial SMTP Servers for Unix
freely available: 16.2.8. Other Freely Available SMTP Servers for Unix
for Unix (see Sendmail)
snapshots, system: 27.1.6. Snapshot the System
planning for: 27.4.5. Planning for Snapshots
sniffers: 1.2.1.3. Information theft
13.1.6. Packet Sniffing
protecting against: 13.1.10. Protecting Services
sniffing for passwords: 21.3.1. One-Time Password Software
SNMP (Simple Network Management Protocol): 2.9.1. System Management
22.1.2. Simple Network Management Protocol (SNMP)
disabling, on Windows NT: 12.4.5. Specific Windows NT Services to Disable
snuffie program: 10.10.1.1. Next steps after disabling services
social manipulation attacks: 2.3.1. Electronic Mail
SOCKS package: 5.3. Proxy Services
9.5. Using SOCKS for Proxying
B.4.2. SOCKS
functions: 9.5.4. Converting Clients to Use SOCKS
HTTP proxying on, in screened subnet architecture: 24.1.1.1. HTTP and HTTPS
modified finger service: 20.7.1.2. Proxying characteristics of finger
proxy system for ping: 22.4.1.2. Proxying characteristics of ping
versions: 9.5.1. Versions of SOCKS
software
installing on machine: 10.10.6. Reconfiguring for Production
11.5. Reconfiguring for Production
proxying: 5.3. Proxy Services
5.3.2.1. Proxy services lag behind nonproxied services
5.3.2.1. Proxy services lag behind nonproxied services
9.2. How Proxying Works
routers (see routers)
system monitoring: 10.11.2. Consider Using Software to Automate Monitoring
viruses: 1.5.2.4. A firewall can't fully protect against viruses
source address
filtering by: 8.6.1. Risks of Filtering by Source Address
forgery: 8.6.1. Risks of Filtering by Source Address
source port, filtering by: 8.7.4. Risks of Filtering by Source Port
source routing: 10.10.3. Turning Off Routing
option, IP: 4.2.2. IP Options
spam: 16.1.2.1. Junk mail
speed, processing: 10.3.2. How Fast a Machine?
spell command, Unix: 11.6. Running a Security Audit
spies: 1.2.2.4. Spies (industrial and otherwise)
SPKI (Simple Public Key Infrastructure): C.3.2. Certificates
split-screened subnets, architecture of: 6.4.1. Split-Screened Subnet
Spooler service: 12.4.4. Which Services Should You Leave Enabled?
SQL Server: 23.1.6. Microsoft SQL Server
SQL*Net: 23.1.3. Oracle SQL*Net and Net8
SSH (secure shell): 18.2.5. Secure Shell (SSH)
configuring, in screened subnet architecture: 24.1.1.4. SSH
security of: 18.2.5.1. What makes SSH secure?
X Window System, support for: 18.2.5.7. Remote X11 Window System support
SSL (Secure Socket Layer): 14.7. Transport Layer Security (TLS) and Secure Socket Layer (SSL)
email and: 16.2.2. TLS/SSL, SSMTP, and STARTTLS
SSMTP: 16.2.2. TLS/SSL, SSMTP, and STARTTLS
Start registry key: 12.4.1.1. Registry keys
STARTTLS: 16.2.2. TLS/SSL, SSMTP, and STARTTLS
startup scripts: 11.3.1.1. Services started by /etc/rc files or directories
statd: 17.3.4. File Locking with NFS
Subkeys registry key: 12.4.1.1. Registry keys
subnet architecture, screened: 6.3. Screened Subnet Architectures
24.1. Screened Subnet Architecture
Sun RPC: 14.1. Remote Procedure Call (RPC)
14.1. Remote Procedure Call (RPC)
authentication: 14.1.1. Sun RPC Authentication
swap process: 11.3.3. Which Services Should You Leave Enabled?
Sybase: 23.1.5. Sybase
syslog protocol: 22.1.1. syslog
daemons: 11.2.1. Setting Up System Logs on Unix
example output from: 26.2.3. What Should You Watch For?
syslogd process: 11.3.3. Which Services Should You Leave Enabled?
system
crashes, watching carefully: 10.12.1. Watch Reboots Carefully
cryptographic, components of: C.2. Key Components of Cryptographic Systems
customized: 27.1.7. Restore and Recover
defense, diversity of: 3.7. Diversity of Defense
documenting after incident: 27.1.6. Snapshot the System
27.4.5. Planning for Snapshots
failure of: 3.5. Fail-Safe Stance
keeping up-to-date: 26.3.2. Keeping Your Systems up to Date
labeling and diagramming: 27.5.2. Labeling and Diagramming Your System
logs (see logs)
monitoring: 10.11.2. Consider Using Software to Automate Monitoring
26.2. Monitoring Your System
operating, testing reload of: 27.5.6. Testing the Reload of the Operating System
rebuilding: 27.1.7. Restore and Recover
restoring after incident: 27.1.7. Restore and Recover
planning for: 27.4.6. Planning for Restoration and Recovery
shutting down: 27.1.3. Disconnect or Shut Down, as Appropriate
System Management Server (SMS): 22.1.3. System Management Server (SMS)


Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z


Library Navigation Links

Copyright © 2002 O'Reilly & Associates, Inc. All Rights Reserved.