📄 book-index.html
字号:
<DD>event logs, 195
<DD>IBM Network Security Auditor, 224–225
<DD>network security, 169, 175
<DD>SeOS, 108–109
<DD>Stalker, 228, 229–230
<DD>syslog event logger, 195–198
<DD>tracing path of access, 200–206
<DD>Windows NT security, 285–287
</DL>
<DD>augment vs. replace existing security, 25
<DD>AUSCERT, 327
<DD>authentication (<I>See</I> <I>also</I> identification & authentication), 6, 14–18
<DD>authentication headers (AH), IPsec, 138–139
<DD>authentication servers (AS), 52–71
<DL>
<DD>Athena project, 52
<DD>cryptography/encryption, 53–54
<DD>digital certificates, 54
<DD>Kerberos, 52, 54–67, 327
<DD>X.509 digital certificates, 54, 67–71, 152
</DL>
<DD>authenticators, Kerberos, 60, 65
<DD>authorization, 10–12, 15
<DD>authorization databases, 10–12
<DD>availability of data, 5–6
<DD>Axent-Raptor Eagle, 194
</DL>
<P><FONT SIZE="+1"><B>B</B></FONT></P>
<DL>
<DD>backups, 305–308, 310
<DD>Ballista, 224
<DD>basic security model, 9–14, 314
<DD>bastion hosts, network security, 148
<DD>.bat bug, Windows NT security, 291
<DD>bilateral or mutual authentication, 17, 65
<DL>
<DD>X.509 digital certificates, 67–68
</DL>
<DD>binding addresses, Internet Protocol (IP), 140
<DD>biometrics, 78
<DD>boot records, 96
<DD>boundaries (see trust boundaries)
<DD>boundary between network layers, 116
<DD>broadcast addresses, Internet Protocol (IP), 131
<DD>brute force attacks, passwords, 44–47
<DD>buffer overflow attacks, 185, 191
<DL>
<DD>access control, 83, 104, 164
<DD>network security, 267
<DD>UNIX security, 258–259
<DD>Windows NT security, 292
</DL>
<DD>bugs, 5, 193, 245–246
<DL>
<DD>access control, 81, 82–83
<DD>network security, 161–162
<DD>passwords, 51
<DD>UNIX security, 260–261
<DD>Windows NT security, 290
</DL>
</DL>
<P><FONT SIZE="+1"><B>C</B></FONT></P>
<DL>
<DD>category labels, 18–20, 18
<DD>centralized security, 24
<DD>Centrax, Windows NT security, 294–297, <B>295, 297, </B>318–319
<DD>CERT, 327
<DD>certificate authority (CA), X.509 digital certificates, 68, 69
<DD>certificate revocation list (CRL), X.509 digital certificates, 69
<DD>certificates/certification (see digital certificates; X.509)
<DD>challenge-response authentication, 77–78
<DD>changes to data (see integrity of data)
<DD>checksums, 63
<DD>choosing a password, 44, 51–52
<DD>ciphertext passwords, 36
<DD>classes of addresses, Internet Protocol (IP), 130
<DD>classic security model, 3–4
<DD>classifying security products, 21–25
<DD>.cmd bug, Windows NT security, 291
<DD>COAST, 94, 178, 200, 327
<DD>combined products, 323
<DD>common data security architecture (CDSA)
<DL>
<DD>network security, 151
<DD>X.509 digital certificates, 70
</DL>
<DD>common desktop environment (CDE), 30, 85–86
<DD>common gateway interface (CGI), network security, 160
<DD>common language integrated production system (CLIPS), 239
<DD>computable nature of confidentiality/integrity, 6
<DD>computer misuse detection system (CMDS), 227, 235–240, 318
<DL>
<DD>analysis modes, 236–237
<DD>anomaly reporting, 237–239, <B>238</B>
<DD>common language integrated production system (CLIPS), 239
<DD>distributed intrusion detection, 241
<DD>ease of setup, 240–241
<DD>how it works, 236
<DD>monitoring security, 242–243
<DD>pattern matching signatures, 239–240
<DD>privacy issues, 242–243
<DD>statistical anomaly detection, 240
<DD>statistical measures, 237
</DL>
<DD>confidentiality of data, 5–6, 5
<DD>configuration errors, 8, 81, 82, 245–246
<DL>
<DD>access control, 81, 82
<DD>network security, 158–162
<DD>Windows NT security, 292–293
</DL>
<DD>covert channels, 204
<DD>Crack penetration program, passwords, 46
<DD>crashes, 5
<DD>credentials, UNIX security, 33, 34, 96
<DD>Cross Site, 322
<DD>cryptography/encryption, 53–54, 308
