Internet Security Professional Reference:Index
Index
Symbols
- * (asterisk) terminal write status, 33
- * (asterisk) traceroute command, 39
- \ (backslash) in UUCP Permissions file, 120
- \ (backslash) with bang addressing, 102
- \ (backslash) with UUCP Dialer, 109
- (double quotes) in chat scripts, 114, 135
- ! (exclamation point) in procmon.cmd files, 71
- ! (exclamation point) in UUCP addresses, 101102
- ! (exclamation point) telnet command, 46
- # (pound) symbol in network configuration file, 20
- ? (question mark) in process tables, 53
- ? (question mark) telnet command, 46
- 3Com Corporation, packet filter vendor, 350
- 8lgm mailing list, 852
A
- -a (arp command options), 40
- -a (netstat command options), 35
- -a (ruptime command option), 32
- ac command, 149
- access control lists (ACLs), 667668
- accessing TCP services with netacl, 245
- accounting, user accounts with Kerberos, 481
- accounting reports, firewall capabilities, 361
- accton command, 156
- ActivCard, Inc. web site, 574
- active attacks, DNS servers, spoofing, 222223
- active hub mechanisms
- commercial products, 197
- hardware address spoofing, 197
- aculog file, Unix audit log, 153
- add-on utilities (Pretty Good Privacy), 657660
- adding user accounts to authentication server database (TIS Firewall Toolkit), 280284
- additional-tickets field, KRB_KDC_REQ message, 531
- address classes, 911
- class A, 10
- class B, 10
- class C, 11
- netmask defaults, 12
- Address Resolution Protocol (ARP), 18, 20, 4041
- addresses
- bang addressing, 101
- broadcast, 11
- classes, 911
- destinations, specifying, 18
- dotted decimal address, 11
- Ethernet, 20
- hostname to IP address resolution, 2627
- Internet assignment, 9
- Internet-to-Ethernet address translation table, 40
- IP (Internet Protocol) addresses, 911
- hacker access to, 387389
- spoofing, 434437
- multicast, 10
- netmasks, 12
- networks, pinging with netscan utility (TIS Firewall Toolkit), 295
- octets, 1011
- reserved, 11
- subnets, 1114
- translating hostnames into IP addresses, 14
- UUCP (Unix to Unix CoPy) commands, compatibility with Internet addressing, 101
- addresses field, KRB_KDC_REQ message, 531
- alert (syslog file severity level), 151
- alerts, firewall capabilities, 361
- algebraic attacks, cryptanalysis, 602603
- algorithmic entry point scanners, virus scanners, 823826
- ALLOW-POSTDATE field, Kerberos tickets, 527
- alt.2600 newsgroup, 857
- alt.hacker newsgroup, 857
- alt.security newsgroup, 857
- alt.security.pgp newsgroup, 857
- alt.security.ripem newsgroup, 857
- anonymous FTP, vulnerability to hackers, 420
- anonymous login (UUCP), 125126
- anonymous mode (FTP), 47
- anonymous user account, Internet Information Server (IIS), 688
- antivirus programs
- behavior blockers, 831
- heurisitic scanners, 832833
- integrity checkers, 827831
- memory scanners, 826827
- rating criteria, 820
- read stealth viruses, repair process, 837
- virus scanners, 820826
- viruses
- floppy boot records, 835836
- master boot records, 835836
- partition boot records, 835836
- see also computer viruses
- ap-options field, KRB_AP_REQ message, 537
- appending to COM files, file viruses, 791
- Applet Host security mode, Java applets, 731
- applets (Java)
- security modes, 731732
- testing, 707, 729731
- viewing with Netscape, 732
- Appletviewer (Java), 729731
- application gateways
- authentication information, 353
- cost, 353
- firewall architecture, 353
- application level proxies, 356357
- disadvantages, 348
- firewalls, 348
- performance guidelines for firewalls, 365366
- product comparisons for firewalls, 365366
- Application Log (Windows NT), 163
- applications (TIS Firewall Toolkit)
- authmgr client, 310311
- authsrv, 276288, 311318
- clauses, 244
- comments, inserting, 244
- ftp-gw, 259264, 318322
- http-gw, 270275, 322328
- login-sh, 328329
- netacl, 245249, 330331
- plug-gw, 288294, 332333
- rlogin-gw, 255259, 334335
- rules, 244, 255
- smap client, 265, 336337
- smapd, 267, 337339
- tn-gw, 249255, 339342
- x-gw, 275276, 342343
- architecture
- application gateways for firewalls, 353
- router-based firewalls, 349350
- stateful packet filters for firewalls, 352
- Argus FTP site, 854
- Argus network management program, 414
- ARMOR configuration keyword (PGP), 650
- armor mode (PGP), 639
- ARMORLINES configuration keyword (PGP), 650
- -arp command (ifconfig), 18
- ARP (Address Resolution Protocol), 20
- ARP cache entries
- deleting, 202
- displaying, 202
- network-level detection
- continuous monitoring, 208209
- periodic polling, 207208
- permanent, inserting, 202203
- arp command, 18, 4041
- ARP cache entries (Windows NT), 202
- arp program, vulnerability to hackers, 385
- ARP requests, discontinuing, 201
- ARP servers
- difficulty of configuration, 203
- implementing, 203
- purpose, 203
- ARP spoofing
- ARP request discontinuation, 201
- defined, 197
- detecting, 201, 205209
- host level active detection, detecting, 206
- host level passive detection, detecting, 205
- inadvertent case studies, 199201
- malicious case studies, 200201
- network-level detection
- continuous monitoring, 208209
- detecting, 207
- periodic polling, 207208
- preventing, 201204
- process, 198199
- rlogin protocol vulnerability, 192
- routers
- case studies, 204205
- preventing, 203204
- server level detection, detecting, 206
- ARPANET, 89
- File Transfer Program, 47
- asax (audit trail analyzer), 160
- asax (web site), 160
- Ascend web site, 683
- ASCOM web site, 599
- ASSERT ERROR (UUCP log file error message), 127
- asterisk (*) terminal write status, 33
- asterisk (*) traceroute command, 40
- asymmetric cryptography, 600601
- asymmetric key encryption, 558559
- AT&T web site, 854
- attaching digital signatures to e-mail messages with PGP, 637643
- attackers
- ARP spoofing, 198199
- rlogin protocols, problems, 192193
- attacks on network security, 373386
- acquiring login accounts, 378379
- acquiring root access, 379380
- characterizing, 378381
- extend access by hackers, 380381
- modem-based, 409418
- audit trails, 147
- analyzing
- asax program, 160
- chklastlog program, 160
- chkwtmp program, 160
- auditing utilities, 157160
- DOS utilities, 166167
- Ethernet sniffers, 159160
- open files reports, lsof program, 160
- process accounting, 155157
- system monitoring/logging utilities, 160161
- Unix audit logs, 148155
- Windows NT, 162166
- see also logging; messages; reports
- -auth host access rule, tn-gw application (TIS Firewall Toolkit), 254
- auth (syslog file facility), 151
- AUTH_UNIX authentication, 422
- authdumpt command, authentication server database management, 284286
- authenticating
- clients
- in Kerberos networks, 533537
- to network services via Kerberos tickets, 513515
- network logons
- certificate-based, 572
- encrypted passwords, 572
- plaintext passwords, 572
- two-factor, 572
- passwords with rlogin protocol, 191192
- user accounts with Kerberos, 480484
- workstations in Kerberos, 551552
- authentication
- basic, Internet Information Server (IIS), 690
- challenge/response, Internet Information Server (IIS), 690
- cryptography goals, 566567
- Secure Sockets Layer (SSL), Internet Information Server (IIS), 690
- tickets (Kerberos), 512
- authentication server, see authsrv
- Authentication Service Exchange (Kerberos), 517520
- specifications, 526533
- authenticator field, KRB_AP_REQ message, 538
- authenticator-vno field, Kerberos ticket authenticators, 516
- authenticators, Kerberos tickets, 515516
- authload command, authentication server database management, 284286
- authmgr client application (TIS Firewall Toolkit), 310311
- installation, 311
- options, 311
- authmgr command, 284
- authorization-data field
- Kerberos ticket authenticators, 516
- Kerberos tickets, 515
- authorizing user accounts with Kerberos, 481
- authpriv (syslog file facility), 151
- authsrv (authentication server), 276278, 311318
- adding users to database, 280284
- administrative commands, 280282
- commands, 314317
- compiling, 277
- configurations, 277
- database management, 284286
- group configurations, 313
- installation, 317318
- operations, 286288
- reports, 298299
- rules, 278279
- user configurations, 313
- authtime field
- Kerberos tickets, 514
- KRB_CRED message, 546
- KRB_KDC_REP message, 533
B
- -b (finger command option), 34
- backslash (\) in UUCP Permissions file, 120
- with bang addressing, 102
- with UUCP Dialer, 109
- backup domain controller (Windows NT), 670671
- BAD LOGIN/MACHINE COMBINATION (UUCP log file error message), 127128
- BAKRING configuration keyword (PGP), 650
- bang addressing, 101
- basic authentication, Internet Information Server (IIS), 690
- BATCHMODE command-line option (PGP), 653
- baud rates, configuring UUCP networks, 112, 134
- Bay Networks, packet filter vendor, 350
- bdflush daemon, 57
- behavior blockers (viruses)
- disadvantages, 831832
- rating criteria, 831832
- virus warnings, 831832
- Bellcore web site, 194
- Berkeley Internet Name Daemon (BIND), 225
- Berkeley r-commands, 4245
- big endian coding, 725
- bin directory (SATAN), 444445
- binary files
- integrity, verifying to prevent hacker attacks, 439440
- PGP, vulnerability to hackers, 657
- processing with PGP, 638639
- BIND resolver library, 41
- bits, determining fixed status, 13
- block ciphers, 593594
- Blowfish cipher
- downloading, 599
- symmetric encryption, 599
- unpatented status, 599
- BNU (Basic Networking Utilities), 98
- Devices file, 105107
- Dialers file, 108110
- Systems file, 110113
- see also EUC
- Bolt Beranek and Newman Inc. (BBN), 8
- Bones Kerberos distribution, 498499
- boot (run level action field), 74
- boot protocols, implementing, 26
- boot record viruses
- damage to FAT (File Allocation Table), 841
- damage to HPFS (High Performance File System), 841842
- damage to NTFS (NT File System), 841842
- dropper programs (Windows NT), 840
- floppy disk booting (Windows NT), 840
- function, 773774
- multipartite viruses (Windows NT), 840
- prevalence, 773774
- repairing, 833836
- Windows NT
- installing, 842
- virus behaviors, 840842
- boot records, 760
- boot viruses, 811
- multipartite, 811
- network file servers, 811
- over networks, 811
- peer-to-peer networks, 811
- booting
- floppy disks
- boot record viruses (Windows NT), 840
- master boot record viruses (Windows NT), 838
- process, 761762
- Windows NT with master boot record infection, 839840
- see system boot
- BOOTP daemon, 26
- bootpd servers
- exploitation by hackers, 397399
- vulnerability to hackers, 397399
- bootwait (run level action field), 75
- border routing protocols, 212
- bounce to program hole, sendmail program, 381
- Bourne shell, daemons, creating, 6367
- BREAK signals for chat scripts (UUCP), 113, 134
- bridges
- cost, 190
- Drawbridge program, 190
- installing, 190
- versus routers, 190
- versus switches, 190
- broadcast addresses, 11
- defined, 175
- promiscuous mode, 175
- broadcast command (ifconfig), 18
- broadcast storms, debugging, 159
- browsers (web)
- Netscape, Java support, 732
- non-proxy aware, 271272
- proxy aware, 272
- running SATAN, 429430
- brute force hacker attacks against PGP (Pretty Good Privacy), 654655
- BSD (Berkeley Software Distribution) code, 54
- BSD Unix (University of California at Berkeley), 8
- buffers
- fingerd program, vulnerability to hackers, 382
- overuns, CGI programming in C/C++, 750
- bugtraq mailing list, 386, 852
- building SATAN, 455476
- bypassing CGIs to ensure security, 745746
- bytecodes (Java), 703, 711
- verifying, 721
C
- -C options, endmail program, 385
- -c count (ping command option), 29
- C programming language, CGI libraries, 739, 750
- C++ programming language
- CGI programming, 750
- versus Java, 707710
- caches, DNS corruption, 438
- caddr field
- Kerberos tickets, 515
- KRB_CRED message, 546
- KRB_KDC_REP message, 533
- Caesar Cipher, symmetric encryption, 582584
- Call-unit (L-devices file field), 132
- CALLBACK (Permissions file keyword), 122
- CALLBACK REQUIRED, (UUCP log file error message), 127
- calling costs, controlling UUCP systems, 110, 124, 133
- Canadian Security Intelligence Service web site, 854
- CANT ACCESS FILE (UUCP log file error message), 127
- case studies
- ARP spoofing
- inadvertent, 199201
- malicious, 200201
- routers, 204205
- external routing protocols, 217
- Routing Information Protocol (RIP), route spoofing, 213215
- sniffing low-level protocol information, 178181
- cast statements (Java), 709
- CBC (Cipher Block Chaining) encryption, 488
- CD-ROM, ENCRYPT application, 578
- Central Intelligence Agency web site, 854
- CERN WWW Consortium web site, 854
- CERT (Computer Emergency Response Team), 850851
- CERT FTP Archive site, 854
- CERT_DEPTH configuration keyword (PGP), 650
- certificate authorities
- CommerceNet, 570
- digital certificates, Secure Sockets Layer (SSL), 690691
- secure channels, obtaining, 574575
- U.S. Postal Service, 568569
- Verisign Corporation, 568569
- CFB (Cipher Feedback) encryption, 488
- CGIs (Common Gateway Interfaces), 735740
- access restriction, 743
- with HTTP, 740
- bypassing to ensure security, 745746
- dangers of, 737
- data protection, 751752
- decoding, 738739
- encoding, 738739
- environment variables, 741
- GET method of data input, vulnerability to hackers, 741742
- Internet Information Server (IIS) interfaces, 687
- libraries, 739740
- nobody UIDs, 743
- operations, 737738
- passing data
- via command-line arguments, 737
- via environment variables, 738
- via standard input streams, 738
- POST method of data input, vulnerability to hackers, 741742
- programming
- C, 750
- C++, 750
- PERL, 747750
- safe languages, 750751
- request logins, 753
- running
- under program owner UIDs, 744745
- with minimum privileges, 743744
- running from controlled file system, 744
- SSI (Server Side Includes), 746747
- vulnerability to hackers, 737, 740742
- web server trust relationships, 740
- CGIWrap utility, 745
- challenge/response authentication
- Internet Information Server (IIS), 690
- nonce, 677679
- shared secret, 677679
- Windows NT logon process, 677679
- characterizing attacks on network security, 378381
- CHARSET configuration keyword (PGP), 650
- chat scripts, 109110
- UUCP, 113116, 134135
- (double quotes), 114, 135
- defining, 113116, 134
- special characters, 114115, 135
- with TCP/IP, 116
- Chat-script (L.sys file field), 134
- Check Point Software Firewall-1, 270, 354355
- Checkpoint Software Technologies web site, 682, 856
- checksums
- collision-proof, 495
- crc32, 495
- des-mac, 496
- des-mac-k, 497
- Kerberos support for, 494497
- keyed, 495
- rsa-md4, 496
- rsa-md4-des, 496
- rsa-md4-des-k, 496
- rsa-md5, 496
- rsa-md5-des, 496
- chklastlog (audit trail analyzer), 160
- chkwtmp (audit trail analyzer), 160
- chmod command (UUCP), 126
- CIAC (Computer Incident Advisory Capability) group, 850
- archives, 405
- web site, 854
- ciphers
- block, 593594
- encrypted messages, 491
- stream, 593594
- ciphertext, 485
- circuit gateways for firewalls, 347348
- CISC (Complex Instruction Set Computing) CPUs, 723
- Cisco Systems
- packet filter vendor, 350352, 369
- web site, 576
- Ckpasswd FTP site, 854
- cksum field
- Kerberos ticket authenticators, 516
- KRB_SAFE message, 541
- class A addresses, 10
- class B addresses, 10
- class C addresses, 11
- class loader (Java), 720721
- classes
- addresses, 911
- fragile superclasses (C++), 709
- Internet Threat Levels, 375
- Java, 709
- methods, calling with Java, 718
- clauses (TIS Firewall Toolkit), 244
- netacl, 246
- plug-gw, 288289
- rlogin-gw application, 256
- smap, 336337
- tn-gw, 250251
- cleartext password mechanisms (Kerberos), 194
- CLEARSIG configuration keyword (PGP), 650
- clearsigning e-mail messages with PGP, 646647
- client applications (HTTP)
- non-proxy aware, 271272
- proxy aware, 272
- client requests, Kerberos Key Distribution Center, 526
- client/server authentication exchange (Kerberos), 533539
- clients
- authenticating
- in Kerberos networks, 533537
- to network services via Kerberos tickets, 513515
- Authentication Service exchange with Kerberos, 517520
- Ticket Granting Service exchange with Kerberos, 520526
- Clone command (Java Appletviewer), 730
- close (telnet command), 46
- CLOSE_WAIT (socket state), 38
- CLOSED (socket state), 38
- CLOSING (socket state), 38
- cname field
- Kerberos tickets, 514
- KRB_KDC_REP message, 533
- KRB_KDC_REQ message, 530
- COAST (Computer Operations, Audit, and Security Technology) project, 850
- web site, 854
- code listings
- dfmon daemon, 7680
- dfmon.cfg configuration file, 8084
- procmon command, 84
- code signing
- defined, 576577
- Microsoft Authenticode, 576577
- collision-proof checksums, 495
- COM files
- appending file viruses, 791
- computer viruses, 768
- infection process, 791
- overwriting file viruses, 792
- prepending file viruses, 791792
- commands
- ac, 149
- accton, 156
- administrative, 2942
- arp, 4041
- authentication server (TIS Firewall Toolkit), 280282
- authload, authentication server database management, 284286
- authmgr, manipulating authentication server database, 284
- Berkeley r-commands, 4245
- chmod (UUCP), 126
- cu (UUCP), 108, 113, 132134
- dig, 4142
- executing on remote systems, 4450
- finger, 3335
- history, 155
- hostname command, 15
- ICMP ECHO_REQUEST, 29
- ifconfig command, 1719, 3233
- inetd, 22
- Java Appletviewer, 730
- kill command, 64
- last, 149
- lastcomm, 156
- logging, 155157
- ls (UUCP), 107
- make install (TIS Firewall Toolkit), 237
- man, 66
- mesg, 433
- netstat, 26, 3538, 158159, 241
- nslookup, 27
- ping, 2931
- print, 6869
- processing, changing delay between, 71
- procmon, 8485
- ps, 52, 157
- rcmd, 45
- rcp, 43
- remote command execution, 139
- require, 71
- rlogin, 45
- rlogin command, 42
- rsh, 44
- ruptime command, 3132
- rwho, 32
- sa, 157
- showmount, 62
- sudo, 152
- switch user, 152
- TCP/IP catagories, 28
- telnet, 4550
- tn-gw application (TIS Firewall Toolkit), 252
- traceroute, 3839
- uname (UUCP), 102
- user commands, 42
- uucico (UUCP), 116
- uuclean, 140
- uustat, 129
- uutry (UUCP), 116
- who, 76
- COMMANDS (Permissions file keyword), 122
- COMMENT configuration keyword (PGP), 650
- comments, inserting in TIS Firewall Toolkit applications, 244
- CommerceNet
- certificate authorities, 570
- web site, 570
- Common Gateway Interfaces, see CGIs
- comp.protocols.kerberos, 857
- comp.security.announce, 857
- comp.security.firewalls, 857
- comp.security.misc, 857
- comp.security.unix, 857
- companion viruses
- file renaming process, 803804
- propogation, 803804
- versus file viruses, 803804
- comparing executable files with integrity checkers, 827831
- compilers (Java), 707, 716719
- compiling
- authentication servers (TIS Firewall Toolkit), 277
- under BSDI, 236
- under SunOS, 236
- with Java, 713719
- complete trust relationships, PGP keys, 621622, 630
- COMPLETES_NEEDED configuration keyword (PGP), 650
- COMPRESS configuration keyword (PGP), 651
- compressing e-mail messages with PGP, 638
- Computer Emergency Response Team, see CERT
- Computer Incident Advisory Capability group, see CIAC group
- Computer Operations, Audit, and Security Technology project, see COAST project
- Computer Systems Consulting web site, 854
- Computer Virus Help Desk web site, 604
- computer viruses
- assembly language, 757758
- boot record type, repairing, 833836
- classes, polymorphic, 812813
- companion, 803804
- date driven, 757758
- defined, 757758
- DOS
- COM files, 768
- EXE files, 768769
- SYS files, 769774
- viruses in Windows NT environment, 842845
- file types, 790803
- hardware evolution, 757758
- IBM PC types, 773809
- boot record, 773774
- floppy boot record, 774782
- master boot record, 786789
- partition boot record, 782786
- infected floppy disks, repairing, 833834
- known DOS viruses, 804805
- macros, 770773
- data files, 757758
- new versus old, 770773
- repairing, 837
- versus assembly language programs, 772773
- malfunctioning, 805
- master boot record, repairing, 834835
- memory resident programs (TSRs), 765767
- multipartite, 820
- native variety (Windows NT), 846
- partition boot record, repairing, 835
- potential damage, 804805
- read stealth, repairing, 836837
- replication methods, 757758
- result of bad programming, 804805
- retro type, 819
- slow type, 817819
- sources, 758
- stealth, 813815
- targeting
- MBRs, 763
- PBRs, 765
- Windows NT operating system overview, 838846
- worm programs, 808809
- writer demographics, 758
- see also anitvirus programs
- concept virus
- FileSaveAs macro, 807808
- infection process, 806807
- in global macro pool, 807808
- confidential data, sniffing, 178
- confidentiality, cryptography goals, 566567
- config directory (SATAN), 443
- configuration files
- dfmon.cfg, 8084
- /etc/ethers, 20
- /etc/exports, 62
- /etc/ftpusers, 48
- /etc/hosts, 1920
- /etc/hosts.equiv, 23
- /etc/hosts.lpd, 25
- /etc/inetd.conf, 2223
- /etc/inittab, 57
- /etc/networks, 2021
- /etc/passwd, 24
- /etc/pcnfsd.conf, 62
- /etc/printcap, 25
- /etc/procmon.cfg, 70
- /etc/protocols, 21
- /etc/rc, 55
- /etc/sendmail.cf, 60
- /etc/service, 2122
- /etc/sockcf, 25
- /etc/strcf, 25
- /etc/syslog.conf, 28, 59
- .netrc, 49
- pound (#) symbol, 20
- procmon.cfg, 70
- procmon.cmd, 70
- .rhosts, 23
- syslog.conf, 150
- /usr/mmdf/mmdftailor, 61
- configurations
- authentication server (TIS Firewall Toolkit), 277
- DNS, for smap client application (TIS Firewall Toolkit), 269271
- firewalls, for NTP server time updates, 241
- ftp-gw application (TIS Firewall Tookit), 259264
- http-gw application (TIS Firewall Toolkit), 270275, 325327
- netacl application (TIS Firewall Toolkit), 245249
- PGP, 649654
- plug-gw application (TIS Firewall Toolkit), 288289
- rlogin-gw application (TIS Firewall Toolkit), 255259
- SATAN, 462464
- smap client application (TIS Firewall Toolkit), 265267
- smapd application (TIS Firewall Toolkit), 267269
- TCP/IP for TIS Firewall Toolkit, 242243
- TIS Firewall Toolkit, preparing for, 238242
- tn-gw application (TIS Firewall Toolkit), 249255
- x-gw application (TIS Firewall Toolkit), 275276
- configuring
- firewalls, 358359
- interfaces for networks, 1719
- Internet proxy servers, 683684
- modems (UUCP Devices file), 105107
- Proxy Server
- hardware configurations, 692
- ports, 686
- TLIS connections (UUCP systems), 141142
- trust relationships, 671672
- user accounts, User Manager (Windows NT), 672
- UUCP, 105, 131
- over TCP/IP, 141142
- Windows NT
- ports, 685686
- services, 684685
- confounders, encryption type, 491
- connecting
- public web servers via Internet Information Server (IIS), 682683
- segments, one-way trust, 186187
- to FTP sites
- with ftp-gw application (TIS Firewall Toolkit), 263
- with netacl, 247249, 264
- to Gopher sites with http-gw application (TIS Firewall Toolkit), 270275
- to newsgroups with plug-gw application (TIS Firewall Toolkit), 289292
- to remote hosts with rlogin-gw application (TIS Firewall Toolkit), 258
- to Telnet sites with tn-gw application (TIS Firewall Toolkit), 252253
- to WWW sites with http-gw application (TIS Firewall Toolkit), 270275
- connections
- NNTP with plug-gw application (TIS Firewall Toolkit), 289292
- POP with plug-gw application (TIS Firewall Toolkit), 292294
- TCP
- preventing remote access to local services, 396
- via modems, 430
- via proxy servers, 418
- vulnerability to hackers, 383
- UDP, preventing remote access to local services, 396
- constant pool memory area, JVM stacks, 728734
- continuous monitoring with ARP spoofing, 208209
- Control Panel (SATAN), 457
- conventional encryption, e-mail messages with PGP, 640
- converting web servers from root to controlled file systems, 744
- COPS FTP site, 854
- program overview, 379
- copy protection, 25
- corruption of DNS caches, 438
- Counterpane web site, 599
- Courtney (SATAN scan detection program), 413
- cpd daemon, 25, 58
- CPUs (central processing units)
- integrating with JVMs, 723
- logging time consumption, 157
- requirements for daemons, 53
- Crack program, 379
- cracking user account passwords, 379
- crc32 checksums, 495
- crealm and cname field, Kerberos ticket authenticators, 516
- crealm field
- Kerberos tickets, 514
- KRB_KDC_REP message, 533
- creating
- network segmentation with sniffing barriers, 183
- trust relationships, 671672
- Windows NT domains, 670671
- crit (syslog file severity level), 151
- cron (syslog file facility), 151
- cron daemon, 58
- cron utility, Unix audit logs, 153
- crontab files (UUPC), 58, 128129
- logging usage, 153
- cross checking DNS servers for spoofing, 220221
- cryptanalysis
- attacks
- adaptive chosen plaintext, 602604
- analysis, 601603
- chosen plaintext, 602604
- ciphertext only, 602604
- known plaintext, 602604
- ciphertext techniques, 563
- algebraic attacks, 602603
- differential, 602603
- linear, 602603
- overview, 601603
- CryptoAPI, Windows NT Directory Services features, 696
- cryptographic algorithm, 563
- cryptography
- electronic commerce, 564
- goals
- authentication, 566567
- confidentiality, 566567
- message integrity, 566567
- non-repudiation, 566567
- Internet transmissions, 564
- tools
- digital certificates, 566567
- digital signatures, 566567
- secure channels, 566567
- cryptolopes, 577
- cryptosystems, 563
- trap doors, 563564
- ctime field
- Kerberos ticket authenticators, 516
- KRB_AP_REP message, 539
- cu command (UUCP), 108, 113, 132134
- cusec field
- Kerberos ticket authenticators, 516
- KRB_AP_REP message, 539
- customizing Internet Information Server (IIS) directory structure, 688689
- Cypherpunks web site, 854
D
- -d (ping command option), 29
- -d debug hole, sendmail program, 381
- -d host (arp command options), 40
- daemon (syslog file facility), 151
- daemons, 9, 5257
- bdflush, 57
- BOOTP, 26
- compared to programs, 52
- cpd, 25, 58
- CPU requirements, 53
- creating
- Bourne shell, 6367
- devices, 64
- input/output files, 63, 6869
- PERL programming language, 6772
- trapping signals, 6466, 69
- cron, 58
- deliver, 61
- dfmon, 66
- file descriptors, 63
- getty, 61
- inetd, 61
- init, 57
- ldsocket, 25
- lockd, 62
- lpd, 25, 58
- lpsched, 58
- mountd, 62
- named, 27
- networks, exploitation by hackers, 395
- NFS server, 62
- nfsd, 62
- pcnfsd, 62
- preventing shutdowns, 6768
- procmon, 6972, 8496
- RARP, 26
- required during system boot
- HP-UX, 5455
- SCO Unix, 5556
- SunOS, 53
- Reverse Address Resolution Protocol, 20
- rlogind, 61
- routed, 2627, 61
- rpc.statd, 62
- RWHO, 28
- sco_cpd, 58
- sendmail, 47, 60, 153
- slink, 25
- SNMP, 26
- starting Internet super-server, 2223
- statd, 62
- swapper, 57
- syslog, 28, 5960
- syslogd, 150
- update, 57
- uudemon.cleanup (UUCP), 129
- uudemon.poll (UUCP), 129
- DARPA (Defense Projects Advanced Research Agency), 89, 21
- Data Encryption Standard (DES), 487489
- 64-bit inputs, 594597
- adoption by U.S. government, 594597
- algorithm, 594597
- processing, 595597
- alternatives, 598599
- bits reduction, 597599
- brute force attacks, 596597
- DESX version, 597599
- development, 594597
- Federal Information Processing Standard 46 (FIPS), 594597
- keys, 594597
- web resources, 597599
- data exchange on TCP connections, 227
- data files and computer viruses, 767
- databases
- authentication server (TIS Firewall Toolkit) management, 284286
- SATAN, 458
- facts records, 467470
- host records, 470471
- records, 467471
- todo records, 471
- datagrams, forging, 227228
- Datakey, Inc. web site, 574
- DDN Network Information Center, 21
- DDN Security Bulletins FTP site, 854
- deactivating route spoofing, 210211
- -debug command (ifconfig), 18
- debug (syslog file severity level), 152
- debug command (ifconfig), 18
- debugging
- broadcast storms, 159
- enabling, 18
- networks, 159
- connections, 40
- permission files (UUCP version 2), 137
- UUCP network connections, 116117
- checking file ownership, 117
- displaying error messages, 116, 135
- log files, 126128
- DEC Ultrix Kerberos, 498, 500
- decentralized organizations and router implementation, 350352
- deciphering symmetric encryption, 580581
- decoding CGIs, 738739
- decrypting e-mail messages
- with PGP, 616617, 643645
- without saving to file, 648
- defaults
- netmask addresses, 12
- permissions, 120121
- deleting ARP cache entries, 202
- deliver daemon, 61
- deploying
- insecure segments, 187
- segments, case study, 187190
- des-cbc-crc encryption systems, 493
- des-cbc-md4 encryption systems, 494
- des-cbc-md5 encryption systems, 494
- des-mac checksums, 496
- des-mac-k checksums, 497
- DESlogin 1.3, zero-knowledge authentication mechanisms, 194195
- -dest pattern host access rule, tn-gw application (TIS Firewall Toolkit), 254
- dest-address command (ifconfig), 18
- detached signatures (PGP), 647648
- detecting
- ARP spoofing, 201, 205209
- host level active detection, 206
- host level passive detection, 205
- network-level detection, 207
- server level detection, 206
- network security holes, 387409
- via public documentation, 407418
- SATAN scans, 413414
- Device (BNU Devices file field name), 106
- Device (L-devices file field), 132
- DEVICE FAILED (UUCP log file error message), 127
- DEVICE LOCKED (UUCP log file error message), 127
- devices
- creating, 64
- defining local networks, 107
- UUCP
- devices allowed, 134
- file ownership, 107
- Devices (Basic Networking Utilities file), 98
- Devices file (UUCP), 105107
- dfmon daemon, 66
- code listings, 7680
- configuration file, code listings, 8084
- installing, 76
- dial-out facilities, logging usage, 153
- Dialcodes (Basic Networking Utilities file), 99
- Dialcodes file (UUCP), 112113
- DIALER SCRIPT FAILED (UUCP log file error message), 127
- dialer-token pairs (BNU Devices file field name), 106
- Dialers (Basic Networking Utilities file), 99
- Dialers file (UUCP), 108110
- differential cryptanalysis, 602603
- Diffy-Hellman algorithm, 194
- dig command, 4142
- Digital Altavista Firewall, 354355, 369
- digital certificates
- class levels, 570
- cryptography tools, 566567
- message processing, 569
- obtaining, 569570
- Secure Sockets Layer (SSL), 690691
- digital envelope, 577
- Digital Pathways web site, 574
- Digital Signature Initiative (DSig), 576
- digital signatures, 571572
- as solution to hardware address spoofing, 197
- attaching to e-mail messages with PGP, 637643
- cryptography tools, 566567
- e-mail messages, 613614
- hash functions
- message digest algorithms (MDAs), 571572
- Secure Hash Algorithm (SHA), 571572
- message integrity, 571572
- removing from PGP keys, 633634
- digital time stamping of e-mail messages, 572
- direct action infectors
- file virus types, 795799
- indicators, 799802
- infection process, 799802
- directories
- e-mail, world-writeable, vulnerability to hackers, 384
- hierarchies (Windows NT), 694696
- SATAN
- bin, 444445
- config, 443
- html, 445
- html/admin, 450
- html/data, 450
- html/docs, 445446
- html/dots, 446447
- html/images, 447
- html/reporting, 447448
- html/running, 448449
- html/tutorials, 449
- html/tutorials/vulnerability, 449
- include, 443
- perl, 454455
- perllib, 444
- rules, 443
- src, 450
- src/boot, 450
- src/fping, 452453
- src/misc, 451
- src/nfs-chk, 451
- src/port_scan, 452
- src/rpcgen, 453
- src/yp-chk, 453454
- top-level, 442
- structure (Internet Information Server)
- customizing, 688689
- home, 688689
- private, 688689
- disabling
- inetd services, 240
- Windows NT services, 684685
- discontinuing ARP requests, 201
- disk buffers, flushing, 57
- disk monitor daemons, Bourne shell, 6367
- disk file maintenance, 128129, 140141
- display (telnet command), 46
- displaying ARP cache entries, 202
- distributing keys (PGP), 612613
- DNS (Domain Name Service) servers, 14, 27
- cache corruption, 438
- configuring for smap client application (TIS Firewall Toolkit), 269271
- domain names, resolving, 15, 218219
- FQDN (fully qualified domain name), 19
- host name resolution, 218
- intranet implementation (Windows NT), 679
- name resolution
- iterative, 219
- query efficiency, 219
- recursive, 219
- SATAN scans, 419
- searchlists, security issues, 434
- security problems, 221
- misdirected queries, 221
- spoofing
- active attacks, 222223
- cross checking, 220221
- passive attacks, 221222
- preventing, 220221
- rlogin protocol vulnerability, 192
- scenarios, 220221
- spoofing defenses
- Berkeley Internet Name Daemon (BIND), 225
- cached entries limitations, 223225
- discontinued use, 223225
- selective caching, 224225
- Domain Information Groper, 4142
- domains (Windows NT)
- account configurations, 669670
- administrative responsbilities, 669670
- audit configurations, 669670
- creating, 670671
- defined, 669670
- trust relationships
- creating, 671672
- Windows NT, 669670
- DOS (Disk Operating System)
- audit trail utilities, 166167
- COM files, computer viruses, 768
- conventional memory
- Memory Control Block (MCB), 796799
- EXE files, computer viruses, 768769
- file viruses
- potential damage to Windows NT system, 844845
- Windows NT environment, 842845
- SYS files, computer viruses, 769770
- dotted decimal address, 11
- double quotes () in chat scripts, 114, 135
- down command (ifconfig), 18
- downloading
- Blowfish cipher, 599
- Proxy Server, 694696
- SATAN, 441442
- drop files, SATAN scan rulesets, 472
- dropper programs (Windows NT)
- boot record viruses, 840
- master boot record viruses, 838
- Dynamic Host Configuration Protocol (DHCP), 680
- dynamic web pages
- Internet Information Server (IIS), 686
- Java capabilities, 712713
E
- e-data field, KRB_ERROR message, 550
- e-mail (electronic mail)
- delivery, 61
- interaction with Java, 734
- messages
- clearsigning with PGP, 646647
- compressing with PGP, 638
- conventional encryption with PGP, 640
- decrypting with PGP, 616617, 643645
- decrypting without saving to file, 648
- detached signatures with PGP, 647648
- digital signatures, 613614, 637
- encrypting with PGP, 615616, 637, 642643
- filtering with PGP, 637638
- non-repudiation, 613
- public key encryption, 641642
- sending with PGP, 639
- signing with PGP, 640643
- verifying with PGP, 616617, 643645
- reports with TIS Firewall Toolkit, 303304
- sendmail daemon, 60
- TIS Firewall Toolkit applications, 264270
- world-writeable directories, vulnerability to hackers, 384
- e-text field, KRB_ERROR message, 550
- eavesdroppers and cryptography, 564565
- ECB (Electronic Codebook) encryption, 488
- editing makefiles (TIS Firewall Toolkit), 236
- electronic commerce
- Digital Signature Initiative (DSig), 576
- growth of cryptography, 564
- Secure Electronic Transaction (SET) protocol, 576577
- emerg (syslog file severity level), 151
- enc-authorization-data field, KRB_KDC_REQ message, 530
- enc-part field
- Kerberos tickets, 514
- KRB_AP_REP message, 538
- KRB_CRED message, 546
- KRB_KDC_REP message, 533
- KRB_PRIV message, 543
- ENC-TKT-IN-SKEY field, Kerberos tickets, 527
- ENC-TKT-IN-SKEY flag (Kerberos), 512
- encapsulation, 18
- encoding
- CGIs, 738739
- transited fields in Kerberos Ticket Granting Service exchange, 525
- ENCRYPT program (CD_ROM), 578
- deciphering symmetric encryption, 580581
- monoalphabetic substitution (symmetric encryption), 584589
- substitution (symmetric encryption), 582584
- transposition, 578
- encrypted passwords
- implementing, 193194
- mechanisms, SRA (Texas A&M), 194
- public key cryptography, 193194
- encrypted tunnels on virtual private networks (VPNs), 360361
- encryption, 558
- asymmetric key, 558559
- asymmetrical, 195
- CBC (Cipher Block Chaining), 488
- certificate-based transactions, processing, 569
- CFB (Cipher Feedback), 488
- confounders, 491
- conventional encryption, e-mail messages via PGP, 640
- DES, 487489, 594597
- des-cbc-crc systems, 493
- des-cbc-md4 systems, 494
- des-cbc-md5 systems, 494
- digital certificates, obtaining, 568570
- digital time stamping, 572
- drawbacks, 195
- e-mail messages with PGP, 615616, 637, 642643
- ECB (Electronic Codebook), 488
- exporting programs for, 489490
- IDEA cryptosystem, 597599, 607, 640
- Internet tunnels, 575576
- Kerberos
- keys, 492493
- networks, 485497
- specifications, 491492
- systems, 493494
- national security issues, 485
- non-reversible, 560
- NULL systems, 493
- obtaining public keys, 568569
- OFB (Output Feedback Mode), 488
- one-way, 561562
- PGP (Pretty Good Privacy) program, 605606
- armor mode, 639
- binary distribution, 609611
- binary files, vulnerability to hackers, 657
- clearsigning e-mail messages, 646647
- compressing e-mail messages, 638
- configurations, 649654
- conventional encryption, 640
- decrypting e-mail messages, 616617, 643645
- detached signatures, 647648
- encrypting e-mail messages, 615616, 642643
- filtering e-mail messages, 637638
- For Her Eyes Only messages, 648
- history of, 606608
- keys, adding to public key rings, 614615, 626628
- keys, distributing, 612613
- keys, extracting keys from public key rings, 628629
- keys, fingerprints, 635636
- keys, generating, 611612, 623626
- keys, pass phrases, 624
- keys, management, 622637
- keys, removing from key rings, 633634
- keys, removing signatures from, 633634
- keys, revoking, 636637
- keys, signing, 629632
- keys, trust relationships, 620622, 630
- keys, userids, 624626
- keys, verifying, 635636
- naming keys, 618619
- pass phrases, 610
- practical applications, 607608
- processing binary files, 638639
- processing text files, 638639
- public key rings, 619, 633656
- public keyservers, 658
- secret key rings, 620, 632633, 655656
- security, 654657
- sending e-mail messages, 639
- signing e-mail messages, 640643
- verifying e-mail messages, 616617, 643645
- Windows front-end applications, 659
- wiping files, 648649
- public key, 195, 486, 558559, 608, 641642
- secret key, 486487, 561, 608
- Secure Sockets Layer (SSL), 195
- Internet Information Server (IIS), 687688
- symmetric key, 558559
- vulnerability to hackers, 438439
- ENCRYPTTOSELF configuration keyword (PGP), 651
- endtime field
- Kerberos tickets, 514
- KRB_CRED message, 546
- environ (telnet command), 46
- environment variables (CGIs), 741
- equivalency, 2325
- err (syslog file severity level), 152
- error messages
- displaying uucico command (UUCP), 116, 135
- UUCP log files, 127128
- error-code field, KRB_ERROR message, 550
- Esniff.c, sniffing software, 176
- ESTABLISHED (socket state), 38
- /etc/ethers network configuration file, 20
- /etc/exports configuration file, 62
- /etc/ftpusers network configuration file, 48
- /etc/hosts network configuration file, 1920
- /etc/hosts.equiv network configuration file, 23
- /etc/hosts.lpd network configuration file, 25
- /etc/inetd.conf network configuration file, 2223
- /etc/inittab configuration file, 57
- /etc/networks network configuration file, 2021
- /etc/passwd network configuration file, 24
- /etc/pcnfsd.conf configuration file, 62
- /etc/printcap network configuration file, 25
- /etc/procmon.cfg configuration file, 70
- /etc/protocols network configuration file, 21
- /etc/rc configuration file, 55
- /etc/sendmail.cf configuration file, 60
- /etc/service network configuration file, 2122
- /etc/sockcf network configuration file, 25
- /etc/strcf network configuration file, 25
- /etc/syslog.conf configuration file, 59
- /etc/syslog.conf network configuration file, 28
- EthDump, sniffing software, 176
- Ethernet, 8
- addresses, 20
- firewall architecture, 346347
- sniffers, 159160
- EthLoad, sniffing software, 176
- etype field
- encrypted messages, 491
- KRB_KDC_REQ message, 531
- eval statement, PERL CGI programming, 749
- evaluating firewall protocol paths, 356357
- Event Viewer application (Windows NT), 163164
- Excel for Windows, macro virus infection process, 806807
- exclamation point (!) in procmon.cmd files, 71
- exclamation point (!) in UUCP addresses, 101102
- exclamation point (!) telnet command, 46
- EXE files
- Code Segment (CS), 768769
- computer viruses, 768769
- entry points for file viruses, 793794
- Instruction point (IP), 768769
- integrity checkers, 827831
- repairing virus infections, 836
- execute permission, Internet Information Server (IIS), 689
- executing code with Java, 722
- execution environment, JVM stacks, 727
- expect-send pairs, 113116, 134135
- expiration of Kerberos tickets, 519
- exporting encryption programs, 489490
- extensions, adding SATAN scans, 474475
- External Gateway Protocol (EGP), 217
- external routing protocols, 211213
- case studies, 217
- extracting PGP keys from public key rings, 628629
F
- -f (finger command option), 34
- -f (ping command option), 29
- -f address-family (netstat command options), 35
- -f file (arp command options), 40
- factoring process, RSA public key cryptography, 603
- facts files, SATAN scan rulesets, 468473
- FAQs (Frequently Asked Questions), Secure Shell program, 416
- Farmer, Dan (co-creator of SATAN), 411
- FAT (File Allocation Table), boot record viruses, 841
- FBI web site, 854
- FDISK utility, master boot record, repairing, 834835
- Federal Information Processing Standard 46 (FIPS), 594597
- fields
- Kerberos ticket authenticators, 516
- KRB_AP_REP message, 538539
- KRB_AP_REQ message, 537538
- KRB_CRED message, 546
- KRB_ERROR message, 549
- KRB_KDC_REP message, 533
- KRB_KDC_REQ message (Kerberos), 529531
- KRB_PRIV message, 543544
- KRB_SAFE message, 541
- tickets (Kerberos), 514515
- transited, encoding in Kerberos Ticket Granting Service exchange, 525
- file allocation table (FAT), 760
- file servers
- boot viruses, 811
- file virus infection on networks, 809810
- macro viruses, spreading, 812
- file systems on networks
- unpriveleged access scans by SATAN, 422423
- unrestricted exports, scanning with SATAN, 423
- vulnerability to hackers, 401402
- File Transfer Program (ARPANET), 47
- file viruses
- COM files
- appending virus, 791
- overwriting virus, 792
- prepending virus, 791792
- DOS
- potential damage to Windows NT system, 844845
- variety in Windows NT environment, 842845
- EXE files entry points, 793794
- executables, repairing, 836
- infection process, 795799
- integrity checkers, detection rate, 828831
- intended functions, 795799
- network file servers, 809810
- peer-to-peer networks, 810
- potential for damage, 790
- read stealth type, repairing, 836837
- replication process, 790
- SYS files entry points, 794
- types
- direct action, 795802
- memory resident infectors, 795799, 802803
- Windows 3.1 type in Windows NT environment, 845
- files
- copying remote terminals, 43
- crontab, 58
- crontab (UUCP), 128129
- deleting UUCP file maintenance, 129
- descriptors, 63
- closing, 68
- opening, 68
- file system
- client requests, 62
- mount requests, 62
- listing open, lsof program, 160
- logging access to httpd service (Windows NT), 165
- logging file system changes, 161
- ownership of UUCP devices, 107
- permission (UUCP version 2), 136139
- repairing with integrity checkers, 829831
- status (UUCP), 119, 135
- syslog.conf, 5960
- transfer statistics logs, 154
- transferring, 4750
- system security, 124
- UUCP (Unix to Unix CoPy), 101103
- see also TCP/IP
- UNIX audit logs, 148155
- USERFILE (UUCP version 2), transfer entries, 138
- UUCP (Unix to Unix CoPy)
- devices, 105107
- dialers, 108110
- systems, 110113
- wiping with PGP, 648649
- filtering
- e-mail messages with PGP, 637638
- ports, 685686
- Proxy Server options
- deny access, 692693
- grant access, 692693
- FIN_WAIT_1 (socket state), 38
- FIN_WAIT_2 (socket state), 38
- financial account numbers, sniffing, 177178
- finger command, 3335
- finger program, exploitation by hackers, 399
- fingerd program, buffer vulnerability to hackers, 382
- fingerprints, PGP keys, 635636
- firewalls
- alert capabilities, 361
- application level proxies, 356357
- performance guidelines, 365366
- product comparisions, 365366
- application proxies, 348
- architecture, 346347
- application gateways, 353
- router-based, 349350
- stateful packet filters, 352
- authentication mechanisms, 360361
- Check Point Software Firewall-1, 354355, 370
- circuit gateways, 347348
- Cisco 2500, 369
- configuring, 358359
- for NTP server time updates, 241
- Digital AltaVista Firewall, 354355, 369
- flexibility in product comparisons, 359361
- Global Internet Centri, 354355, 370
- GUI, comparison between products, 358359
- imact of Java, 733
- internal network security, 681682
- intrusive proxies, 357
- ISS SAFESuite, scanning capabilities, 368370
- Livermore Software Laboratories PORTUS, 354355, 370
- Livingston IRX, 369
- Milkyway Networks Black Hole, 354355, 370
- Network Address Translation (NAT), 356
- Network-1 Firewall/Plus, 354355, 370
- non-intrusive proxies, 357
- Opus One Consulting, 346
- packet filtering, 347
- performance guidelines, 364365
- product comparisons, 364365
- performance guidelines, 362363
- data benchmarks, 363
- multiple stream environments, 363
- proxy capabilities, 363
- single stream environments, 363
- personal tunneling, 360361
- protocol paths, 356357
- Raptor Eagle, 354355
- reporting capabilities, 361
- routers, decentralized organizations, 350352
- security assesments, 367368
- selection criteria, 348349
- stateful packet filters versus transport firewalls, 355356
- summary evaluation of product comparisons, 369370
- TIS Firewall Toolkit, 234238
- authentication server, 276288
- authmgr client application, 310311
- authsrv, 311318
- compiling under BSDI, 236
- compiling under SunOS, 236
- disabling IP address forwarding, 242243
- disabling inetd services, 240
- FTP site, 408
- ftp-gw application, 259264, 318322
- Help, 305306
- http-gw, 322328
- http-gw application, 270275
- installation, 237238
- login-sh application, 328329
- mailing lists regarding, 306
- netacl application, 245249, 330331
- netperm table, 244245, 306310
- netscan utility, 295
- newsgroups regarding, 305
- plug-gw application, 288294, 332333
- preparing for configuration, 238242
- preventing DNS spoofing, 245
- report utilities, 296310
- rlogin-gw application, 255259, 334335
- smap client application, 265, 336337
- smapd application, 267, 337339
- TCP/IP configurations, 242243
- tn-gw application, 249255, 339342
- web site, 852
- x-gw application, 342343
- x-gw applications, 275276
- TIS Gauntlet, 370
- transport level proxies, 356357
- performance guidelines, 365366
- product comparisions, 365366
- Trusted Information Systems Gauntlet, 354355
- trusted traffic, 356357
- Unix-based, 354355
- untrusted traffic, 356357
- versus port filtering, 686
- virtual private networks (VPNs), 360361
- vulnerability to SATAN, 417418
- Windows NT-based, 354355
- FIRST (Forum of Incident and Response Security Teams), 851
- flags, tickets (Kerberos), 509512
- flags field
- Kerberos tickets, 514
- KRB_KDC_REP message, 533
- floppy boot record viruses, 774782
- antivirus program overview, 835836
- infection process, 774780
- new items, infecting, 780782
- potential damage, 782
- repairing, 782
- floppy disks
- BIOS, 761762
- boot records, 760
- booting process, 761762
- elements
- clusters, 759
- heads, 759
- sectors, 759
- tracks, 759
- file allocation table (FAT), 760
- infected, repairing, 833834
- logical format, 760
- boot record, 760
- file allocation table (FAT), 760
- partition table, 760
- root directories, 760
- Power-On Self Test, 761762
- root directories, 760
- viral bootstrap programs, 762
- virus target, 762
- For Her Eyes Only messages (PGP), 648
- FORCE command-line option (PGP), 653
- forging TCP datagrams, 227228
- Form virus, partition boot record viruses, 786
- Forum of Incident and Response Security Teams, see FIRST
- FORWARDABLE field, Kerberos tickets, 526
- FORWARDABLE flag, Kerberos tickets, 509512
- forwardable tickets (Kerberos), 511512
- FORWARDED field, Kerberos tickets, 526
- FORWARDED flag, Kerberos tickets, 509512
- forwarding
- IP addresses, disabling for TIS Firewall Toolkit, 242243
- IP forwarding, exploitation by hackers, 405
- fping command, hacker exploitation of, 389
- FQDN (fully qualified domain name), 19
- fragile superclasses (C++), 709
- Fremont (network security evaluation system), 412
- web site, 854
- from field, KRB_KDC_REQ message, 531
- FTP (File Transfer Protocol), 4750
- access records, 149
- anonymous FTP, vulnerability to hackers, 420
- anonymous mode, 47
- connections, logging (Windows NT), 164
- Internet Information Server (IIS), 686
- ftp (syslog file facility), 151
- ftp daemon, Unix audit logs, 154
- FTP proxy application, see ftp-gw application (TIS Firewall Toolkit)
- ftp sites
- Argus, 414, 854
- binary files, integrity of, 439440
- Bones, 499
- CERT, 850854
- CIAC group, 850
- Ckpasswd, 854
- COAST project, 850
- connecting to
- with ftp-gw application (TIS Firewall Toolkit), 263
- with netacl, 247249, 264
- COPS, 854
- DDN Security Bulletins, 854
- FIRST, 851
- Fremont network security evaluation system, 412
- Greatcircle, 855
- ISS network security evaluation program, 412
- Kerberos Information, 855
- NEC Security Tools, 855
- netlog program, 414
- network security-related, 386
- SATAN, 441442
- Secure Shell program, 416, 856
- Secure telnet, 856
- SNMP FTP Archives, 856
- socks IP encapsulation program, 418
- TCP wrappers (SATAN scan detection program), 414
- Texas A&M University Security Archives, 856
- TIS FTP Archive, 856
- usage reports (TIS Firewall Toolkit), 302
- Vince Cates Security Page, 856
- Wietse Venema (co-creator of SATAN), 411, 856
- Xinetd SATAN scan detection program, 414
- ftp-gw application (TIS Firewall Toolkit), 259264, 318
- authentication, 321322
- configurations, 259264
- host access rules, 261262
- installation, 322
- options, 319321
- rules, 260
- verifying operation of, 262263
- ftpd
- Kerberos, 552
- password files, 431
- scanning with SATAN, 420422
- vulnerability to hackers, 383384, 391393
- fully qualified domain name (FQDN), 19
- functions
- http-gw application (TIS Firewall Toolkit), 274
- PGP key management, 622
G
- Gabriel (SATAN scan detection program), 413
- web site, 854
- garabage collected heap, JVM stacks, 727
- garbage collector (Java), 701, 710
- GateD Consortium web site, 215
- downloading, 215216
- RIP daemon, 215216
- gateways, 27
- Gene Spafford web page, 855
- generating key pairs (public key cryptography), 600601
- generic decryption (GD)
- market popularity, 824826
- polymorphic viruses, 824826
- virus detection process, 824826
- genUSER program, password files, code listings, 144145
- GET method (CGI data input), vulnerability to hackers, 741742
- getty daemon, 61
- global groups (Windows NT), 673
- Global Internet Centri, 354355, 370
- Gopher
- http-gw application functions (TIS Firewall Toolkit), 327
- sites, connecting to with http-gw application (TIS Firewall Toolkit), 270275
- Greatcircle FTP site, 855
- gtimes program, code listings, 142144
- GUI (graphical user interface), firewall comparison between products, 358359
H
- hackers
- ARP spoofing, 198199
- cryptography, 564565
- rlogin protocol problems, 192193
- hard drives
- master boot record, 762763
- repairing, 834835
- partition boot record viruses, 765
- repairing, 835
- hardware
- ARP spoofing process, 198199
- floppy disk elements, 759
- hardware address spoofing, 196197
- active hub mechanisms, 197
- countermeasures, 197
- digital signature solution, 197
- hardware barriers
- ARP spoofing, 203204
- bridges
- cost, 190
- installing, 190
- versus routers, 190
- versus switches, 190
- mutually trusting machines, sniffing, 186
- secure user segments, sniffing, 184185
- hardware requirements, Internet connections (Windows NT), 680682
- hash functions (digital signatures)
- message digest algorithms (MDAs), 571572
- Secure Hash Algorithm (SHA), 571572
- Help (TIS Firewall Toolkit), 305306
- heurisitic scanners
- rating criteria, 832833
- virus identification process, 832833
- zero percent false identification rate, 832833
- hierarchies, Windows NT directories, 694696
- history command, 155
- history logs, Unix audit logs, 155
- holes in network security, 381385
- detecting, 387409
- mailing lists regarding, 386
- newsgroups regarding, 386
- HoneyDanBer (HDB) UUCP, 98
- host access rules
- ftp-gw application (TIS Firewall Tookit), 261262
- http-gw application (TIS Firewall Toolkit), 273
- rlogin-gw application (TIS Firewall Toolkit), 258259
- tn-gw application (TIS Firewall Tookit), 253254
- host addresses (Kerberos), 547548
- host equivalence file, rlogin protocol, 191192
- Host Equivalency, 2324
- host level active detection, ARP spoofing, 206
- host level passive detection, ARP spoofing, 205
- host records, SATAN databases, 470471
- host tables, 14
- hostname command, 15
- hostnames, 102
- aliases, 1920
- assigning, 1920
- domain names, 15
- guidelines for Internet Request for Comments (RFC), 15
- hacker access to, 387389
- host tables, 14
- hostname command, 15
- networks, 1415
- translating into IP addresses, 14
- validating UUCP Permissions file, 124
- hosts
- addresses, 9
- octets, 1011
- ICMB configurations, 210211
- name resolution, DNS servers, 218
- network traffic logs, 158159
- network services, 2122
- hosts.equiv files, user accounts, vulnerability to hackers, 382
- hosttype files, SATAN scan rulesets, 473
- HPFS (High Performance File System), boot record viruses, 841842
- HTML (HyperText Markup Language) directories (SATAN), 445465
- HTTP (HyperText Transfer Protocol)
- client applications
- non-proxy aware, 271272
- proxy aware, 272
- integration with Java, 733
- Internet Information Server (IIS), 686
- restricting access to CGIs with, 740
- http-gw (HTTP proxy application), 322328
- configurations, 270275, 325327
- functions, 274
- Gopher functions, 327
- host access rules, 273
- installation, 328
- interaction with non-proxy aware HTTP clients, 271272
- interaction with proxy aware HTTP clients, 272
- operations, 323324
- options, 323
- reports, 302
- rules, 271
- security, 327328
- HTTPD servers
- SSL, vulnerability to hackers, 382
- Unix audit logs, 155
- Windows NT service, 165
- HW-AUTHENT flag, Kerberos tickets, 510512
I
- -i (finger command option), 34
- -i (netstat command options), 35
- -I interface (netstat command options), 35
- -i seconds (ping command option), 30
- I/O file descriptors, daemons, 6369
- IBM (International Business Machines)
- Data Encryption Standard (DES), 594597
- PC computer viruses, 773809
- boot record, 773774
- floppy boot record, 774782
- master boot record, 786789
- partition boot record, 782786
- ICMP (Internet Control Message Protocol), 29
- host configurations, 210211
- route spoofing, deactivating, 210211
- ICMP ECHO_REPLY, 29
- ICMP ECHO_REQUEST command, 29
- ICMP PORT UNREACHABLE, 39
- ICMP TIME_EXCEEDED, 38
- IDEA cryptosystem, 607, 640
- hacking, 655
- identd servers, vulnerability to exploitation by hackers, 404
- ifconfig command, 1719
- -arp, 18
- -debug, 18
- arp, 18
- broadcast, 18
- configurable parameters, 1718
- debug, 18
- dest-address, 18
- down, 18
- metric N, 18
- netmask MASK, 18
- querrying interface configuration, 3233
- syntax, 17
- trailers, 18
- up, 18
- illegal root access, preventing, 379
- implementing
- ARP servers, 203
- encrypted passwords, 193194
- intranets
- DNS server, 679
- WINS server, 680
- improving network security
- with firewalls, 417418
- with Kerberos, 414415
- with Secure Shell program, 416
- with SSL, 416417
- inadvertent ARP spoofing, case studies, 199201
- include directory (SATAN), 443
- inetd command, 22
- inetd daemon, 61
- inetd services
- disabling, 240
- restarting after configurations, 249
- super-server, 28
- infected floppy disks, repairing, 833834
- infecting (viruses)
- COM files, 791
- EXE files, 793794
- info (syslog file severity level), 152
- Info command (Java Appletviewer), 730
- init daemon, 57
- initdefault (run level action field), 75
- INITIAL flag, Kerberos tickets, 510512
- initial tickets (Kerberos), 510
- Innovative Security Products Security web site, 855
- insecure segments, deployment strategies, 187
- inserting
- ARP cache entries, permanent, 202203
- comments in TIS Firewall Toolkit applications, 244
- installation (TIS Firewall Toolkit), 237238
- authmgr client application, 311
- authsrv application, 317318
- ftp-gw application, 322
- http-gw application, 328
- login-sh application, 329
- netacl application, 331
- plug-gw application, 333
- rlogin-gw application, 336337
- smap client application, 265, 337
- smapd application, 267, 338339
- tn-gw application, 341342
- x-gw application, 343
- installing
- dfmon daemon, 76
- Proxy Server, 692
- routers for subnetting, 204205
- Windows NT and boot record viruses, 842
- integrity checkers
- byte-for-byte matching, 827831
- detection rate, 828831
- disadvantages, 829
- executable files, comparison function, 827831
- files
- information, 828
- repairing, 829831
- rating criteria, 830831
- versus stealth viruses, 830831
- INTERACTIVE configuration keyword (PGP), 651
- interfaces
- CGI, 687, 736740
- firewalls, comparison between products, 358359
- ISAPI, Internet Information Server (IIS), 687
- Java, 709
- localhost loopback, 19
- networks, 1617
- configuring, 1719
- names, 16
- PPP (Point-to-Point Protocol), 17
- SLIP (Serial Line Internet Protocol), 17
- PGP for Unix, 658659
