Search | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | Y | Z

Index: S

S/Key password program : One-Time Passwords
sabotage : (see denial of service)
SAGE (System Administrators Guild) : System Administrators Guild (SAGE)
SATAN package
- Responding to Probes
- SATAN
score keepers : Score Keepers
screend package
- Conventions for Packet Filtering Rules
- screend
screened host architecture
- Screened Host Architecture
- Screened Host Architecture
screened subnet architecture
- Screened Subnet Architecture
- Screened Subnet Architecture
- with dual-homed host architecture : It's OK to Use Dual-Homed Hosts and Screened Subnets
screening routers
- Packet Filtering
- Packet Filtering
- (see also packets, filtering)
- acceptable addresses for : Conventions for Packet Filtering Rules
- choosing : Choosing a Packet Filtering Router
- configuring : Configuring a Packet Filtering Router
- proxy systems and : Proxy Systems
- rules for : Conventions for Packet Filtering Rules
- where to use : It Should Have Good Testing and Validation Capabilities
search programs : Other Information Services
Secure HTTP : Secure HTTP
security
- What Is an Internet Firewall?
- SMTP for UNIX: Sendmail
- DNS Security Problems
- (see also firewalls)
- against system failure : Fail-Safe Stance
- audit : Running a Security Audit
- of backups : Protecting the Machine and Backups
- bastion host speed and : How Fast a Machine?
- choke points
- - Choke point
  - Choke point
- of commercial authentication systems : Commercial Solutions
- cryptography : Authentication and Inbound Services
- default deny stance : Default Permit Versus Default Deny
- default permit stance : Default Permit Versus Default Deny
- defense in depth
- - Defense in depth
  - Defense in depth
- designing for network : Buying Versus Building
- diversity of defense
- - Diversity of Defense
  - Diversity of defense
  - Diversity of defense
- encryption, network-level : Network-Level Encryption
- fail-safe stance
- - Fail-safe stance
  - Fail-safe stance
- host : Host Security
- important of simplicity of : Simplicity
- incident response teams : (see incident response teams)
- incidents : (see incidents)
- insecure networks : Insecure Networks
- IRC and : Internet Relay Chat (IRC)
- keeping checksums secure : Keeping Secured Checksums
- lack of : How Can You Protect Your Site?
- least privilege
- - Least privilege
  - Least privilege
- legal responsibilities : External Factors That Influence Security Policies
- of machine : Securing the Machine
- modem pools : Terminal Servers and Modem Pools
- netacl : Using netacl to protect services
- network : (see network)
- operating system bugs : Fix all known system bugs
- policies for
- - firewall is a focus for security decisions
  - Security Policies
  - reviewing : Provision for reviews
- of POP : Post Office Protocol (POP)
- practicing drills for : Doing Drills
- protecting the network internally : Internal Firewalls
- protocol, and proxying : Protocol Security
- regarding HTTP : HTTP Security Concerns
- resources for : Resources
- responding to incidents : Responding to Security Incidents
- reviewing response strategies : Periodic Review of Plans
- SNMP : Simple Network Management Protocol (SNMP)
- strategies for : Security Strategies
- TCP Wrapper : Using the TCP Wrapper package to protect services
- terminal servers : Terminal Servers and Modem Pools
- through obscurity : Security Through Obscurity
- time information and : Network Time Protocol (NTP)
- universal participation : Universal Participation
- weakest link
- - Weakest Link
  - Weakest link
  - Weakest link
- when proxying is ineffective : Proxying Won't Secure the Service
- when system crashes : Watch Reboots Carefully
- with whois service : whois
- X11 window system mechanisms : Window System
Sendmail
- Electronic Mail
- Least Privilege
- SMTP for UNIX: Sendmail
- (see also SMTP)
- Morris worm : Electronic Mail
servers
- Archie, running : Running an Archie server
- DNS
- - for internal hosts : Set up a real DNS server on an internal system for internal hosts to use
  - setting up fake : Set up a `fake' DNS server on the bastion host for the outside world to use
- routed : Which services should you disable?
servers, proxy : (see proxy services)
services host : Screened Host Architecture
services, inbound : (see inbound, services)
services, Internet : Internet Services
- booting : Which services should you disable?
- configuring : Configuring Internet Services
- contacting providers about incidents
- - Vendors and service providers
  - Vendors and service providers
- default deny stance : Default Deny Stance: That Which Is Not Expressly Permitted Is Prohibited
- default permit stance : Default Permit Stance: That Which Is Not Expressly Prohibited Is Permitted