<DL>
<DD>algorithms, 53
<DD>asymmetric cryptography, 53
<DD>authentication headers (AH), IPsec, 138–139
<DD>data encryption standard (DES), 36, 53
<DD>digital signatures, 54
<DD>encapsulation security payload (ESP), IPsec, 138, 139
<DD>generic security services API (GSSAPI), 67
<DD>hash, cryptographic, 36, 308
<DD>identification & authentication (I&A), 16
<DD>intrusion detection systems (IDS), 175
<DD>Kerberos, 55, 63
<DD>keys, cryptographic, 53
<DD>network information system (NIS/NIS+), 38–39
<DD>network security, 149, 167–168, 271–272, 274
<DD>one-time pads, 73
<DD>plaintext to ciphertext passwords, 36
<DD>private keys, 53–54
<DD>public keys, 53–54
<DD>RSA public-key cryptography, 53
<DD>salt for password enhancement, 36–37
<DD>secret keys, 53
<DD>sniffers, 271–272, 274
<DD>symmetric cryptography, 53
<DD>UNIX security, 35–37
<DD>X.509 digital certificates, 67–71
</DL>
</DL>
<P><FONT SIZE="+1"><B>D</B></FONT></P>
<DL>
<DD>data encryption standard (DES), 36, 53
<DD>data source security, 174–175, 193–200, 284–288
<DD>database security, 7
<DL>
<DD>authorization databases, 10–12
<DD>data source security, 174–176, 193–200, 284–288
<DD>database management systems (DBMS), 124
<DD>entities, 7
<DD>existing vs. new data sources, 25
<DD>network security, 124
<DD>trust boundaries, 7
<DD>trust relationships, 7
<DD>users, 7
</DL>
<DD>data-driven attacks, 185
<DD>decimal notation in addresses, Internet Protocol (IP), 130
<DD>DEFCON, 243
<DD>delegation of tickets, Kerberos, 66
<DD>denial of service attack, 182–183, 186–187
<DL>
<DD>Internet Protocol (IP), 133, 137
<DD>network security, 161, 267
<DD>passwords, 44–47
<DD>UNIX security, 249–251
</DL>
<DD>dependencies of security products, 7
<DD>destination addresses, network security, 124
<DD>detecting security breaches, 25–26
<DD>dictionary of passwords, 45
<DD>digital certificates, 54, 67–71, 152, 164–165, 321
<DD>digital signatures, 54, 68
<DD>directory management, UNIX security, 89–94
<DD>disconnect/shut down of resources, 309
<DD>discretionary access control (DAC), 18
<DL>
<DD>UNIX security, 33
<DD>Windows NT security, 98–102
</DL>
<DD>distinguished names, X.509 digital certificates, 68
<DD>distributed authentication, 120
<DD>distributed computing environments (DCE), 16, 24
<DD>distributed intrusion detection, 241
<DD>distributed security, 24
<DD>documentation of system, 305–308
<DD>domain controllers, Windows NT security, 39, 41–42, <B>43</B>
<DD>domain name system (DNS), network security, 127, 140–141, 267
<DD>duplicate token system calls, 290
<DD>dynamic host configuration protocol (DHCP), 241
</DL>
<P><FONT SIZE="+1"><B>E</B></FONT></P>
<DL>
<DD>effective group IDs (EGID), UNIX security, 87–97, 247–259
<DD>effective user IDs (EUID), UNIX security, 87–97, 247–259
<DD>electromagnetic emissions monitoring, passwords, 50
<DD>e-mail security, 152
<DD>EMERALD project, 179, 191
<DD>encapsulation, 114
<DD>encapsulation security payload (ESP), IPsec, 138, 139
<DD>encryption (see cryptography/encryption)
<DD>engine categories, intrusion detection systems (IDS), 170–173
<DD>entities, 4, 9–14
<DL>
<DD>database security, 7
<DD>network security, 120–122
<DD>operating system security, 7, 8
</DL>
<DD>evaluation of attack situation, 309
<DD>evasion attacks, 275
<DD>event logs, 195, 285–287, 307–308
<DD>Event Manager, 244
<DD>event monitoring, 244
<DD>event records, Windows NT security, 286–288
<DD>events, 176–178, <B>177</B>
<DD>evidence collection, in possible litigation, 309
<DD>explicit access control, 126
<DD>external threats, 186–188
</DL>
<P><FONT SIZE="+1"><B>F</B></FONT></P>
<DL>
<DD>facial features, 78
<DD>file management
<DL>
<DD>NT file system (NTFS), 98
<DD>UNIX security, 89–94
<DD>Windows NT security, 285–287
</DL>
<DD>filtering (see packet filtering)
<DD>finding hackers, 311–312
<DD>fingerprints, 16, 78
<DD>firewalls, 26, 114, 185, 193
<DL>
<DD>Internet Protocol (IP), 129, 150–151
<DD>Internet security, 188–189
<DD>intrusion detection systems (IDS), 194
<DD>IP security, 129
<DD>network security, 146–147, 149, 165–166, 168–169, 175, 264
</DL>
<DD>Forum for Incident and Response Security Teams (FIRST), 327
<DD>forwarding of tickets, Kerberos, 66
<DD>fragmentation, network security, 116, 267, 268
<DD>FTP, 145, 151–152, 187–188, 189, 192, 267
<DL>
<DD>network security, 151–152, 267
<DD>transmission control protocol (TCP), 145
</DL>
</DL>
<P><FONT SIZE="+1"><B>G</B></FONT></P>
<DL>
<DD>gateways
<DL>
<DD>Internet Protocol (IP), 130
<DD>network security, 148, 160, 165–166, <B>166,</B> 175
</DL>
<DD>Gauntlet firewall, 150
<DD>generic security services API (GSSAPI), Kerberos, 67
<DD>GetAdmin hack, access control, 104
<DD>global positioning system (GPS), 16
<DD>goals of computer security, 4–6
<DD>Gopher, 189
<DD>group IDs (GIDs), UNIX security, 31, 33, 62, 87–97, 113, 247–259
<DD>groups, 122–124
<DL>
<DD>network security, 122–124
<DD>UNIX security, 30
<DD>Windows NT security, 39–40
</DL>
<DD>guessing attacks, passwords, 44–47
</DL>
<P><FONT SIZE="+1"><B>H</B></FONT></P>
<DL>
<DD>hard links, UNIX security, 92–93
<DD>hash, cryptographic, 36, 308
<DD>heuristics to guess passwords, 45–46
<DD>hijacking sessions, 192, 319
<DL>
<DD>Internet Protocol (IP), 136
<DD>network security, 267
<DD>transmission control protocol (TCP), 144
<DD>Windows NT security, 290
</DL>
<DD>hop routing, Internet Protocol (IP), 130, 131
<DD>hot links for information, 327
<DD>HTML interfaces, 185–186
<DD>HTTP, 186–187, 189
<DL>
<DD>network security, 152, 160
<DD>transmission control protocol (TCP), 145
</DL>
</DL>
<P><FONT SIZE="+1"><B>I</B></FONT></P>
<DL>
<DD>IBM Network Security Auditor, 224–225
<DD>ICMP Echo, Internet Protocol (IP), 133
<DD>identification & authentication (I&A), 14–18, 22, 29–79, 162–163, 314–315, 321
<DL>
<DD>accountability, 163
<DD>ACE/Server (Security Dynamics), 74–77
<DD>address-based authentication, 16, 125
<DD>AIX operating system, 29–30
<DD>application level authentication, 125–126
<DD>authentication servers, 52–71
<DD>authorization, 15
<DD>bilateral or mutual authentication, 17, 65, 67–68, 67
<DD>biometrics, 78
<DD>challenge-response authentication, 77–78
<DD>common desktop environment (CDE), 30
<DD>components must be trustworthy, 17–18
<DD>credentials for system use, 15
<DD>cryptography/encryption, 16, 53–54
<DD>data encryption standard (DES), 36
<DD>distributed authentication, 16, 120
<DD>domain controllers, 41–42, <B>43</B>
<DD>groups, 122–124
<DD>hash, cryptographic, 36, 308
<DD>impersonation of network entities, 124
<DD>improving I&A, 71–78
<DD>intrusion detection, 78
<DD>Kerberos, 52
<DD>login security, 29
<DD>methods/objects of authentication, 15–16
<DD>network information system (NIS/NIS+), 37–39
<DD>network security, 119–126
<DD>nodes, 124–125
<DD>nonce, 42
<DD>one-time pads, 73
<DL>
<DD>one-time passwords, 72
</DL>
<DD>operating system security, 29
<DD>passwords, 15–16, 36, 42–52, 72
<DD>personal identification numbers (PINs), 75–76
<DD>plaintext passwords, 36
<DD>salt for password enhancement, 36–37
<DD>scope of entities in network, 122
<DD>smart cards, 74–76, <B>75</B>
<DD>software applications, 122
<DD>storing passwords in central server, 37–39
<DD>strong authentication, 72–74
<DD>third-party authentication (<I>See</I> <I>also</I> authentication servers), 52–71
<DD>token cards, 74–76, <B>75</B>
<DD>trusted third party, 17
<DD>two-factor authentication, 74–77
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -