📄 book-index.html
字号:
<DD>two-party authentication, 35
<DD>unilateral or one-way authentication, 35, 65
<DD>UNIX (<I>See</I> <I>also</I> UNIX security), 29, 30–39
<DD>users, 122–124
<DD>Windows NT (<I>See</I> <I>also</I> Windows NT security), 29, 39–42
<DD>X.509 digital certificates, 67–71
</DL>
<DD>impersonation, 124
<DL>
<DD>Internet Protocol (IP), 132, 133–137
<DD>network security, 158–159, 267
<DD>transmission control protocol (TCP), 143
<DD>UNIX security, 251–256
<DD>Windows NT security, 289–290
</DL>
<DD>implicit access control, 126
<DD>inheritance, UNIX security, 34
<DD><I>init</I> processes, 96–97
<DD>insertion attacks, 275
<DD>INSPECT language, 194, 280
<DD>instances, Kerberos, 55
<DD>instrumentation, 176–178, <B>177</B>
<DD>integrity of data, 5–6
<DD>internal attacks, 182–186
<DD>International Computer Security Association, 327
<DD>Internet Activities Board (IAB), address assignment, IP, 130
<DD>Internet control message protocol (ICMP), Internet Protocol (IP), 130, 133–134
<DD>Internet history and development, 128
<DD>Internet Information Server (IIS) bugs, 159–160, 284
<DD>Internet Protocol (IP), 114, 188–189
<DL>
<DD>address resolution protocol (ARP), 139–140
<DD>addressing, 130, 131
<DD>alive addresses, 130
<DD>assignment of addresses, 130
<DD>authentication headers (AH), IPsec, 138–139
<DD>binding addresses, 140
<DD>broadcast addresses, 131
<DD>classes of addresses, 130
<DD>common data security architecture (CDSA), 151
<DD>decimal notation in addresses, 130
<DD>denial of service attacks, 133, 137
<DD>domain name system (DNS), 140–141
<DD>encapsulation security payload (ESP), IPsec, 138, 139
<DD>firewalls, 129, 150–151
<DD>gateways, 130
<DD>hijacking sessions, 136
<DD>hop routing, 130, 131
<DD>ICMP Echo, 133
<DD>impersonation, 132, 133–137
<DD>Internet Activities Board (IAB), address assignment, 130
<DD>Internet control message protocol (ICMP), 130, 133–134
<DD>IP security (IPsec), 128–129, 138–139, 151
<DD>multicast addresses, 131
<DD>multicast backbone (Mbone) addresses, 131
<DD>nameservers, 140
<DD>namespaces, 140
<DD>network security, 128–141
<DD>octets in addresses, 130
<DD>one-half of session impersonation, 135–136
<DD>ping attacks, 133, 134–135
<DD>Ping of Death, 134–135
<DD>problems at IP layer, 132–138
<DD>risk assessment, 135, 136–137
<DD>routers, 130
<DD>routing interchange protocol (RIP), 141
<DD>single message attacks, 133
<DD>sniffing, 132
<DD>spoofing, 132, 133–137
<DD>supporting protocols, 139–141
<DD>time to live (TTL) values, 130
<DD>timeouts, 131
<DD>traceroute applications, 131
<DD>tracking attacks, 137–138
<DD>transmission control protocol (TCP/IP), 142–146
<DD>tunnel vs. transport mode transmissions, 139
<DD>virtual private networks (VPN), 129
</DL>
<DD>Internet Scanner, 218–223, <B>220, 221</B>
<DD>Internet security, 188–189
<DD>Internet Worm attack, passwords, 45
<DD>inter-process communication (IPC), access control, 85
<DD>interval-based security products, 24, 173–174
<DD>intrusion detection systems (IDS), 3, 23, 25–26, 157–159
<DL>
<DD>access control, 104, 111, 163–164
<DD>accountability, 163
<DD>activity profiles, 176–178, <B>177</B>
<DD>application level security, 176
<DD>audit IDs (AUID), 199–200
<DD>audit logs, 244–245
<DD>audit trails, 198–200
<DD>auditing, 175, 244–245
<DD>buffer overflow attack, 258–259
<DD>bugs, 245–246, 260–261
<DD>capturing packets for IDS analysis, 264–265, <B>266</B>
<DD>combined products, 323
<DD>complex attacks, 206–207
<DD>concepts and definitions, 169–179
<DD>configuration errors, 245–246
<DD>cryptography/encryption, 175
<DD>data source security, 174–176, 193–200
<DD>denial of service attacks, 249–251
<DD>distributed intrusion detection, 241
<DD>engine categories, 170–173
<DD>event logs, 195
<DD>event monitoring, 244
<DD>events, 176–178, <B>177</B>
<DD>firewalls, 194
<DD>generic model, 176–178, <B>177</B>
<DD>identification & authentication (I&A), 78, 162–163
<DD>impersonation, 251–256, 289–290
<DD>instrumentation, 176–178, <B>177</B>
<DD>integration into other products, 323
<DD>intercept routines, 193
<DD>interval-based security products, 173–174
<DD>layers of security, 188, <B>189,</B> 190–193
<DD>limitations of IDS, 248
<DD>local attacks, 248–261
<DD>misuse detection vs., 169
<DD>monitoring security, 195–201, 242–243
<DD>network IDS advantages, 268–270
<DD>network security, 153
<DD>PATH hacking, 251–256
<DD>pattern matching detection, 170–173, 247–248, 260
<DD>privacy issues, 242–243
<DD>privilege escalation, 256–258, 288–289
<DD>real-time security products, 173–174
<DD>research, 323
<DD>risk assessment, 157–162, 245
<DD>root access problems, 256–258
<DD>rule sets, 176–178, <B>177</B>
<DD>scope in pattern matching, 247–248, 255
<DD>self referencing and IDS, 324–325
<DD>sequence in pattern matching, 247–248
<DD>simple attacks, 206–207
<DD>sniffers, 263–281
<DD>statistical anomaly detection, 170–173
<DD>syslog event logger, 195–198
<DD>system level attacks, 259–260
<DD>tracing path of access, 200–206
<DD>vulnerability scanners (<I>See</I> <I>also</I> scanners), 173–174
<DD>Windows NT, 283–301
<DD>writing to another’s special files, 256
</DL>
<DD>IP forwarding, network security, 148
<DD>IP security (IPsec), 128–129, 138–139, 151
<DD>IPX, 114
<DD>ISS SAFESuite scanner, 214–217, <B>218,</B> 268
</DL>
<P><FONT SIZE="+1"><B>K</B></FONT></P>
<DL>
<DD>Kerberos, 52, 54–67, 327
<DL>
<DD>abstract syntax notation 1 (ASN 1), 66
<DD>Andrew File System (AFS) vs., 63
<DD>attacks, 63–66
<DD>authentication server (AS), 55–61
<DD>authentication, bilateral/unilateral, 65
<DD>authenticators, 60, 65
<DD>benefits of use, 63
<DD>checksums, 63
<DD>complaints against Kerberos, 63–66
<DD>cryptography/encryption, 55, 63
<DD>delegation of tickets, 66
<DD>forwarding of tickets, 66
<DD>generic security services API (GSSAPI), 67
<DD>instances, 55
<DD>key distribution center (KDC), 54–61
<DD>login security (klogin), 57–59, 66
<DD>network security, 167
<DD>operating system integration, 62
<DD>passwords, 64–65
<DL>
<DD>passwords, shadow files, 62
</DL>
<DD>principals, 55
<DD>race condition, 65
<DD>realm, 55
<DD>session keys (SK), 55–61
<DD>step-by-step session, 59–61, <B>61</B>
<DD>ticket granting server (TGS), 55–61
<DD>tickets, 64
<DD>time services/time clocks, 63
<DD>UNIX login security, 61–62
<DD>user datagram protocol (UDP), 64
<DD>Version 5, 66
</DL>
<DD>Kerberos, 54–67
<DD>kernel, security kernel, 13–14, 117
<DD>key distribution center (KDC), Kerberos, 54–61
<DD>keys and locks, 16
<DD>keys, cryptographic, 53
<DD>keystroke patterns, 78
<DD>KSA and KSM (Security Dynamics), Windows NT security, 299–300
</DL>
<P><FONT SIZE="+1"><B>L</B></FONT></P>
<DL>
<DD>L0pht Heavy Industries, 243
<DD>labels, 18–20
<DD>layered network security model, 114–119, <B>115, </B>188, <B>189, </B>190–193
<DD>leakages, network security, 267
<DD>link counts, UNIX security, 92–93
<DD>local attacks, 248–261
<DD>local scanners, 211–212, 317
<DD>local security authority (LSA), Windows NT security, 40–41
<DD>local vulnerabilities, Windows NT security, 292–293
<DD>locked down versions of UNIX/NT, 162
<DD>locks, 45
<DD>login security, 9, 187–188, 192
<DL>
<DD>brute force attacks (guessed password, etc.), 44
<DD>domain controllers, 41–42, <B>43</B>
<DD>failed login and locks, 45
<DD>identification & authentication (I&A), 29–79
<DD>Kerberos, 57–59, 66
<DD>locks, 45
<DD>passwords, 42–52
<DD>shoulder surfing at login, 34
<DD>tracing path of access, 200–206
<DD>UNIX security, 34–35
<DD>Windows NT security, 40–41, 285, 292–293
</DL>
</DL>
<P><FONT SIZE="+1"><B>M</B></FONT></P>
<DL>
<DD>mail applications (see e-mail)
<DD>mail protocols, network security, 123
<DD>mandatory access control, 18–20
<DD>Memco (SeOS), 104–110
<DD>message formats, network security, 119–120
<DD>message integrity, 68
<DD>Microsoft Internet Information Server (see Internet Information Server)
<DD>misuse detection vs. intrusion detection, 169
<DD>models (see security models)
<DD>monitoring security (<I>See</I> <I>also</I> auditing; event logs), 5, 23, 242–243
<DL>
<DD>auditing, 20–21
<DD>event monitoring, 244
<DD>network security, 153, 166–168
