📄 book-index.html
字号:
<DD>Network Flight Recorder, 279–280
<DD>passwords, 49–50
<DD>RealSecure, 277–279, <B>278</B>
<DD>system level attacks may be missed, 272–273
<DD>Windows NT security, 284–285
</DL>
<DD>social engineering, passwords, 47–49
<DD>sockets, socket addresses, user datagram protocol (UDP), 141–142
<DD>SOCKS proxies, 150, 168
<DD>software applications (<I>See</I> <I>also</I> application security), 122, 125–126
<DD>source addresses, network security, 124
<DD>source routing, network security, 148
<DD>spoofing, 18, 185, 191, 192, 319
<DL>
<DD>Internet Protocol (IP), 132, 133–137
<DD>network security, 158–159
</DL>
<DD>SRI, 179
<DD>Stalker, 227, 228–235
<DL>
<DD>alternative configurations, 234–235
<DD>attacks detected, 232–233
<DD>Audit Management, 228, 229–230
<DD>choosing to use Stalker, 233–234
<DD>distributed intrusion detection, 241
<DD>ease of setup, 240–241
<DD>Misuse Detector (MD), 228, 231–232
<DD>monitoring security, 242–243
<DD>privacy issues, 242–243
<DD>Storage Manager, 228
<DD>threshold detection, 235
<DD>Trace/Browser (TB), 228, 230–231
<DD>version 3 Stalker, 235
</DL>
<DD>statistical anomaly detection, 170–173, 240, 318
<DD>sticky bits, UNIX security, 91
<DD>strong authentication, 72–74
<DD>subjects (<I>See</I> <I>also</I> objects), 3–4, 9, 314
<DL>
<DD>access control, 84
<DD>UNIX security, 33–34
<DD>Windows NT security, 40
</DL>
<DD>subnets, 263–264
<DD>superuser privilege attacks, 185–186
<DD>superusers, UNIX security, 32–33
<DD>symbolic links, 92–93, 311
<DD>symmetric cryptography, 53
<DD>SYN Flood attack, 144, 159, 176, 191, 267, 290, 319
<DD>synchronization, network security, 116
<DD>syslog event logger, 195–198
<DD>system level security, 24, 317–318
<DL>
<DD>network security, 272–273
<DD>sniffers, 272–273
<DD>UNIX security, 259–260
</DL>
<DD>System Network Architecture (SNA), 114
<DD>system security scanners, 214–217, 317
</DL>
<P><FONT SIZE="+1"><B>T</B></FONT></P>
<DL>
<DD>tagging UIDs/GIDs, UNIX security, 33
<DD>Teardrop attack, 191, 290
<DD>Telnet, 121, 151–152, 189, 192
<DD>TEMPEST security project, passwords, 50
<DD>test.cgi hack, 160, 164, <B>165, </B>191, 267
<DD>third-party authentication (<I>See</I> <I>also</I> authentication servers), 17, 52–71
<DD>threads, Windows NT security, 283
<DD>threshold detection, 235
<DD>ticket granting server (TGS), Kerberos, 55–61
<DD>tickets, Kerberos, 64
<DD>time services/time clocks, Kerberos, 63
<DD>time to live (TTL) values, Internet Protocol (IP), 130
<DD>timeouts, Internet Protocol (IP), 131
<DD>Tivoli Management Environment (TME), 110, 244, 308, 322
<DD>token cards (<I>See</I> <I>also</I> smart cards), 74–76, <B>75</B>
<DD>trace logs, SeOS, 109
<DD>traceroute applications, 131
<DD>tracing path of access, 200–206
<DD>tracking attacks, Internet Protocol (IP), 137–138
<DD>training personnel in security, 306–307
<DD>transmission control protocol (TCP), 142–146
<DL>
<DD>application security, 145–146
<DD>FTP, 145
<DD>hijacking sessions, 144
<DD>HTTP, 145
<DD>impersonation, 143
<DD>sequence number guessing, 143–144
<DD>SYN Flood attack, 144
<DD>trusted hosts, 145–146
</DL>
<DD>transparent proxies, 150
<DD>Tripwire, 94
<DD>Trojan Horses, 14, 24
<DL>
<DD>network security, 175
<DD>operating system security, 49
<DD>passwords, 49
<DD>Windows NT security, 284
</DL>
<DD>trust, access control, 128
<DD>trust boundaries
<DL>
<DD>attack opportunities, 9
<DD>database security, 7
<DD>operating system security, 7, 8
</DL>
<DD>trust relationships, 7, 8–9
<DD>trusted computing base (TCB), 14
<DD>trusted hosts, transmission control protocol (TCP), 145–146
<DD>trusted path, operating system security, 49
<DD>tunnel vs. transport mode transmission, network security, 139, 167–168, <B>168</B>
<DD>two-factor authentication, 74–77
<DD>two-party authentication, 35
</DL>
<P><FONT SIZE="+1"><B>U</B></FONT></P>
<DL>
<DD>UC Davis web sites, 178
<DD>unilateral or one-way authentication, 35, 65
<DD>unique identifiers, network security, 127
<DD>UNIX security, 227–261, 327
<DL>
<DD>access control, 81, 84–85, 87–97
<DD>audit ID (AUID), 88
<DD>audit logs, 244–245
<DD>auditing, 229–230, 244–245
<DD>background processes, 96
<DD>boot records, 96
<DD>browsing, 230–231
<DD>buffer overflow attack, 258–259
<DD>bugs, 245–246, 260–261
<DD>computer misuse detection system (CMDS), 227, 235–240
<DD>configuration errors, 245–246
<DD>credentials for I&A, 33, 34, 96
<DD>cryptography/encryption, 35–37
<DD>data encryption standard (DES), 36
<DD>denial of service attacks, 249–251
<DD>detection of attacks by Stalker, 232–233
<DD>discretionary access control (DAC), 33
<DD>distributed intrusion detection, 241
<DD>ease of security setup issues, 240–241,
<DD>effective group IDs (EGID), 87–97, 247–259
<DD>effective user IDs (EUID), 87–97, 247–259, 247
<DD>Event Manager, 244
<DD>event monitoring, 244
<DD>FILE Delete audit events, 247
<DD>group IDs (GIDs), 31, 33, 62, 87–96, 123, 247–259
<DD>groups, 30
<DD>hard links, 92–93
<DD>hash, cryptographic, 36
<DD>identification & authentication (I&A), 29, 30–39
<DD>impersonation, 251–256
<DD><I>init</I> processes, 96–97
<DD>intrusion detection systems (IDS), 111
<DD>Kerberos, 61–62
<DD>link counts, 92–93
<DD>local attacks, 248–261
<DD>locked down version, 162
<DD>login security, 34–35
<DD>monitoring security, 242–243
<DD>network information system (NIS/NIS+), 37–39
<DD>network security, 121, 160
<DD>new attack detection, 243
<DD>nonvolatile RAM (NVRAM), 96
<DD>out of band values, 35
<DD>password system, 31–32, 35–39, 91–93
<DD>PATH hacking, 251–256
<DD>pattern matching, 247–248, 260
<DD>permissions, file and directory, 89–94
<DD>permissions, increasing, 94–96
<DD>phf hack, 160, 164
<DD>plaintext to ciphertext passwords, 36
<DD>power on self tests (POST), 96
<DD>primary groups, 31
<DD>privacy issues, 242–243
<DD>privilege escalation attack, 184–185, 256–258
<DD>privileges, 33, 94–96
<DD>process IDs (PIDs), 33
<DD>process inheritance, 34
<DD>race condition, 92–93
<DD>real group IDs (RGIDs), 87–97, 247–259
<DD>real user IDs (RUID), 87–97, 247–259, 247
<DD>risk assessment, 245
<DD>root access problems, 33, 185–186, 256–258
<DD>salt for password enhancement, 36–37
<DD>saved set-group IDs (SSGID), 88
<DD>saved set-user IDs (SSUID), 88
<DD>secondary group IDs, 87–97
<DD>secondary groups, 31
<DD>security kernel, 13–14
<DD>SeOS (Memco) to improve access control, 104–110
<DD>shadow password files, 31–32
<DD>shoulder surfing at login, 34
<DD>Stalker, 227, 228–235
<DD>sticky bits, 91
<DD>storing passwords in central server, 37–39
<DD>subjects, 33–34
<DD>superuser privilege attacks, 185–186
<DD>superusers, 32–33
<DD>symbolic links, 92–93
<DD>syslog event logger, 195–198
<DD>system level attacks, 259–260
<DD>tagging UIDs/GIDs, 33
<DD>test.cgi hack, 160, 164, <B>165</B>
<DD>threshold detection, 235
<DD>Tivoli Management Environment (TME), 110, 244
<DD>tracing, 230–231
<DD>two-party authentication, 35
<DD>UMASK settings, 185
<DD>unilateral or one-way authentication, 35
<DD>updating resources, 243
<DD>username IDs (UIDs), 30–31, 33, 62, 87–96,123, 247–259
<DD>usernames, 30
<DD>users, 30
<DD>vulnerability scanners, 209
<DD>wrapper attacks, 90
<DD>writing to another’s special files, 256
</DL>
<DD>updating resources, 243
<DD>Usenix Security, 243
<DD>user datagram protocol (UDP), 141–142
<DL>
<DD>Kerberos, 64
<DD>ports, 141–142
<DD>sockets, socket addresses, 141–142
</DL>
<DD>username IDs (UIDs), 30–31, 33, 62, 87–97, 113, 123, 247–259
<DD>usernames, UNIX security, 30
<DD>users, 122–124
<DL>
<DD>database security, 7
<DD>network security, 122–124
<DD>precedence of users, 123
<DD>UNIX security, 30
<DD>Windows NT security, 39–40
</DL>
</DL>
<P><FONT SIZE="+1"><B>V</B></FONT></P>
<DL>
<DD>virtual private networks (VPN), 129, 146
<DD>voice prints, 16, 78
<DD>vulnerability scanners (<I>See</I> <I>also</I> scanners), 173–174, 209–226, 268, 317
<DL>
<DD>Ballista, 224
<DD>how they work, 209–211, 213–214
<DD>IBM Network Security Auditor, 224–225
<DD>Internet Scanner, 218–223, <B>220, 221</B>
<DD>ISS SAFESuite, 214–217, <B>218</B>
<DD>local scanners, 211–212
<DD>remote scanners, 212–213
<DD>system security scanners, 214–217
<DD>updating scanner products, 225
<DD>Windows NT security, 284
</DL>
</DL>
<P><FONT SIZE="+1"><B>W</B></FONT></P>
<DL>
<DD>warning users of potential threats, 307
<DD>weak CGI attacks, 161, 167
<DD>WheelGroup, 225
<DD>Windows NT security, 327
<DL>
<DD>.bat bug, 291
<DD>.cmd bug, 291
<DD>access control, 81, 84–85, 97–102, 285–287
<DD>access control entries (ACE), 98, 283
<DD>access control lists (ACL), 98, 283
<DD>access tokens, 283
<DD>Anonymous vulner-ability, 291
<DD>auditing, 285–287
<DD>buffer overflow attacks, 292
<DD>bugs, 290
<DD>Centrax, 294–297, <B>295, 297,</B> 318–319
<DD>comparison of IDS products, 293–300
<DD>configuration errors, 292–293
<DD>data source security, 284–288
<DD>discretionary access control (DAC), 98–102
<DD>domain controllers, 39, 41–42, <B>43</B>
<DD>duplicate token system calls, 290
<DD>event logs, 195, 285–287
<DD>event records, 286–288
<DD>file management, 285–287
<DD>file system, NT (NTFS), 98
<DD>groups, 39–40
<DD>hijacking sessions, 290
<DD>identification & authentication (I&A), 29, 39–42
<DD>impersonation, 289–290
<DD>Internet information server (IIS), 284
<DD>intrusion detection systems (IDS), 111, 283–301
<DD>KSA and KSM (Security Dynamics), 299–300
<DD>local security authority (LSA), 40–41
<DD>local vulnerabilities, 292–293
<DD>locked down version, 162
<DD>login security, 40–41, 285, 292–293
<DD>NBSTAT command, 291–292
<DD>NTbugtraq, 288
<DD>ntfsdos.exe attack, 292
<DD>passwords, 292–293
<DD>permissions, 98–102, 292–293
<DD>Ping of Death, 290
<DD>privilege escalation, 288–289
<DD>privileges, 97–98, 283
<DD>processes, 283
<DD>RealSecure, 297–298
<DD>registry information, 39–40
<DD>registry permissions, 102
<DD>remote attacks, 290–292
<DD>rights, 97–98
<DD>SAFESuite, 297–298
<DD>security account manager (SAM), 40
<DD>security identifiers (SIDs), 40–41, 97, 123
<DD>security kernel, 13–14
<DD>security reference monitor (SRM), 283
<DD>security review, 283
<DD>SeOS (Memco) to improve access control, 104–110
<DD>shared resource vulnerability, 291
<DD>sniffers, 284–285
<DD>special permissions, 98–102
<DD>standard permissions, 98–102
<DD>subjects, 40
<DD>SYN Flood attack, 290
<DD>system level tools, 318–319
<DD>Teardrop attack, 290
<DD>threads, 283
<DD>Tivoli Management Environment (TME), 110
<DD>Trojan Horses, 284
<DD>users, 39–40
<DD>vulnerability scanners, 209, 284
<DD>what to monitor, 288–293
<DD>Winlogon, 40
</DL>
<DD>workstations, security kernel, 13–14
<DD>wrappers, 90, 116
<DD>write access, 10
</DL>
<P><FONT SIZE="+1"><B>X</B></FONT></P>
<DL>
<DD>X.509 digital certificates, 54, 67–71, 152, 164–165, 321
<DL>
<DD>attribute-value pairs, 68
<DD>bilateral authentication, 67–68
<DD>certificate authority (CA), 68, 69
<DD>certificate revocat⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -