Index

A note on the digital index

A link in an index entry is displayed as the section title in which that entry appears. Because some sections have multiple index markers, it is not unusual for an entry to have several links to the same section. Clicking on any link will take you directly to the place in the text in which the marker appears.

A

AAA servers, Authentication and Auditing Services

access, Network Security, A firewall can log Internet activity efficiently, Least Privilege, Least Privilege, Choke Point, Fail-Safe Stance, Default Permit Stance: That Which Is Not Expressly Prohibited Is Permitted, Building a Bastion Host, Remote Access to Hosts, Summary of Recommendations for Windows Remote Access

fail safe, Fail-Safe Stance, Default Permit Stance: That Which Is Not Expressly Prohibited Is Permitted

least privilege, Least Privilege, Least Privilege

logging, A firewall can log Internet activity efficiently (see logs)

monitoring at choke point, Choke Point

to networks, Network Security

remote, to hosts, Remote Access to Hosts, Summary of Recommendations for Windows Remote Access

to unbuilt bastion host, Building a Bastion Host

access router, Exterior Router (see exterior routers)

accidents, Stupidity and Accidents

account management, Managing Your Accounts, Managing Your Accounts

ACK (acknowledgment) bit, TCP layer, TCP, Packet Filtering Characteristics of SMTP

with SMTP, Packet Filtering Characteristics of SMTP

TCP connections, TCP

Active Channels, Push Technologies

Active Directory, Naming and Directory Services, Active Directory, Active Directory

Active Server Pages (ASP), HTTP Extensions

ActiveX, Web Client Security Issues, ActiveX, ActiveX

extension systems, Web Client Security Issues

activity logs, A firewall can log Internet activity efficiently (see logs)

address-based authentication, Network Window Systems

addresses, Conventions for Packet Filtering Rules, Conventions for Packet Filtering Rules, Filtering by Address, Risks of Filtering by Source Address, Configuring SMTP to Work with a Firewall

accepted by router, Conventions for Packet Filtering Rules, Conventions for Packet Filtering Rules

email, Configuring SMTP to Work with a Firewall (see email)

filtering by, Filtering by Address, Risks of Filtering by Source Address

AES (Advanced Encryption Standard) algorithm, Encryption Algorithms

AFS (Andrew File System), File Sharing

algorithms, Kinds of encryption algorithms, Encryption algorithms and key length, Kinds of encryption algorithms, Selecting an Algorithm, Encryption Algorithms, Encryption Algorithms, Digital Signature Algorithms, Digital Signature Algorithms, Digital Signature Algorithms, Cryptographic Hashes and Message Digests, Cryptographic Hashes and Message Digests, Cryptographic Hashes and Message Digests, Key Exchange, Key Exchange, Evaluating Other Algorithms, Evaluating Other Algorithms

digital signature, Digital Signature Algorithms, Digital Signature Algorithms, Digital Signature Algorithms

DSA/DSS, Digital Signature Algorithms

Elliptic Curve, Digital Signature Algorithms

encryption, Kinds of encryption algorithms, Encryption algorithms and key length, Selecting an Algorithm, Encryption Algorithms, Encryption Algorithms

selecting, Selecting an Algorithm

evaluating, Evaluating Other Algorithms, Evaluating Other Algorithms

HMAC, Cryptographic Hashes and Message Digests

key exchange, Key Exchange, Key Exchange

MD4/MD5, Cryptographic Hashes and Message Digests

public key, Kinds of encryption algorithms

SHA/SHA-1, Cryptographic Hashes and Message Digests

altering routers, What Does a Packet Look Like? (see screening routers)

Andrew File System, File Sharing (see AFS)

anonymous FTP, File Transfer, File Transfer, Using Proxy-Aware User Procedures for Proxying, ftpd, Providing Anonymous FTP Service, Limiting access to information, Preventing people from using your server to distribute their data, Preventing people from using your server to distribute their data, Removing the files, Using the wuarchive FTP daemon

(see also FTP)

via proxy server, Using Proxy-Aware User Procedures for Proxying

removing files from, Removing the files

writable directories with, Preventing people from using your server to distribute their data, Preventing people from using your server to distribute their data

wuarchive server, Using the wuarchive FTP daemon

APOP (version of POP), Post Office Protocol (POP)

AppleShare, File Sharing

application-level, Proxy Services, Application-Level Versus Circuit-Level Proxies, Application-Level Versus Circuit-Level Proxies

gateways, Proxy Services (see proxy services)

proxy servers, Application-Level Versus Circuit-Level Proxies, Application-Level Versus Circuit-Level Proxies

archives, self-decrypting, Keeping Mail Secret

ASP (Active Server Pages), HTTP Extensions

attackers, Types of Attackers (see intruders)

attacks, What Are You Trying to Protect Against? (see incidents)

audit, security, Running a Security Audit, Use cryptographic checksums for auditing, Running a Security Audit, Running a Security Audit, Analysis Tools, SAINT

tools for, Analysis Tools, SAINT

Auth protocol, Auth and identd, Summary of Recommendations for Auth

authentication, File Sharing, File Sharing, Remote Terminal Access and Command Execution, Network Window Systems, Naming and Directory Services, Authentication and Auditing Services, Network address translation interferes with some encryption and authentication systems, Terminal Servers and Modem Pools, False Authentication of Clients, False Authentication of Clients, Protecting Services, Is the level of authentication and authorization it uses appropriate for doing that?, Protocol Security, Sun RPC Authentication, Sun RPC Authentication, Microsoft RPC Authentication, Authentication and SMB, User-level authentication, Inadvertent Release of Information, Inadvertent Release of Information, Inadvertent Release of Information, NFS Authentication, NFS Authentication, SSH server authentication, SSH client authentication, Additional SSH options for client control, Authentication and Auditing Services, What Is Authentication?, Something You Have, The TIS FWTK Authentication Server, Problems with the authentication server, SMB Authentication, SMB Authentication, Accessing Other Computers, Alternate Authentication Methods, Authentication Tools, Kerberos, Mutual Authentication

address-based, Network Window Systems

basic, Inadvertent Release of Information

client, network lesystems and, File Sharing, File Sharing

DNS and, Naming and Directory Services

false, False Authentication of Clients, False Authentication of Clients, Protecting Services

Microsoft RPC, Microsoft RPC Authentication

mutual, Mutual Authentication

network address translation, Network address translation interferes with some encryption and authentication systems

in NFS, NFS Authentication, NFS Authentication

protocol security and, Protocol Security

of remote logins, Remote Terminal Access and Command Execution

SMB, Authentication and SMB, User-level authentication, SMB Authentication, SMB Authentication

of SSH, SSH server authentication, SSH client authentication, Additional SSH options for client control

client, SSH client authentication, Additional SSH options for client control

server, SSH server authentication

Sun RPC, Sun RPC Authentication, Sun RPC Authentication

TIS FWTK server, The TIS FWTK Authentication Server, Problems with the authentication server

tools for, Authentication Tools, Kerberos

types of, What Is Authentication?, Something You Have

for web pages, Inadvertent Release of Information, Inadvertent Release of Information

Windows NT, Accessing Other Computers, Alternate Authentication Methods

automounting filesystems, Automounting, Automounting