<DD>policy for monitoring, 201
<DD>tracing path of access, 200–206
</DL>
<DD>monitors, reference monitor, 10–12, <B>11</B>
<DD>multicast addresses, Internet Protocol (IP), 131
<DD>multicast backbone (Mbone) addresses, Internet Protocol (IP), 131
<DD>multihomed hosts, network security, 148
<DD>mutual authentication, 17
</DL>
<P><FONT SIZE="+1"><B>N</B></FONT></P>
<DL>
<DD>nameservers, Internet Protocol (IP), 140
<DD>namespaces, Internet Protocol (IP), 140, 122–123
<DD>naming, network security, 127
<DD>NBSTAT command, Windows NT security, 291–292
<DD>NetRanger (IBM) sniffer, 194, 277
<DD>Network Flight Recorder, 279–280
<DD>network information system (NIS/NIS+), 37–39
<DD>network security, 24, 113, 315–316
<DL>
<DD>access control, 126–128
<DD>address resolution protocol (ARP), 139–140
<DD>address-based authentication, 125
<DD>advantages of network IDS, 268–270
<DD>application level security, 125–126, 128, 145–146, 149, 191, 320–321, 320
<DD>attack recognition by IDS, 267–268
<DD>auditing, 169, 175
<DD>authentication headers (AH), IPsec, 138–139
<DD>bastion hosts, 148
<DD>between-layer security, 117
<DD>between-peer security, 117–119,<B> 118</B>
<DD>binding addresses, 140
<DD>boundary between network layers, 116
<DD>buffer overflow attacks, 267
<DD>bugs, 161–162
<DD>capturing packets for IDS analysis, 264–265, <B>266</B>
<DD>common data security architecture (CDSA), 151
<DD>common gateway interface (CGI), 160
<DD>complexity of network security, 151–152
<DD>configuration errors, 158–162
<DD>cryptography/encryption, 149, 167–168, 175, 271–272, 274
<DD>data source security, 174–176
<DD>database management systems (DBMS), 124
<DD>database security, 124
<DD>denial of service attacks, 133, 137, 161, 267
<DD>destination addresses, 124
<DD>destination nodes vs. IDS, 273–276
<DD>distributed authentication, 120
<DD>domain controllers, Windows NT security, 39, 41–42, <B>43</B>
<DD>domain name system (DNS), 127, 140–141, 267
<DD>e-mail, 152
<DD>encapsulation, 114
<DD>encapsulation security payload (ESP), IPsec, 138, 139
<DD>evasion attacks, 275
<DD>explicit access control, 126
<DD>features of IDS, 265–266
<DD>firewalls, 146–147, 149, 150–151, 165–166, 168–169, 175, 264
<DD>fragmentation, 116, 267, 268
<DD>FTP, 145, 151–152, 267
<DD>gateways, 148, 160, 165–166, <B>166,</B> 175
<DD>group IDs (GIDs), 123
<DD>groups, 122–124
<DD>hijacking sessions, 136, 144, 267
<DD>HTTP, 145, 152, 160
<DD>ICMP Echo, 133
<DD>identification & authentication (I&A), 119–126
<DD>impersonation, 124, 132, 133–137, 143, 158–159, 267
<DD>implicit access control, 126
<DD>insertion attacks, 275
<DD>Internet control message protocol (ICMP), 130, 133–134
<DD>Internet Protocol (IP), 114, 128–141
<DD>intrusion detection systems (IDS), 153
<DD>IP forwarding, 148
<DD>IP security (IPsec), 138–139, 151
<DD>IPX, 114
<DD>Kerberos, 167
<DD>layers of information, 188, <B>189,</B> 190–193
<DD>layers, 114–119, <B>115,</B> 188, <B>189,</B> 190–193
<DD>leakages, 267
<DD>locked down versions of UNIX/NT, 162
<DD>mail protocols, 123
<DD>message formats, 119–120
<DD>Microsoft Internet Information Server (IIS) bugs, 159–160
<DD>monitoring security, 153, 166–168
<DD>multihomed hosts, 148
<DD>nameservers, 140
<DD>namespaces, 122–123, 140
<DD>naming, 127
<DD>network entities, 120–122
<DD>network information system (NIS/NIS+), 37–39
<DD>network services auditor (NS Auditor), 169
<DD>NFS, 267
<DD>nodes, 120–122, 124–125
<DD>Notes client/servers, 122
<DD>one-half of session impersonation, 135–136
<DD>operating system security, 117, 121
<DD>packet filtering, 128, 147–149, 169, 175, 264
<DD>packet headers, 116
<DD>passwords, 42–52, 125–126
<DD>peer security, 117–119, <B>118,</B> 165–166
<DD>phf hack, 160, 164, 267
<DD>ping attacks, 133, 134–135
<DD>Ping of Death, 134–135, 159, 176, 267
<DD>ports, 141–142
<DD>precedence of users, 123
<DD>promiscuous mode adapters, 264
<DD>protocols, hacker exploitation, 119–120
<DD>proxies, 149–150, 168, 169, 175
<DD>risk assessment, 135, 136–137, 157–162
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -