Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Index: S

sabotage (see denial of service attacks)
SAGE (System Administrators Guild): System Administrators Guild (SAGE)
Samba: Samba
sandbox security model: Java
SANS Institute: System Administration, Networking, and Security (SANS) Institute
SATAN (Security Administrator's Tool for Analyzing Networks): Running a Security Audit
- SATAN
sc command: How Are Services Managed Under Windows?
scanning ports: Port Scanning
SCM (Service Control Manager): How Are Services Managed Under Windows?
scorekeepers: Scorekeepers
screened hosts
- screened subnets and: It's Dangerous to Use Both Screened Subnets and Screened Hosts
- architecture of: Screened Host Architectures
screened subnet, architecture of[: Screened Subnet Architectures
screened subnets
- screened hosts and: It's Dangerous to Use Both Screened Subnets and Screened Hosts
- architecture of: Screened Subnet Architectures
- - Screened Subnet Architecture
screening routers: What Does a Packet Look Like?
- What Does a Packet Look Like?
- Packet Filtering
- Screening Router
- acceptable addresses for: Conventions for Packet Filtering Rules
- choosing: Choosing a Packet Filtering Router
- configuring: Configuring a Packet Filtering Router
- proxy systems: Proxy Systems
- rules for: Conventions for Packet Filtering Rules
- where to use: Where to Do Packet Filtering
Secure HTTP: Securing HTTP
Secure RPC: Sun RPC Authentication
secure shell (see SSH)
Secure Socket Layer (see SSL)
security (see rewalls also rewalls)
- (see also rewalls)
- of BSD r commands: BSD "r" Commands
- - on Unix/Linux: BSD "r" Commands
  - on Windows: BSD "r" commands under Windows
- of computer games: Games
- of database protocols: Locating Database Servers
- of email: Keeping Mail Secret
- of FTP: Providing Anonymous FTP Service
- of ICMP: ICMP and Network Diagnostics
- of Java: Java
- of JavaScript: JavaScript
- of lpr and lp printing systems: lpr and lp
- of Net8: Security implications of SQL*Net and Net8
- of NetBT name service: Security Implications of NetBT Name Service and WINS
- of NIS: Network Information Service (NIS)
- of NNTP: Network News Transfer Protocol (NNTP)
- of passwords: Passwords
- of PostScript printers: Printing Protocols
- of programs
- - indicators of: Real Indicators of Security
  - evaluating: Choosing Security-Critical Programs
- of protocols: What Makes a Protocol Secure?
- - proxying and: Protocol Security
- of push technologies: Push Technologies
- of rdist: rdist
- of remote graphical interfaces
- - on Windows operating systems: Remote Graphic Interfaces for Microsoft Operating Systems
- of routing protocols: Routing Protocols
- of Sendmail: Sendmail
- of SQL*Net: Security implications of SQL*Net and Net8
- of SSH: What makes SSH secure?
- of VBScript: VBScript
- of Windows Browser: Security Implications of the Windows Browser
- of WINS: Security Implications of NetBT Name Service and WINS
- of X Window System: Window System
- ActiveX and: ActiveX
- against system failure: Fail-Safe Stance
- audit: Running a Security Audit
- - on Unix: Running a Security Audit
- of backups: Protecting the Machine and Backups
- bastion host speed and: How Fast a Machine?
- tutorials on: Books
- of checksums: Keeping Secured Checksums
- choke points: Choke point
- - Choke point
- default deny stance: Default Permit Versus Default Deny
- default permit stance: Default Permit Versus Default Deny
- defense in depth: Defense in depth
- - Defense in depth
- designing for network: Buying Versus Building
- diversity of defense: Diversity of Defense
- - Diversity of defense
  - Diversity of defense
- of DNS: DNS Security Problems
- drills for, practicing: Doing Drills
- fail-safe stance: Fail-safe stance
- - Fail-safe stance
- host: Host Security
- of HTTP: HTTP Server Security
- incident response teams (see incident response teams)
- incidents (see incidents)
- of IRC: Internet Relay Chat (IRC)
- lack of: How Can You Protect Your Site?
- least privilege: Least privilege
- - Least privilege
- legal responsibilities: External Factors That Influence Security Policies
- of machine: Securing the Machine
- - Unix/Linux: Setting Up System Logs on Unix
  - Windows: Setting Up System Logs Under Windows
- models: Security Through Obscurity
- modem pools: Terminal Servers and Modem Pools
- netacl: Using netacl to protect services
- networks
- - insecure: Insecure Networks
  - protecting: Internal Firewalls
- operating system bugs: Fix All Known System Bugs
- policies for: firewall is a focus for security decisions
- - Security Policies
  - reviewing: Provision for reviews
- of POP: Post Office Protocol (POP)
- resources for: Resources
- sandbox model: Java
- simplicity of: Simplicity
- of SNMP: Simple Network Management Protocol (SNMP)
- strategies for: Security Strategies
- TCP Wrapper: Using the TCP Wrapper Package to Protect Services
- terminal servers: Terminal Servers and Modem Pools
- time information and: Network Time Protocol (NTP)
- universal participation: Universal Participation
- - Universal participation
  - Universal participation
- weakest link: Weakest Link
- - Weakest link
  - Weakest link
- when proxying is ineffective: Proxying Won't Secure the Service
- when system crashes: Watch Reboots Carefully
- of whois service: whois
- zones, Internet Exporer and: Internet Explorer and Security Zones
security manager (Java): Java
self-decrypting archives: Keeping Mail Secret
Sendmail: Electronic Mail
- Electronic Mail
- Least Privilege
- Sendmail
- Morris worm: What Data Does the Protocol Transfer?
- - Does it have any other commands in it?
server
- AAA: Authentication and Auditing Services
- caching: Proxying Characteristics of HTTP
- - Cache Communication Protocols
- database, locating: Locating Database Servers
- DNS
- - for internal hosts: Set up a real DNS server on an internal system for internal hosts to use
  - setting up fake: Set up a "fake" DNS server on the bastion host for the outside world to use
- FTP, preventing attacks from: Preventing people from using your server to attack other machines
- HTTP: Special HTTP Servers
- - security of: HTTP Server Security
- KDC: How It Works
- mail, evaluating: Junk mail
- proxy (see proxy services)
- routed: routed
- SMB authentication: SMB Authentication
- SMTP
- - for Windows: SMTP Servers for Windows
  - commercial: Commercial SMTP Servers for Unix
  - freely available: Other Freely Available SMTP Servers for Unix
- SSH, authentication: SSH server authentication
- TIS FWTK authentication: The TIS FWTK Authentication Server
- web: Web Server Security Issues
- Windows Browser: The Windows Browser
- WINS, communication among: WINS Server-Server Communication
- wuarchive: Using the wuarchive FTP daemon
Server Message Block (SMB) (see SMB)
Service Control Manager (see SCM)
service packs, services and: Installing and Modifying Services
services: Internet Services and Firewalls
- booting, on Unix: Booting services
- fir commands: BSD "r" command services
- started by /etc/rc: Services started by /etc/rc files or directories
- biff: biff
- contacting providers about incidents: Vendors and service providers
- - Vendors and service providers
- disabling those not required: Disabling Nonrequired Services
- - on Unix/Linux: Disabling Services Under Unix
  - - Specific Unix Services to Disable
  - on Windows: How to Disable Services Under Windows
  - - Specific Windows Services to Disable
- essential
- - on Unix/Linux: Which Services Should You Leave Enabled?
  - on Windows: Which Services Should You Leave Enabled?
- evaluating risks of: What Operations Does the Protocol Allow?
- information lookup: Information Lookup Services
- installing and modifying: Installing and Modifying Services
- - on Windows: Installing and Modifying Services
  - on Unix/Linux: Installing and Modifying Services
- LAN-oriented: Selecting Services Provided by a Bastion Host
- management of, on Unix/Linux: How Are Services Managed Under Unix?
- network management (see network, management services)
- protecting with TCP Wrapper: Using the TCP Wrapper Package to Protect Services
- proxy (see proxy services)
- real-time conferencing: Real-Time Conferencing Services
- registry keys for: Registry keys
- selecting for bastion host: Selecting Services Provided by a Bastion Host
- Windows: How Are Services Managed Under Windows?
setgid/setuid capabilities: Unix and Linux Bastion Hosts
sharing files: File Transfer, File Sharing, and Printing
- File Sharing
- Network File System (NFS)
- on Microsoft networks: File Sharing for Microsoft Networks
SHA/SHA-1 algorithms: Cryptographic Hashes and Message Digests
shell scripts: Services started by /etc/rc files or directories
shutting down systems: Disconnect or Shut Down, as Appropriate
- Planning for Disconnecting or Shutting Down Machines
Simple Mail Transfer Protocol (see SMTP)
Simple Network Management Protocol (see SNMP)
Simple Public Key Infrastructure (SPKI): Certificates
Simple TCP/IP printing services, disabling: Specific Windows Services to Disable
single-purpose routers: It Can Be a Single-Purpose Router or a General-Purpose Computer
S/Key password program: One-Time Password Software
Skipjack algorithm: Encryption Algorithms
smail program: smail
smap/smapd programs: Postfix
- Improving SMTP Security with smap and smapd
Smart Card service: Which Services Should You Leave Enabled?
SMB (Server Message Block): Common Internet File System (CIFS) and Server Message Block (SMB)
- Common Internet File System (CIFS) and Server Message Block (SMB)
- File Sharing for Microsoft Networks
- authentication: Authentication and SMB
- - SMB Authentication
S/MIME: S/MIME and OpenPGP
SMS (System Management Server): System Management Server (SMS)
SMTP (Simple Mail Transfer Protocol): Electronic Mail
- Selecting Services Provided by a Bastion Host
- Simple Mail Transfer Protocol (SMTP)
- configuring: SMTP
- - firewalls and: Configuring SMTP to Work with a Firewall
  - in screened subnet architecture: SMTP
- proxying: Proxying Without a Proxy Server
- servers
- - for Windows: SMTP Servers for Windows
  - commercial: Commercial SMTP Servers for Unix
  - freely available: Other Freely Available SMTP Servers for Unix
- for Unix (see Sendmail)
snapshots, system: Snapshot the System
- planning for: Planning for Snapshots
sniffers: Information theft
- Packet Sniffing
- protecting against: Protecting Services
sniffing for passwords: One-Time Password Software
SNMP (Simple Network Management Protocol): System Management
- Simple Network Management Protocol (SNMP)
- disabling, on Windows: Specific Windows Services to Disable
snuffie program: Next steps after disabling services
social manipulation attacks: Electronic Mail
SOCKS package: Proxy Services
- Using SOCKS for Proxying
- SOCKS
- functions: Converting Clients to Use SOCKS
- HTTP proxying on, in screened subnet architecture: HTTP and HTTPS
- modified finger service: Proxying characteristics of finger
- proxy system for ping: Proxying characteristics of ping
- versions: Versions of SOCKS
software
- installing on machine: Reconfiguring for Production
- - Reconfiguring for Production
- proxying: Proxy Services
- routers (see routers)
- system monitoring: Consider Using Software to Automate Monitoring
- viruses: firewall can't fully protect against viruses
source address
- filtering by: Risks of Filtering by Source Address
- forgery: Risks of Filtering by Source Address
source port, filtering by: Risks of Filtering by Source Port
source routing: Turning Off Routing
- option, IP: IP Options
spam: Junk mail
speed, processing: How Fast a Machine?
spell command, Unix: Running a Security Audit
spies: Spies (industrial and otherwise)
SPKI (Simple Public Key Infrastructure): Certificates
split-screened subnets, architecture of: Split-Screened Subnet
Spooler service: Which Services Should You Leave Enabled?
SQL Server: Microsoft SQL Server
SQL*Net: Oracle SQL*Net and Net8
SSH (secure shell): Secure Shell (SSH)
- configuring, in screened subnet architecture: SSH
- security of: What makes SSH secure?
- X Window System, support for: Remote X11 Window System support
SSL (Secure Socket Layer): Transport Layer Security (TLS) and Secure Socket Layer (SSL)
- email and: TLS/SSL, SSMTP, and STARTTLS
SSMTP: TLS/SSL, SSMTP, and STARTTLS
Start registry key: Registry keys
STARTTLS: TLS/SSL, SSMTP, and STARTTLS
startup scripts: Services started by /etc/rc files or directories
statd: File Locking with NFS
Subkeys registry key: Registry keys
subnet architecture, screened: Screened Subnet Architectures
- Screened Subnet Architecture
Sun RPC: Remote Procedure Call (RPC)
- Remote Procedure Call (RPC)
- authentication: Sun RPC Authentication
swap process: Which Services Should You Leave Enabled?
Sybase: Sybase
syslog protocol: syslog
- daemons: Setting Up System Logs on Unix
- example output from: What Should You Watch For?
syslogd process: Which Services Should You Leave Enabled?
system
- crashes, watching carefully: Watch Reboots Carefully
- cryptographic, components of: Key Components of Cryptographic Systems
- customized: Restore and Recover
- defense, diversity of: Diversity of Defense
- documenting after incident: Snapshot the System
- - Planning for Snapshots
- failure of: Fail-Safe Stance
- keeping up-to-date: Keeping Your Systems up to Date
- labeling and diagramming: Labeling and Diagramming Your System
- logs (see logs)
- monitoring: Consider Using Software to Automate Monitoring
- - Monitoring Your System
- operating, testing reload of: Testing the Reload of the Operating System
- rebuilding: Restore and Recover
- restoring after incident: Restore and Recover
- - planning for: Planning for Restoration and Recovery
- shutting down: Disconnect or Shut Down, as Appropriate
System Management Server (SMS): System Management Server (SMS)

Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z