- direct access to : Proxy services allow users to access Internet services `directly'
- disabling those not required : Disabling Nonrequired Services
- filtering by : Filtering by Service
- information lookup services : Information Lookup Services
- installing and modifying : Installing and Modifying Services
- LAN-oriented : Selecting Services Provided by the Bastion Host
- NFS (Network File System) : Which services should you disable?
- protecting with TCP Wrapper : Using the TCP Wrapper package to protect services
- proxying with : Using Proxying with Internet Services
- "r" commands : Which services should you disable?
- real-time conferencing : Real-Time Conferencing Services
- RPC (Remote Procedure Call) : Which services should you disable?
- selecting for bastion host : Selecting Services Provided by the Bastion Host
- started by /etc/rc : How are services managed?
- Telnet : (see Telnet)
services, network management : (see network, management services)
services, proxy : (see proxy services)
services, store-and-forward : Proxying Without a Proxy Server
setgid capability : What Operating System?
setuid capability : What Operating System?
shell scripts : How are services managed?
shutting down
- Disconnect or Shut Down, as Appropriate
- Planning for Disconnecting or Shutting Down Machines
Simple Mail Transfer Protocol : (see SMTP)
Simple Network Management Protocol : (see SNMP)
single-purpose routers : It Can Be a Single-Purpose Router or a General-Purpose Computer
smap package : Improving SMTP security with smap and smapd
smapd program : Improving SMTP security with smap and smapd
SMTP (Simple Mail Transfer Protocol)
- Electronic Mail
- Selecting Services Provided by the Bastion Host
- Proxying Without a Proxy Server
- Simple Mail Transfer Protocol (SMTP)
- configuring
- - firewalls and : Configuring SMTP to work with a firewall
  - in screened host architecture : SMTP
  - in screened subnet architecture : SMTP
- for UNIX : (see Sendmail)
snapshots, system
- Snapshot the System
- Planning for Snapshots
sniffing for passwords
- Information Theft
- Packet Sniffing
- One-Time Passwords
- (see also network, taps)
SNK-004 card, TIS FWTK : Challenge-Response Schemes
SNMP (Simple Network Management Protocol) : Network Management Services
- configuring : Simple Network Management Protocol (SNMP)
snuffle program : How to disable services
sockets : Sockets
SOCKS package
- Proxy Services
- Using SOCKS for Proxying
- SOCKS
- (see also proxy services)
- functions : Using SOCKS for Proxying
- HTTP proxying on
- - in screened subnet architecture : HTTP
- modified finger service : Proxying characteristics of finger
software
- to automatically monitor the system : Consider Writing Software to Automate Monitoring
- installing on machine : Reconfiguring for Production
- proxying
- router : (see routers)
- viruses and : firewall can't protect against viruses
source address
- filtering by : Risks of Filtering by Source Address
- forgery : Risks of Filtering by Source Address
source port, filtering by : Risks of Filtering by Source Port
source routing
- Turning off routing
- IP options
speed, processing : How Fast a Machine?
spell command, UNIX : About checksums for auditing
spies : Spies (Industrial and Otherwise)
startup scripts : How are services managed?
store-and-forward services : Proxying Without a Proxy Server
subnet architecture, screened
- Screened Subnet Architecture
- Screened Subnet Architecture
subnets : Subnets
Sun RPC : (see RPC)
supporting Internet services : (see services, Internet)
SWATCH program
- Consider Writing Software to Automate Monitoring
- SWATCH
SYN (synchronize sequence numbers) bit : Transmission Control Protocol
syslog : Safeguard the system logs
- configuring : syslog
- example output from : What Should You Watch For?
- SWATCH program with : Consider Writing Software to Automate Monitoring
system
- autonomous : Internet Routing Architecture
- crashes, watching carefully : Watch Reboots Carefully
- customized : Restore and Recover
- defense, diversity of : Diversity of Defense
- documenting after incident
- - Snapshot the System
  - Planning for Snapshots
- failure of : Fail-Safe Stance
- keeping up-to-date : Keeping Your Systems Up To Date
- labeling and diagramming : Labeling and Diagraming Your System
- logging activity : (see logs)
- monitoring
- - Consider Writing Software to Automate Monitoring
  - Monitoring Your System
- operating, testing reload of : Testing the Reload of the Operating System
- rebuilding : Restore and Recover
- restoring after incident : Restore and Recover
- - planning for : Planning for Restoration and Recovery
- shutting down : Disconnect or Shut Down, as Appropriate
System Dynamics cards : Time-based Passwords

Search | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | Y | Z