- querrying configuration, 3233
- SATAN, 456465
- system security, Ethernet promiscuous mode, 160
- internal routing protocols, 211213
- International Data Encryption Algorithm (IDEA)
- 128-bit key, 598599
- algorithm process, 597599
- brute-force attack invulnerability, 598599
- Swiss Federal Institute of Technology, 598599
- versus Data encryption Standard (DES), 598599
- International Traffic and Arms Regulations (ITAR), issues with PGP, 489, 607
- Internet, 9
- addresses, 9
- corporate requirements, 680682
- Domain Name Server, 27
- growth of cryptography, 564
- proxy servers
- access processing, 691692
- configuring, 683684
- RFC 950, 12
- security related sites
- FTP, 853
- WWW, 853
- super-server, starting daemons, 2223
- Windows NT hardware requirements, 680682
- Internet Control Message Protocol, see ICMP
- Internet Engineering Task Force web site, 575
- Internet Information Server (IIS)
- anonymous user account, 688
- authentication
- basic, 690
- challenge/response, 690
- Secure Sockets Layer (SSL), 690
- directory structure, customizing, 688689
- integration with NT security, 687
- interfaces
- CGI, 687
- ISAPI, 687
- packet filtering routers, 682683
- permissions
- execute, 689
- read, 689
- write, 689
- protocols
- FTP, 686
- HTTP, 686
- public web servers, connecting, 682683
- session encryption, Secure Sockets Layer (SSL), 687688
- versus Microsoft Proxy Server, packet filtering, 682683
- virtual server capabilities, 687
- web pages
- dynamic, 686
- static, 686
- Windows NT
- components, 664665
- security integration, 687
- Internet Protocol, see IP
- Internet Request for Comments (RFC), hostname guidelines, 15
- Internet RFC Index web site, 855
- Internet Server API, see ISAPI
- Internet Threat Levels, see ITLs
- Internet tunnels
- layer 2 forwarding (L2F) protocol, 575576
- point-to-point tunneling protocol (PPTP), 575576
- Internet Worm, Unix/SUN incident, 808809
- Internet-to-Ethernet address translation table, 40
- interpreters (Java), 719722
- intranets
- DNS Server, implementing, 679
- NetBIOS name resolution, 679680
- WINS Server, implementing, 680
- intrusive proxies, 357
- INVALID flag, Kerberos tickets, 510
- invalid tickets (Kerberos), 510
- IP (Internet Protocol)
- addresses, 911
- ARP spoofing process, 198199
- forwarding, disabling for TIS Firewall Toolkit, 242243
- hacker access to, 387389
- aliases, 21
- encryption technology
- authentication header (AH), 231232
- development, 231232
- encapsulating security payload, 231232
- RFCs 825830, 231232
- SwIPe, 231232
- forwarding, exploitation by hackers, 405
- source routing, exploitation by hackers, 405
- spoofing, SATAN scans, 434437
- ISAPI (Internet Server API) interface, 687
- ISS (network security evaluation program), 412
- ISS SAFESuite
- firewall security assesments, 367368
- scanning capabilities, 368370
- ITAR (International Traffic and Arms Regulations), issues with PGP, 489, 607
- iterative resolution on DNS servers, 219
- ITLs (Internet Threat Levels), 374378
- IUSR_computername account, Internet Information Server (IIS), 688
J
- Java, 697699
- applets
- security modes, 731732
- testing, 707, 729731
- viewing with Netscape, 732
- Appletviewer, 728731
- architecture, 711716
- bytecodes, 703, 711
- verifying, 721
- calling class methods, 718
- cast statements, 709
- class loader, 720734
- classes, 709
- compiler, 707, 716719
- compiling with, 713, 716719
- components, 703704
- dynamic loading capabilities, 712713
- environment features, 706716
- executing code, 722
- garbage collector for memory, 701, 710
- history of, 704705
- impact on firewalls, 733
- integration with HTTP, 733
- interaction with e-mail, 734
- interfaces, 709
- interpreter, 719722
- loading code, 720
- memory layout, 718719
- memory management, 701, 710711
- multithreading, 703, 710, 714
- Netscape runtime engine, 731
- object-orientation, 702703
- opcodes, 717718
- operands, 717718
- performance levels, 699, 703
- portability, 699701
- programming language features, 707711
- robustness, 699701, 713714
- running code, 719722
- runtime
- checking, 713
- environment, 707
- memory layout, 702
- reference resolution, 712
- security, 698702, 715716
- setup, 728734
- software support, 700
- thread synchronization, 710
- versus C++, 707710
- web site, 734
- Java Archive Format (JAR), code signing initiative, 576577
- Java Development Kit (JDK), 707
- Java Virtual Machines, see JVMs
- Joint Electronic Payment Initiative (JEPI), credit card transactions, 576577
- JVMs (Java Virtual Machines), 700, 711, 722728
- instruction set, 724725
- integrating with CPUs, 723
- registers, 726
- stacks, 726728
- constant pool memory area, 728734
- garabage collected heap, 727
- local variables, 726727
- method memory area, 728734
- operand stacks, 727
K
- kdc-options field, KRB_KDC_REQ message, 530
- KDC_ERR_CANNOT_POSTDATE message (Kerberos Authentication Services exchange), 518
- KDC_ERR_ETYPE_NOSUPP message (Kerberos Authentication Services exchange), 518
- KDC_ERR_PREAUTH_FAILED message (Kerberos Authentication Services exchange), 518
- KDC_ERR_TRTYPE_NOSUPP error message (Kerberos Ticket Granting Service exchange), 523
- KEEPBINARY configuration keyword (PGP), 651
- Kerberos, 414415, 478
- accounting user accounts, 481
- authenticating user accounts, 480484
- Authentication Service Exchange, 517520
- specifications, 526533
- authorizing user accounts, 481
- Bones distribution, 498499
- checksums, 494497
- clear text password mechanisms, 194
- client detection of modified messages, 539540
- client message encryption, 542543
- client/server authentication exchange, 533539
- clients, authenticating, 533537
- DEC Ultrix distribution, 498500
- encryption, 485497
- keys, 492493, 536537
- specifications, 491492
- systems, 493494
- ftpd, 552
- host addresses, 547548
- Information FTP site, 855
- Key Distribution Center, client requests, 526
- KRB_CRED message, 544546
- KRB_ERROR messages, 549551
- KRB_KDC_REP message, 532534
- KRB_KDC_REQ message, 528532
- KRB_PRIV message, 542544
- KRB_SAFE message, 539542
- messages, authorization data, 548
- MIT version 4, 497
- MIT version 5 distribution, 498
- naming schemes, 547
- network realms, 479480
- intercommunication, 507
- naming, 504505
- newsgroups regarding, 553
- operations, 478479
- OSF DCE security distribution, 498, 501
- port assignments, 551552
- RFCs, 480
- sending credentials between hosts by clients, 544545
- servers, 479
- principal names, 505506
- Telnet Authentication, 552
- Ticket Granting Service exchange, 520526
- specifications, 526533
- tickets, 478, 513515
- authenticators, 512516
- expiration, 519
- fields, 514515
- flags, 509512
- forwardable, 511512
- initial, 509
- invalid, 509
- postdated, 510
- preauthenticated, 509510
- proxiable, 511
- proxied, 511
- renewable, 510511
- requests via Authentication Service exchange, 517520
- requests via Ticket Granting Service exchange, 520526
- time stamps, 547
- Transarc distribution, 498501
- vendors
- interoperability issues, 500503
- selecting, 499
- version 4, 497498
- version 5, 498, 696
- interoperability requirements, 501503
- vulnerability to hackers, 484
- vulnerability to SATAN, 415
- workstation authentication, 551552
- kern (syslog file facility), 151
- Key Distribution Center (Kerberos), 526
- key field
- Kerberos tickets, 514
- KRB_CRED message, 546
- KRB_KDC_REP message, 533
- key pairs, generating (public key cryptography), 600601
- key-expiration field, KRB_KDC_REP message, 533
- keyed checksums, 495
- keys (Pretty Good Privacy)
- adding to public key rings, 614615, 626628
- distributing, 612613
- extracting from public key rings, 628629
- fingerprints, 635636
- generating, 611612, 623626
- management, 622637
- naming, 618619
- pass phrases, 624
- pass phrases, vulnerability to hackers, 655
- public key rings, 619, 633654
- public key rings, vulnerability to hackers, 656
- removing from key rings, 633634
- removing signatures from, 633634
- revoking, 636637
- secret key rings, 620, 632633
- secret key rings, vulnerability to hackers, 655656
- signing, 629632
- trust relationships, 620622, 630
- userids, creating, 624626
- verifying, 635636
- keytype fields, encryption keys, 493
- keyvalue fields, encryption keys, 493
- keywords, netacl application (TIS Firewall Toolkit), 246
- kill command, 64
- KRB_AP_REP message (Kerberos client/server authentication exchange), 536539
- KRB_AP_REQ message (Kerberos client/server authentication exchange), 534538
- KRB_AS_REP message (Kerberos Authentication Services exchange), 517
- generation, 518519
- receipt, 519520
- KRB_AS_REQ message (Kerberos Authentication Services exchange)
- generation, 518
- receipt, 518
- KRB_CRED message (Kerberos), 544546
- KRB_ERROR message (Kerberos Authentication Services exchange), 517
- generation, 520
- receipt, 520
- KRB_KDC_REP message (Kerberos), 532534
- KRB_KDC_REQ message (Kerberos), 528532
- KRB_PRIV message (Kerberos), 542544
- KRB_SAFE message (Kerberos), 539542
- KRB_TGS_REP message (Kerberos Ticket Granting Service exchange), 521
- generation, 523525
- receipt, 526
- KRB_TGS_REQ message (Kerberos Ticket Granting Service exchange), 521
- generation, 521522
- receipt, 522523
- kvno fields, encrypted messages, 491
L
- -l (finger command option), 34
- -l (ruptime command option), 32
- -l username (rsh command options), 44
- L-devices (UUCP version 2 file), 98, 131132
- L-dialcodes (UUCP version 2 file), 99
- L.cmds file (UUCP version 2), 139
- L.sys (UUCP version 2 file), 99
- L.sys file (UUCP), 133135
- L_stat (UUCP version 2 file), 100
- L_sub (UUCP version 2 file), 100
- lags field, KRB_CRED message, 546
- LANGUAGE configuration keyword (PGP), 651
- last command, 149
- last request fields (Kerberos Authentication Server exchange), 548549
- last-req field (KRB_KDC_REP message), 533
- LAST_ACK (socket state), 38
- lastcomm command, 156
- lastlog file, Unix audit log, 148
- LAT (Local Address Table), 693
- layer 2 forwarding (L2F) protocol, 575576
- ldsocket daemon, 25
- letter frequency in monoalphabetic substitution, 587589
- libpcap program, 405
- libraries (CGIs), 739740
- license managers, 58
- linear cryptanalysis, 602603
- link-state routing protocol, Shortest Path First (SPF), 212213
- LISTEN (socket state), 38
- little endian coding, 725
- Livermore Software Laboratories PORTUS, 354355, 370
- Livingston FireWall IRX, 369
- packet filter products, 350352
- loading code with Java, 720
- Local Security Authority (LSA), Windows NT
- logon process, 675677
- security model, 668
- local variables, JVM stacks, 726727
- local07 (syslog file facility), 151
- localhost loopback interface, 19
- LOCK (DOS audit trail utility), 167
- lockd daemon, 62
- log files
- analyzing
- asax program, 160
- chklastlog program, 160
- chkwtmp program, 160
- programs (code listings), 142145
- security porblems, 168169
- syslog fake entries, 168
- UUCP, 126128
- error messages, 127128
- troubleshooting network connections, 126
- version 2, 139140
- Windows NT
- Application Log, 163
- Security Log, 164
- System Log, 164
- TCP/IP applications, 165166
- viewing, 163164
- LOGFILE, UUCP version 2, 139
- logging
- access to specific files, httpd service (Windows NT), 165
- commands, 156157
- CPU time consumption, 157
- crontab file usage, 153
- dial-out facilities usage, 153
- DOS utilities, 166
- file system changes, 161
- ftp connections (Windows NT), 164
- logins, 148150
- messages, 150152
- netlog system sniffer, 161
- system resource allocation, 157
- user activity, 158
- users, 152153
- utilities, tampering, 169
- logging on
- challenge/response authentication (Windows NT), 677679
- remote, 61
- LOGIN FAILED (UUCP log file error message), 127
- login prompts, 61
- login-sh (authenticating login shell), 328329
- installation, 329
- options, 328329
- logins
- anonymous (UUCP), 125126
- CGI requests, 753
- chat scripts, 113116, 134135
- correcting for speed differences, 113, 134
- lastlog file, 148
- tracking, 148150
- current, 148149
- UTMP file, 148150
- LOGNAME (Permissions file keyword), 121
- LOGNAME (Permissions file option), 121
- logout (telnet command), 46
- low-level protocol information, sniffing scenario, 178181
- lpd daemon, 25, 58
- lpd-errs file, Unix audit logs, 154
- lpr (syslog file facility), 151
- lpsched daemon, 58
- ls command, UUCP Device file ownership, 107
- lsof (web site), 160
- lsof program (open file listing), 160
M
- -m (netstat command options), 35
- MACHINE (Permissions file option), 121
- MacPGP, 660
- web site, 660
- macro viruses, 770773
- ability to avoid detection, 772773
- Concept virus, 806, 845
- Excel for Windows, 806
- in Windows NT environment, 845
- infection process, 806807
- on file servers, spreading, 812
- on networks
- increasing prevalence, 811812
- platform independence, 811812
- on peer-to-peer networks, spreading, 812
- potential damage, 808
- repairing, 837
- virulence, 806
- Word for Windows, 806
- macros
- global pools, 771773
- local pools, 771773
- versus assembly language programs, 772773
- mail (syslog file facility), 151
- Mail Transport Agent, 60
- mailing lists
- 8lgm, 852
- bugtraq (network security holes), 386, 852
- network security hole-related, 386
- TIS Firewall Toolkit-related, 306
- make install command (TIS Firewall Toolkit), 237
- MAKERANDOM command-line option (PGP), 653
- malicious ARP spoofing, case studies, 200201
- man command, 66
- marginal trust relationships (PGP), 621622, 630
- MARGINALS_NEEDED configuration keyword (PGP), 651
- mark (syslog file facility), 151
- master boot record viruses
- antivirus program overview, 835836
- complexity of infection, 786
- dropper programs (Windows NT), 838
- floppy disk booting (Windows NT), 838
- hard drives, 762763
- infection process, 786788
- Michelangelo, 839840
- multipartite viruses (Windows NT), 838
- new items, infecting, 788
- NYB (B1 virus), 789
- One-half, 839840
- potential damage, 789
- repairing, 834835
- Stoned Monkey virus, 789
- virus target, 763
- Windows NT
- bootup process, 839840
- virus behaviors, 838840
- Maxuuscheds (Basic Networking Utilities file), 99
- Maxuuxqts (Basic Networking Utilities file), 99
- MAY-POSTDATE flag, Kerberos tickets, 509511
- memory
- failures, troubleshooting, 37
- Java garbage collector, 701, 710
- layout with Java, 718719
- managing with Java, 701, 710711
- printing usage, 3538
- runtime layout with Java, 702
- swapper daemons, 57
- Memory Control Block (MCB), DOS conventional memory, 796799
- memory resident infectors
- anti-virus scanning problem, 802803
- fast infector types, 802803
- file virus types, 795799, 802803
- infection process, 802803
- memory resident programs (TSRs), hooking computer viruses, 765767
- memory scanners
- boot record viruses, 826827
- memory resident files, 826827
- rating criteria, 826827
- used for fast infectors, 826827
- mesg command, 433
- message digest algorithms (MDAs), digital signatures, 571572
- messages
- digital time stamping, 572
- displaying error messages, uucico command (UUCP), 116, 135
- e-mail
- clearsigning with PGP, 646647
- compressing with PGP, 638
- conventional encryption with PGP, 640
- decrypting with PGP, 616617, 643645
- decrypting without saving to file, 648
- detached signatures with PGP, 647648
- digital signatures, 613614
- digital signatures, attaching with PGP, 637
- encrypting with PGP, 615616, 642643
- encryption, 637
- filtering with PGP, 637638
- non-repudiation, 613
- public key encryption, 641642
- sending with PGP, 639
- signing with PGP, 640643
- verifying with PGP, 616617, 643645
- Kerberos authorization data, 548
- logging, 150152
- syslog, fake, 168
- system, logging, 28
- system monitoring, 7172
- UUCP log file error messages, 127128
- see also audit trails; logging; reports
- method memory area, JVM stacks, 728734
- metric N command (ifconfig), 18
- Microsoft Authenticode, code signing initiative, 576577
- Microsoft Proxy Server (Windows NT), 664665
- Microsoft web site, 576
- Microsoft Word for Windows, global macro pools, 771773
- Milkyway Networks Black Hole, 354355, 370
- MIT Kerberos version 5, 498
- mode (telnet command), 46
- modems
- calling time scheduling
- UUCP L.sys file, 133
- UUCP Systems file, 111
- configuring
- baud rates (UUCP systems), 112, 134
- UUCP Devices file, 105107
- initiating calls, UUCP Dialers file, 108110
- network security attacks, 409418
- TCP connections, 430
- UUCP networks, specifying phome numbers, 112
- UUCP Systems file, retry numbers, 111
- modulus
- factoring, 603
- RSA public key cryptography, 603
- monitoring
- ARP caches, 208209
- network hackers, 564565
- monoalphabetic substitution
- letter frequency, 587589
- symmetric encryption, 584589
- versus Viginere encryption, 590593
- mountd daemon, 62
- SATAN showmount scans, 419
- msg-type field (Kerberos)
- KRB_AP_REQ message, 537
- KRB_KDC_REP message, 533
- KRB_KDC_REQ message, 529
- KRB_PRIV message, 543
- KRB_SAFE message, 541
- multicast addresses, 10
- multipartite viruses, 811
- boot record viruses (Windows NT), 838840
- infection process, 820
- stealth and polymorphic behavior, 820
- multitasking, 714
- multithreading
- Java, 710, 714
- Java capabilities, 703
- Windows NT, 665666
- mutually trusting machines, sniffing, 186
- MYNAME (Permissions file keyword), 123, 651
N
- -n (netstat command options), 35
- -n (ping command option), 30
- -n (rsh command options), 44
- Name (BNU Devices file field name), 105
- name resolution
- DNS servers, 218
- query efficiency, 219
- named daemon, 27
- names
- domain, 15
- network interfaces, 16
- UUCP system names, 102103
- choosing, 103104
- length limitations, 102
- setting, 103
- naming
- keys in PGP, 618619
- realms (Kerberos), 504505
- National Institute of Standards and Technology (NIST), Data Encryption Standard (DES), 594597
- National Science Foundation, 8
- National Security Act of 1947, 485
- National Security Agency web site, 855
- National Security Institutes web site, 855
- native viruses (Windows NT), 846
- difficulty in propagation, 846
- NEC Security Tools FTP site, 855
- netacl (network access control) application, 245249, 330331
- clauses, 246
- configurations, 245249
- FTP connections, establishing, 247249
- installation, 331
- options, 330331
- reports, 302303
- rules, 246
- starting, 245
- NetBIOS, name resolution on intranets, 679680
- netlog sniffer utility, 161, 414
- NETLOGON utility (Windows NT), 675677
- NetMan, sniffing software, 176
- netmask MASK command (ifconfig), 18
- netmasks
- defaults, 12
- determining for subnets, 14
- netperm table (TIS Firewall Toolkit), 244245, 306310
- .netrc network configuration file, 49
- netscan utility (TIS Firewall Toolkit), 295
- Netscape
- Java Archive Format (JAR), code signing initiative, 576577
- Java runtime engine, 732
- Netscape Corporation web site, 855
- netstat command, 26, 3538, 158159, 241
- Network Address Translation (NAT), 356
- application transport proxies, 356357
- network administrators, PC usage monitoring, 184186
- network analyzers
- cost, 175176
- GUI interface, 175176
- sniffing capabilities, 174
- Network General Corporation, 174
- Network News Transport Protocol, see NNTP
- network segmentation
- insecure, 183
- preventing sniffing, 181182
- secure, 183
- network segments, security case study, 187190
- Network Systems Corporation, packet filter vendor, 350
- Network-1 Firewall/Plus, 354355, 370
- web site, 682
- network-level detection (ARP spoofing)
- continuous monitoring, 208209
- detecting, 207
- periodic polling, 207208
- networks
- addresses, 9
- octets, 1011
- pinging with netscan utility (TIS Firewall Toolkit), 295
- subnets, 1114
- authentication methods
- certificate-based, 572
- encrypted passwords, 572
- plaintext passwords, 572
- two-factor, 572
- configuration files
- /etc/ethers, 20
- /etc/ftpusers, 48
- /etc/hosts, 1920
- /etc/hosts.equiv, 23
- /etc/hosts.lpd, 25
- /etc/inetd.conf, 2223
- /etc/networks, 2021
- /etc/passwd, 24
- /etc/printcap, 25
- /etc/protocols, 21
- /etc/service, 2122
- /etc/sockcf, 25
- /etc/strcf, 25
- /etc/syslog.conf, 28
- .netrc, 49
- .rhosts, 23
- connections
- configuring (UUCP), 105107
- debugging, 40
- testing, 108, 132133
- cryptography
- eavesdroppers, 564565
- hackers, 564565
- daemons, exploitation by hackers, 395
- debugging, 159
- UUCP connections, 108
- Ethernet sniffers, 159160
- file server infections, 809810
- file systems
- unpriveleged access scans by SATAN, 422423
- unrestricted exports, scanning with SATAN, 423
- vulnerability to hackers, 401402
- hostnames, 1415
- hosts
- services, 2122
- traffic logs, 158159
- inetd services, disabling, 240
- interfaces, 1617
- configuring, 1719
- names, 16
- PPP (Point-to-Point Protocol), 17
- SLIP (Serial Line Internet Protocol), 17
- local machine status, 3132
- macro viruses
- impracticality of write protection to DOC files, 811812
- increasing prevalence, 811812
- platform independence, 811812
- memory and printing usage, 3538
- operating systems, hacker determination via telnetd info, 389391
- peer-to-peer environment, file virus infections, 810
- physical security, 182
- realms (Kerberos), 479480
- intercommunication, 507
- naming, 504505
- remote shell access, SATAN scans, 425427
- root access
- hacker acquisition of, 379380
- illegal, preventing, 379
- routing programs, exploitation by hackers, 403
- SATAN scans, detecting, 413414
- security
- attacks, modem-based, 409418
- attacks on, 373386
- attacks on, acquiring login accounts, 378379
- attacks on, acquiring root access, 379380
- attacks on, characterizing, 378381
- attacks on, extend access by hackers, 380381
- detecting vulnerabilities via public documentation, 407418
- evaluating for weaknesses, 408418
- FTP sites regarding, 386
- hacker-generated patches, 408
- holes, 381385
- holes, detecting, 387409
- holes, mailing lists regarding, 386
- holes, newsgroups regarding, 386
- improving with firewalls, 417418
- improving with Kerberos, 414415
- improving with Secure Shell program, 416
- improving with SSL, 416417
- Internet Threat Levels, 374378
- SATAN searches for breaches, 376
- scanning with SATAN, 419420
- testing with SATAN, 372373
- web sites regarding, 386
- security problems, 564565
- segmenting, 181182
- services
- denial reports (TIS Firewall Toolkit), 301
- reducing active processes, 239
- SATAN scans, 420
- status displays, 238
- vulnerability to hackers, 440
- sniffing, exploitation by hackers, 404405
- SNMP (Windows NT), logging local activity, 165
- statistic displays, 241
- subsystems, querying, 3538
- Sun Microsystems addresses, 11
- TCP connections, vulnerability to hackers, 383
- TCP traffic, monitoring, 161
- types, 16
- user accounts
- hacker acquisition of, 378379
- passwords, cracking, 379
- UUCP (Unix to Unix CoPy), 100101
- calling time scheduling, 111, 133
- configuring, 105107
- debugging connections, 116117
- defining, 110113
- Permissions file, 120125
- virus categories
- file-based LANs, 809
- Internet networks, 809
- peer-to-peer networks, 809
- see also octets; subnets
- news (syslog file facility), 151
- newsgroups
- connecting with plug-gw application (TIS Firewall Toolkit), 289292
- Kerberos-related, 553
- network security hole-related, 386
- TIS Firewall Toolkit-related, 305
- NFS
- unprivileged access, SATAN scans, 422423
- unrestricted exports, scanning with SATAN, 423424
- watch utility, 161
- web site, 161
- nfsbug program (hacking network file systems), 401
- nfsd daemon, 62
- nfsmenu program (hacking network file systems), 401
- nfsshell program (hacking network file systems), 401
- NIS servers
- exploitation by hackers, 402
- password protection, 431
- SATAN scans, 424
- vulnerability to hackers, 402
- NIST (U.S. National Institute of Standards and Technology), 855
- NNTP (Network News Transport Protocol), 289292
- connections with plug-gw application (TIS Firewall Toolkit), 289292
- vulnerability to/exploitation by hackers, 403
- No Access security mode, Java applets, 731
- NO CALL (RETRY TIME NOT REACHED) (UUCP log file error message), 127
- NO DEVICES AVAILABLE (UUCP log file error message), 128
- no trust relationships (PGP), 621622, 630
- nobody UIDs, 743
- nodename, 102
- non-intrusive proxies, 357
- non-proxy-aware HTTP clients, 271272
- non-repudiation
- cryptography goals, 566567
- e-mail messages, 613
- non-reversible quick encryption, 560
- nonce
- challenge/response authentication (Windows NT), 677679
- field
- KRB_CRED message, 546
- KRB_KDC_REP message, 533
- KRB_KDC_REQ message, 531
- NOREAD (Permissions file keyword), 122
- Norton Disk Doctor
- floppy disks, repairing, 833834
- repairing
- floppy boot record viruses, 782
- partition boot record viruses, 785
- Norton Disk Editor, repairing partition boot record viruses, 785
- notice (syslog file severity level), 152
- NSFNet, 8
- NTFS (NT File System), boot record viruses, 841842
- NULL encryption systems, 493
- NWRITE (Permissions file keyword), 122
- NYB (B1 virus)
- master boot record viruses, 789
- system memory infection, 789
O
- object-oriented programming with Java, 702703
- obtaining
- certificate authorities, secure channels, 574575
- digital certificates, 569570
- Secure Sockets Layer (SSL), 690691
- public keys, 568569
- token authentication devices, 572574
- octets, address values
- maximum, 11
- reserved, 11
- OFB (Output Feedback Mode) encryption, 488
- off (run level action field), 75
- OK (UUCP log file error message), 128
- ONC clients, RPC server support, 62
- once (run level action field), 75
- ondemand (run level action field), 75
- one-time password programs, 432
- one-way encryption
- digital certificates, 561562
- digital signatures, 561562
- one-way trust, connecting segments, 186187
- online documentation (SATAN), 464465
- OOP (object-oriented programming), 702703
- opcodes (Java), 717718
- open (telnet command), 46
- operand stacks (JVMs), 717718, 727
- Opus One Consulting, 346
- OSF DCE Kerberos-based security, 498501
- overwriting COM files with file viruses, 792
P
- -p (finger command option), 34
- -p (rcp command options), 43
- -p pattern (ping command option), 30
- -p protocol-name (netstat command options), 35
- packet filters
- disadvantages, 347
- firewalls, 347
- performance guidelines for firewalls, 364365
- router architecture, 349350
- router products
- Cisco 2500 series router, 350352
- Livingston FireWall IRX, 350352
- stateful, 352
- vendors
- 3Com Corporation, 350
- Bay Networks, 350
- Cisco Systems, 350
- Livingston Enterprises, 350
- Network Systems Corporation, 350
- packet sniffer programs, 438
- packets
- RIP security issues, 433
- sniffing, exploitation by hackers, 404405
- padata field
- KRB_KDC_REP message, 533
- KRB_KDC_REQ message, 529
- padata-type field, KRB_KDC_REQ message, 530
- PAGER configuration keyword (PGP), 651
- partition boot record viruses
- antivirus programs overview, 835836
- boot-up activation, 782783
- Form virus, damage potential, 786
- infection process, 783785
- new items, infecting, 785
- potential damage, 785
- repairing, 785, 835
- stealthing technique, 785
- pass phrases (PGP), 610
- keys, 624
- vulnerability to hackers, 655
- passive attacks, DNS servers, spoofing, 221222
- passive participants, Routing Information Protocol (RIP), 213215
- passwords
- authentication mechanisms, 360361
- backdoor, 169
- challenge-response method, 573574
- clear text, 190191
- encrypted, 190194, 573574
- equivalency, 2325
- files, genUSER program, 144145
- FTP access, 4850
- ftpd, 431
- NIS servers
- protecting, 431
- SATAN scans, 424
- one-time, 432
- plaintext, 573574
- protection, 430432
- rlogin protocol, 191192
- selection enforcement programs, 432
- shadow files, 431
- smart card security programs, 432
- sniffing, 177
- system security, Ethernet sniffers, 159
- transmission, 190196
- user accounts, cracking, 379
- zero-knowledge authentication, 194195
- patches, hacker-generated, 408
- patimestamp field, KRB_KDC_REQ message, 530
- pausec field, KRB_KDC_REQ message, 530
- PC/DACS (DOS audit trail utility), 166167
- pcnfsd daemon, 62
- peer-to-peer networks
- boot viruses, 811
- file virus infection on networks, 810
- macro viruses, spreading, 812
- performance guidelines (firewalls)
- application level proxies, 365366
- packet filtering, 364365
- transport level proxies, 365366
- PERL (Practical Extraction and Reporting Language)
- CGI libraries, 739
- CGI programming, 747750
- daemons, creating, 6772
- SATAN, 444, 454455
- permanent ARP cache entries, inserting, 202203
- permission files (UUCP version 2), 136139
- debugging, 137
- permissions
- add (Windows NT), 674675
- add and read (Windows NT), 674675
- change (Windows NT), 674675
- execute (Windows NT), 689
- full control (Windows NT), 674675
- list (Windows NT), 674675
- no access (Windows NT), 674675
- read
- Internet Information Server (IIS), 689
- Windows NT, 674675
- special access, USERFILE (UUCP version 2), 138
- versus rights, 674
- write, Internet Information Server (IIS), 689
- Permissions (Basic Networking Utilities file), 99
- Permissions file (UUCP), 120121
- anonymous login, 125126
- defaults, 120121
- entry rules, 123
- keywords, 121123
- validating hostnames, 124
- personal tunneling, 360361
- PGP (Pretty Good Privacy), 605606
- add-on utilities, 657660
- armor mode, 639
- binary distribution, 609611
- binary files, vulnerability to hackers, 657
- brute force hacker attacks, 654655
- clearsigning e-mail messages, 646647
- compressing e-mail messages, 638
- configurations, 649654
- conventional encryption, 640
- decrypting e-mail messages, 616617, 643645
- detached signatures, 647648
- encrypting e-mail messages, 615616, 642643
- filtering e-mail messages, 637638
- For Her Eyes Only messages, 648
- history of, 606608
- integration with Unix mailers, 659
- keys
- adding to public key rings, 614615, 626628
- distributing, 612613
- extracting from public key rings, 628629
- fingerprints, 635636
- generating, 611612, 623626
- management, 622637
- naming, 618619
- pass phrases, 624
- pass phrases, vulnerability to hackers, 655
- public key rings, 619, 633654
- public key rings, vulnerability to hackers, 656
- removing from key rings, 633634
- removing signatures from, 633634
- revoking, 636637
- secret key rings, 620
- secret key rings, vulnerability to hackers, 655656
- signing, 629632
- trust relationships, 620622, 630
- userids, creating, 624626
- verifying, 635636
- Macintosh-compatible, 660
- pass phrases, 610
- practical applications, 607608
- processing binary files, 638639
- processing text files, 638639
- public keyservers, 658
- security, 654657
- sending e-mail messages, 639
- signing e-mail messages, 640643
- UNIX interface, 658659
- verifying e-mail messages, 616617, 643645
- Windows front-end applications, 659
- wiping files, 648649
- PGP and IDEA Archives web site, 855
- PGPMenu Unix interface for PGP, 658659
- Phone (BNU Systems file field name), 112
- PIDs (process identifiers), procuring, 240
- ping command, 2931
- BSD Unix, 31
- fault isolation, 31
- options, 2930
- pinging
- network addresses with netscan utility (TIS Firewall Toolkit), 295
- servers to determine firewall/Internet connections, 389
- PKE (public key encryption), 608
- plug gateways, 355356
- plug-gw (plugboard connectivity) application, 288294, 332333
- bugs, 333
- clauses, 288289
- configurations, 288289
- installation, 333
- NNTP connections, 289292
- POP connections, 292294
- rules, 288289
- pname field, KRB_CRED message, 546
- point-to-point leased lines, 8
- point-to-point tunneling protocol (PPTP), 575576
- Poll (Basic Networking Utilities file), 99
- polling ARP caches, network-level detection, 207208
- polymorphic viruses
- computer virus classes, 812813
- development of generic decryption (GD) technique, 824826
- difficulty in detection, 812813
- encrypted state, 812813
- infection process, 812813
- virus scanner ineffectiveness, 822826
- POP (Post Office Protocol), 292
- connections with plug-gw application (TIS Firewall Toolkit), 292294
- portability of Java, 699
- portmap programs
- exploitation by hackers, 396397
- rexd services, vulnerability to hackers, 405
- secure, 397
- vulnerability to hackers, 384
- ports
- block strategy, 685686
- configuring
- Proxy Server, 686
- Windows NT, 685686
- connecting to TCP ports, 47
- filtering, 685686
- versus firewalls, 686
- Kerberos assignments, 551552
- scanning by SATAN, 407
- TCP, scanning by hackers, 395396
- UDP, scanning by hackers, 395396
- portscan utility (TIS Firewall Toolkit), 294
- scanning TCP services, 241
- POST method (CGI data input), 741742
- Post Office Protocol, see POP
- POSTDATED field, Kerberos tickets, 527
- POSTDATED flag, Kerberos tickets, 510511
- pound (#) symbol in network configuration file, 20
- powerfail (run level action field), 75
- powerwait (run level action field), 75
- PPP (Point-to-Point Protocol), 17
- PRE-AUTHENT flag, Kerberos tickets, 510512
- prealm field, KRB_CRED message, 546
- preauthenticated tickets (Kerberos), 510
- prepending COM files with file viruses, 791792
- Pretty Good Privacy, see PGP
- preventing
- ARP spoofing, 201204
- routers, 203204
- boot record viruses, 833836
- DNS servers, spoofing attacks, 220221
- executable file viruses, 836
- illegal root access, 379
- macro viruses, 837
- route spoofing, 215216
- sniffing
- network segmentation, 181182
- trust relationships, 182
- TCP connections to local services from remote systems, 396
- UDP connections to local services from remote systems, 396
- primary domain controller (Windows NT), 670671
- principal names on Kerberos servers, 506
- print command, 6869
- print spoolers, 58
- printing
- error logs, 154
- lpd daemon, 58
- network memory usage, 3538
- print spoolers, 58
- spool area handler, 25
- Private Communication Transport (PCT)
- secure channel technologies, 574
- versus Secure Sockets Layer (SSL), 575
- private key encryption, 487
- probes, 39
- process accounting
- disk space consumption, 156
- enabling, 156
- reports, 156157
- Unix audit logs, 155
- process identifiers (PIDs), procuring, 240
- process table, 5253
- processes
- listing files in use (lsof program), 160
- monitoring daemons, 6972
- network services, reducing activity, 239
- reports, 158
- processing
- binary files with PGP, 638639
- certificate-based transactions, 569
- Data Encryption Standard (DES) algorithm, 595597
- messages
- digital certificates, 569
- digital signatures, 571572
- text files with PGP, 638639
- procmon command, 84
- procmon daemon, 6972
- procmon.cfg configuration file, 7071
- procmon.cmd configuration file, 70
- product comparisons (firewalls)
- application level proxies, 365366
- flexibility, 359361
- packet filtering, 364365
- summary evaluation, 369370
- transport level proxies, 365366
- program file viruses
- COM, 767
- EXE, 767
- SYS, 767
- program Segment Prefix (PSP), DOS conventional memory, 796799
- programming CGIs
- in C, 750
- in C++, 750
- in PERL, 747750
- in safe languages, 750751
- programs
- compared to daemons, 52
- daemons, 9
- promiscuous mode, broadcast addresses, 175
- Properties command (Java Appletviewer), 730
- protecting
- IP addresses from spoofing, 436437
- passwords, 430432
- protocols
- address resolution protocol, 40
- boot, implementing, 26
- DARPA, 21
- embedding Kerberos tickets, 478
- File Transfer Protocol, 4750
- HTTP (HyperText Transfer Protocol)
- integration with Java, 733
- restricting access to CGIs with, 740
- ICMP (Internet Control Message Protocol), 29
- NNTP (Network News Transfer Protocol)
- connections with plug-gw application (TIS Firewall Tookit), 289292
- vulnerability to/exploitation by hackers, 403
- POP (Post Office Protocol), 292
- connections with plug-gw application (TIS Firewall Toolkit), 292294
- RIP (Routing Information Protocol)
- security issues, 433
- SNMP (Simple Network Management Protocol), 26
- SSL (Secure Sockets Layer)
- httpd randomization, vulnerability to hackers, 382
- TCP/IP (Transmission Control Protocol/Internet Protocol), 9
- configuring for TIS Firewall Toolkit, 242243
- SATAN scans, 419
- UDP (User Datagram Protocol), SATAN scans, 419
- vulnerability to network security attacks, 374
- Xerox NS Routing Information Protocol, 26, 61
- proxiable tickets (Kerberos), 511
- proxied tickets (Kerberos), 511
- proximity settings, SATAN scans, 464
- proxy-aware HTTP clients, 272
- PROXY field, Kerberos tickets, 527
- PROXY flag, Kerberos tickets, 509511
- Proxy Server
- configuring for Internet, 683684
- downloading, 694696
- dual-homed connections, 683684
- filtering options, 692693
- deny access, 692693
- grant access, 692693
- FTP, 692
- hardware configurations, 692
- HTTP, 692
- installing, 692
- Internet access process, 691692
- LAT (Local Address Table), 694
- ports, configuring, 686
- RealAudio, 692
- VDOLive, 692
- ps command, 52, 157
- pty files, security issues, 432433
- PUBDIR (Permissions file keyword), 123
- public key certification, Windows NT Directory Services, 696
- public key cryptography
- encrypted passwords, 193194
- key pairs, generating, 600601
- public key encryption, 486, 558559, 608
- e-mail messages, 641642
- messaging process, 559562
- obtaining, 568569
- uses, 561
- public key infrastructure (PKI), X.509 specification, 570571
- public key rings (PGP), 619
- adding keys to, 626628
- extracting keys from, 628629
- viewing contents, 632654
- vulnerability to hackers, 656
- public keyservers (PGP), 658
- public web servers, connecting Internet Information Server (IIS), 682683
- PUBRING configuration keyword (PGP), 652
- Purdue University COAST Lab, 225
- pvno field (Kerberos)
- KRB_AP_REP message, 538
- KRB_AP_REQ message, 537
- KRB_KDC_REP message, 533
- KRB_KDC_REQ message, 529
- KRB_PRIV message, 543
- KRB_SAFE message, 541
- Python CGI programming language, 751
Q - R
- -q (finger command option), 34
- -q (ping command option), 30
- query efficiency, DNS servers, 219
- question mark (?) in process tables, 53
- question mark (?) telnet command, 46
- quit (telnet command), 46
- -R (ping command option), 30
- -r (netstat command options), 35
- -r (ping command option), 30
- -r (rcp command options), 43
- -r (ruptime command option), 32
- r-address field
- KRB_CRED message, 546
- KRB_SAFE message, 542
- r-commands, rlogin protocol, 192
- R_stat (UUCP version 2 file), 100
- R_sub (UUCP version 2 file), 100
- RANDSEED configuration keyword (PGP), 652
- Raptor Eagle, 354355
- Raptor Systems web site, 682, 855
- RARP (Reverse Address Resolution Protocol), 26
- daemon, 26
- server level detection (ARP spoofing), 206
- use by diskless machines, 206
- rating
- behavior blockers, 831832
- heurisitic scanners, 832833
- integrity checkers, 830831
- memory scanners, 826827
- virus scanners, 825826
- RC ciphers
- designed as replacement for DES, 599
- level 2, 599
- level 4, 599
- level 5, 599
- limited key size, 599
- RSA Data Security development, 599
- rcmd command, 45
- RCMP Information Technology web site, 855
- rcp command, 43
- READ (Permissions file keyword), 122
- read permission, Internet Information Server (IIS), 689
- read stealth viruses
- antivirus programs, 837
- repairing, 836837
- realms (Kerberos), 479480
- intercommunication, 507
- Kerberos tickets, 514
- KRB_KDC_REQ message, 531
- naming, 504505
- records, SATAN databases, 467471
- recursive resolution, DNS servers, 219
- registers (JVMs), 726
- Registry Editor (Windows NT), disabling, 164
- Reload command (Java Appletviewer), 730
- remote command execution, 139
- REMOTE DOES NOT KNOW ME (UUCP log file error message), 128
- REMOTE HAS A LCK FILE FOR ME (UUCP log file error message), 128
- remote hosts, connecting with rlogin-gw application (TIS Firewall Toolkit), 258
- remote login, 61
- REMOTE REJECT AFTER LOGIN (UUCP log file error message), 128
- REMOTE REJECT, UNKNOWN MESSAGE (UUCP log file error message), 128
- remote shell access, SATAN scans, 425427
- removing
- PGP keys from key rings, 633634
- signatures from PGP keys, 633634
- RENEW field, Kerberos tickets, 528
- renew-till field
- Kerberos tickets, 514
- KRB_CRED message, 546
- KRB_KDC_REP message, 533
- RENEWABLE field, Kerberos tickets, 527
- renewable tickets (Kerberos), 510512
- RENEWABLE-OK field, Kerberos tickets, 527
- repairing
- boot record viruses, 833836
- computer viruses, read stealth type, 836837
- file viruses, executables, 836
- files, integrity checkers, 829831
- floppy boot record viruses, 782
- floppy disks, infected, 833834
- macro viruses, 837
- master boot record viruses, 834835
- partition boot record viruses, 785, 835
- report utilities (TIS Firewall Toolkit), 296310
- reports
- authentication server (TIS Firewall Toolkit), 300301
- FTP site usage (TIS Firewall Toolkit), 302
- http-gw application (TIS Firewall Toolkit), 302
- netacl application (TIS Firewall Toolkit), 302303
- network connections, 158159
- network service denials (TIS Firewall Toolkit), 301
- open files (lsof program), 160
- process accounting, 156157
- processes, 158
- rlogin-gw application (TIS Firewall Toolkit), 304305
- SATAN scans, 460462
- smap application (TIS Firewall Toolkit), 303304
- system access, sorting, 150
- system activity, 149150
- system resource allocation, 157
- tn-gw application (TIS Firewall Toolkit), 304305
- see also audit trails; logging; messages
- req-body field, KRB_KDC_REQ message, 530
- REQUEST (Permissions file keyword), 121
- requests, tickets
- via Authentication Service exchange, 517520
- via Ticket Granting Service exchange, 520526
- require command, 71
- reserved addresses, 11
- RESERVED field, Kerberos tickets, 527528
- RESERVED flag, Kerberos tickets, 509510
- resolution (Domain Name Service)
- iterative type, 219
- recursive type, 219
- resolving domain names, 218219
- respawn (run level action field), 75
- Restart command (Java Appletviewer), 730
- restricting
- CGI access, 743
- with HTTP, 740
- SSI access, 746
- retro viruses
- antivirus neutralization, 819
- infection process, 819
- Reverse Address Resolution Protocol, see RARP
- revoking PGP keys, 636637
- rexd services (portmap programs)
- SATAN scans, 427
- vulnerability to hackers, 405
- RFCs (request for comments), 480
- IP encryption technology, 231232
- Kerberos, 480
- .rhosts network configuration file, 23
- rights
- versus permissions, 674
- Windows NT
- groups, 674
- users, 674
- RIP (Routing Information Protocol) security issues, 433
- RISC (Reduced Instruction Set Computing) CPUs, 723
- Rivest, Shamir & Adelman, see RSA
- rlogin command, 4245
- rlogin protocol
- host equivalence file, 191192
- password authentication, 191192
- r-commands, 192
- security holes, 192193
- vulnerability to ARP spoofing, 192
- vulnerability to DNS spoofing, 192
- rlogin-gw application (TIS Firewall Toolkit), 334335
- clauses, 256
- configurations, 255259
- connecting to remote hosts, 258
- host access rules, 258259
- installation, 336337
- options, 334335
- reports, 304305
- rules, 256
- verifying operations, 259
- rlogind daemon, 61
- Ron Rivests Security Links web site, 604
- root access (networks)
- hacker acquisition of, 379380
- illegal, preventing, 379
- root directories, 760
- rootkit program (hacker coverup), 380
- route spoofing, 210
- case studies, Routing Information Protocol (RIP), 213215
- deactivating Internet Control Message Protocol (ICMP), 210211
- preventing, 215216
- process, 210
- routed daemon, 2627, 61
- router-based architecture for firewalls, 349350
- routers, 12
- case studies, ARP spoofing, 204205
- decentralized organizations, 350352
- effect on ARP spoofing, 203204
- preventing ARP spoofing, 203204
- stateful packet filters, 352
- routes
- dynamic, 27
- probes, 39
- static, 27
- tracing, 3839
- Routing Information Protocol (RIP)
- as passive participants, 213215
- GateD software, 215216
- hop counts, 213
- part of Xerox Networking System (XNS), 213
- route spoofing
- case studies, 213215
- preventing, 215216
- vector distance protocol, 213
- routing metric, 18
- routing protocols
- borders, 212
- external, 211213
- internal, 211213
- link-state, 212213
- vector distance, 212213
- routing tables, 2627, 61
- querying, 35
- rpc.statd daemon, 62
- RSA (Rivest, Shamir & Adelman)
- algorithm, public key cryptography, 600601
- checksums, 496
- cryptographic web site, 852
- Data Security web site, 599
- keys, hacking, 654655
- modulus, 603
- public key cryptosystem, 559
- RSAs Crypto FAQ web site, 604
- rsh command, 44
- rtime field, KRB_KDC_REQ message, 531
- rules (TIS Firewall Toolkit)
- authsrv, 278279
- ftp-gw, 260
- http-gw, 271
- netacl, 246
- plug-gw, 288289
- rlogin-gw application, 256
- smap client, 266
- smapd, 268
- tn-gw, 250251
- writing, 255
- rulesets, SATAN scans, 471474
- run levels, 57, 7376
- action fields, 7476
- adjusting, 73
- SCO OpenServer 5.0, 7374
- viewing current, 76
- running
- CGIs
- from controlled file system web servers, 744
- under program owner UIDs, 744745
- with minimum privileges, 743744
- code with Java, 719722
- SATAN from web browsers, 429430
- SATAN scans, 466467
- runtime checking (Java), 713
- runtime environment (Java), 707
- runtime memory layout (Java), 702
- runtime reference resolution (Java), 712
- ruptime command, 3132
- rusers program, exploitation by hackers, 399401
- rwall program (RPC services), 433
- vulnerability to hackers, 385
- rwho command, 32
- RWHO daemon, 28
- rwho program, exploitation by hackers, 399401
S
- -s (finger command option), 34
- -s (netstat command options), 35
- -s packetsize (ping command option), 30
- -s host address (arp command options), 40
- s-address field
- KRB_CRED message, 546
- KRB_SAFE message, 542
- S/KEY, zero-knowledge authentication mechanism, 194195
- sa command, 157
- safe-body field, KRB_SAFE message, 541
- safecgiperl CGI programming language, 751
- SATAN (Security Administrator Tool for Analyzing Networks), 371373, 410
- Admin Guide to Cracking documentation, 465
- benefits of, 476
- building, 455476
- CIAC web site, 412
- components, 410
- configurations, 462464
- Control Panel, 457
- databases, 458
- facts records, 467470
- host records, 470471
- records, 467471
- todo records, 471
- detecting scans by, 413414
- directories
- bin, 444445
- config, 443
- html, 445
- html/admin, 450
- html/data, 450
- html/docs, 445446
- html/dots, 446447
- html/images, 447
- html/reporting, 447448
- html/running, 448449
- html/tutorials, 449
- html/tutorials/vulnerability, 449
- include, 443
- perl, 454455
- perllib, 444
- rules, 443
- src, 450
- src/boot, 450
- src/fping, 452453
- src/misc, 451
- src/nfs-chk, 451
- src/port_scan, 452
- src/rpcgen, 453
- src/yp-chk, 453454
- top-level, 442
- downloading, 441442
- FTP sites, 441442
- history of, 410411
- HTML interface, 456465
- impact on network security, 412413
- online documentation, 464465
- Reference documentation, 465
- running from web browsers, 429430
- scanning
- portmap program services, 397
- ports, 407
- servers for remote access services, 396
- scans
- extensions, adding, 474475
- ftpd, 420422
- heavy, 420
- IP spoofing, 434437
- light, 419
- NIS server password files, 424
- normal, 419420
- portmap program forwarding, 424425
- proximity settings, 464
- remote shell access, 425427
- result reports, 460
- rexd services, 427
- rulesets, 471474
- running, 466467
- selecting targets, 459460
- sendmail program, 427428
- tftpd file access, 425
- unprivileged NFS access, 422423
- unrestricted NFS exports, 423424
- X servers, 428429
- vendor reaction to, 412418
- versus other network security evaluation programs, 412
- Vulnerabilities Tutorials documentation, 465
- scanning
- ftpd with SATAN, 420422
- network security with SATAN, 419420
- ports by SATAN, 407
- TCP ports by hackers, 395396
- TCP services with portscan, 241, 294
- UDP ports by hackers, 395396
- web servers for vulnerability, 402
- scans (SATAN)
- extensions, adding, 474475
- ftpd, 420422
- heavy, 420
- IP spoofing, 434437
- light, 419
- NIS server password files, 424
- NIS servers, 424
- normal, 419420
- portmap program forwarding, 424425
- proximity settings, 464
- remote shell access, 425427
- result reports, 460
- rexd services, 427
- rulesets, 471474
- running, 466467
- selecting targets, 459460
- sendmail program, 427428
- tftpd file access, 425
- unprivileged NFS access, 422423
- unrestricted NFS exports, 423424
- X servers, 428429
- sci.crypt, 857
- SCO OpenServer 5.0, 7374
- SCO Unix dialer programs, 108
- SCO Unix operating system, /etc/inetd.config file, 22
- sco_cpd daemon, 58
- scripts, chat, 109110
- searchlists, DNS security issues, 434
- secret key encryption, 486487, 608
- digital envelope, 577
- overview, 577
- uses, 561
- secret key rings (PGP), 620, 633
- viewing contents, 632633
- vulnerability to hackers, 655656
- SECRING configuration keyword (PGP), 652
- secure channels
- cryptographictools, 566567
- future initiatives, 575
- obtaining certificate authorities, 574575
- technologies
- Private Communication Transport (PCT), 574
- Secure Sockets Layer (SSL), 574
- Secure Electronic Transaction (SET) protocol
- credit card transactions, 576577
- development, 576577
- Secure Hash Algorithm (SHA), digital signatures, 571572
- secure portmap programs, 397
- Secure RPC, Diffy-Hellman algorithm, 194
- secure rpcbind programs, 397
- Secure Shell FTP site, 856
- Secure Shell program (network security), 416
- Secure Sockets Layer (SSL), 195
- defined, 690691
- digital certificates, 690691
- httpd randomization, vulnerability to hackers, 382
- Internet Information Server (IIS) session encryption, 687688
- secure channel technologies, 574
- versus Private Communication Transport (PCT), 575
- vulnerability to SATAN, 416417
- web sites, 417
- Windows NT Directory Services, 696
- Secure Telnet FTP site, 856
- secure user segments, sniffing, 184185
- security
- applet modes, 731732
- application gateways, 353
- application proxies, 348
- ARP requests, discontinuing, 201
- ARP spoofing
- detecting, 201, 205209
- host-level active detection, 206
- host-level passive detection, 205
- network-level detection, 207
- preventing, 201204
- server-level detection, 206
- circuit gateways, 347348
- confidential data, sniffing, 178
- encrypted passwords, 193194
- encryption overview, 195
- firewalls
- assessments, 367368
- selection criteria, 348349
- summary product evaluations, 369370
- FTP sites, 853
- hardware address spoofing, 196197
- http-gw application (TIS Firewall Toolkit), 327328
- Internet Information Server (IIS), 687691
- Java, 698702, 715716, 728734
- networks
- attacks, modem-based, 409418
- attacks on, 373386
- attacks on, acquiring login accounts, 378379
- attacks on, acquiring root access, 379380
- attacks on, characterizing, 378381
- attacks on, extend access by hackers, 380381
- detecting vulnerabilites via public documentation, 407418
- evaluating for weaknesses, 408418
- FTP sites regarding, 386
- hacker-generated patches, 408
- holes, 381385
- holes, detecting, 387409
- holes, mailing lists regarding, 386
- holes, newsgroups regarding, 386
- improving with firewalls, 417418
- improving with Kerberos, 414415
- improving with Secure Shell program, 416
- improving with SSL, 416417
- Internet Threat Levels, 374378
- SATAN searches for breaches, 376
- scanning with SATAN, 419420
- testing with SATAN, 372373
- web sites regarding, 386
- packet filtering, 347
- passive participants, Routing Information Protocol (RIP), 213215
- passwords
- management strategy, 177
- shoulder surfers, 177
- social engineers, 177
- transmission, 190196
- zero-knowledge authentication, 194195
- PC usage, 184186
- PGP, 654657
- rlogin protocol problems, 192193
- route spoofing, 210
- routers in decentralized organizations, 350352
- segments, case study, 187190
- sniffing
- defined, 174
- financial account numbers, 177178
- low-level protocol information, 178
- network analyzers, 174
- process overview, 174176
- trust relationships, 182
- stateful packet filters, 352
- UseNet newsgroups, 857
- vendors, 852
- web sites, 853
- Security Account Manager (SAM), Windows NT security model, 668
- Security Dynamics web site, 574, 599
- Security Log (Windows NT), 164
- Security Reference Monitor (Windows NT), 668
- segmenting networks, 181182
- segments
- insecure, deployment strategies, 187
- networks, defined, 181182
- one-way trust, connecting, 186187
- security
- case study, 187190
- deployment strategies, 187190
- selecting
- firewall criteria, 348349
- stateful packet filters, 355356
- transport firewalls, 355356
- selective caching, 224225
- send (telnet command), 46
- SENDFILES (Permissions file keyword), 121
- sending e-mail messages with PGP, 639
- sendmail, 9
- sendmail daemon, 47, 60
- Unix audit logs, 153
- vulnerability to hackers, 60
- sendmail program
- bounce to program hole, 381
- -C option, vulnerability to hackers, 385
- -d debug hole, 381
- exploitation by hackers, 393395
- SATAN scans, 427428
- syslog buffer, vulnerability to hackers, 382
- vulnerability to hackers, 393395
- web site, 408
- sendmail proxy application, see smap application; smapd application
- sensitive data, sniffing, 178
- seq-number field
- Kerberos ticket authenticators, 516
- KRB_SAFE message, 541
- SEQF (UUCP version 2 file), 100
- Serial Line Internet Protocol (SLIP) 17
- server level detection, detecting ARP spoofing, 206
- Server Message Blocks (SMB), 684685
- security weaknesses, 684685
- Server Side Includes (SSI)
- access restrictions, 746
- alternatives to, 746747
- CGIs, 746747
- servers
- authentication server (TIS Firewall Toolkit), 276288
- bootpd servers, vulnerability to hackers, 397399
- exploitation by hackers, 397399
- ftpd servers, vulnerability to hackers, 391393
- hostnames, hacker access to, 387389
- identd servers, vulnerability to exploitation by hackers, 404
- inetd super-server, 28
- Kerberos
- authentication servers, 479
- principal names, 506
- protection, 414415
- NFS servers, vulnerability to hackers, 384
- NIS servers
- exploitation by hackers, 402
- passwd files, SATAN scans, 424
- password protection, 431
- SATAN scans, 424
- vulnerability to hackers, 402
- pinging to determine firewall/Internet connections, 389
- remote, updating remote server database, 28
- SNMP servers, vulnerability to/exploitation by hackers, 406407
- starting, 61
- web servers
- CGI request logins, 753
- CGI security issues, 744
- CGI trust relationships, 740
- converting from root to controlled file systems, 744
- SSL protection, 416
- X servers, SATAN scans, 428429
- X Windows servers, vulnerability to hackers, 405
- services
- configuring (Windows NT), 684685
- disabling (Windows NT), 684685
- networks, 2122
- denial reports (TIS Firewall Toolkit), 301
- reducing active processes, 239
- status displays, 238
- vulnerability to hackers, 440
- SATAN scan rulesets, 473
- TCP
- accessing with netacl, 245
- scanning with portscan, 241, 294
- SESAME (network authentication program), 478, 499
- set (telnet command), 46
- shadow password files, 431
- shared secret, challenge/response authentication (Windows NT), 677679
- shell histories, history logs, 155
- showmount command, 62
- showmount scans (SATAN), 419
- SHOWPASS configuration keyword (PGP), 652
- SIGABRT (signal), 65
- SIGALRM (signal), 65
- SIGBUS (signal), 65
- SIGCHLD (signal), 65
- SIGCONT (signal), 65
- SIGEMT (signal), 65
- SIGFPE (signal), 65
- SIGHUP (signal), 65
- SIGILL (signal), 65
- SIGINT (signal), 65
- SIGIO (signal), 65
- SIGKILL (signal), 65
- SIGLOST (signal), 65
- signal library functions, 66
- signals, 6465
- BREAK chat scripts (UUCP), 113, 134
- trapping, 6466, 69
- signing
- e-mail messages with PGP, 640643
- PGP keys, 629632
- SIGPIPE (signal), 65, 69
- SIGPROF (signal), 65
- SIGQUIT (signal), 65
- SIGSEGV (signal), 65
- SIGSTOP (signal), 65
- SIGSYS (signal), 65
- SIGTERM (signal), 65
- SIGTRAP (signal), 65
- SIGTSTP (signal), 65
- SIGTTIN (signal), 65
- SIGTTOU (signal), 65
- SIGURG (signal), 65
- SIGUSR1 (signal), 65
- SIGUSR2 (signal), 65
- SIGVTALRM (signal), 65
- SIGWINCH (signal), 65
- SIGXCPU (signal), 65
- SIGXFSZ (signal), 65
- sites
- ActivCard, Inc., 574
- Ascend, 683
- ASCOM, 599
- AT&T, 854
- Bellcore, 194
- Canadian Security Intelligence Service, 854
- Central Intelligence Agency, 854
- CERN WWW Consortium, 854
- Checklist, 856
- Checkpoint Software Technologies, 682
- CIAC, 854
- Cisco Systems, 576
- COAST Project, 854
- CommerceNet, 570
- Computer Systems Consulting, 854
- Computer Virus Help Desk, 604
- Counterpane, 599
- Cypherpunks, 854
- Datakey, Inc., 574
- Digital Pathways, 574
- FBI, 854
- Fremont, 854
- FTP
- Argus network management program, 354, 414
- binary files, integrity of, 439440
- Bones, 499
- CERT, 850851, 854
- CIAC group, 850
- Ckpasswd, 854
- COAST project, 850
- connecting to with ftp-gw application, 263
- connecting to with netacl, 247249, 264
- COPS, 854
- DDN Security Bulletins, 854
- FIRST, 851
- Fremont network security evaluation system, 412
- Greatcircle, 855
- ISS network security evaluation program, 412
- Kerberos Information, 855
- NEC Security Tools, 855
- netlog program, 414
- network security-related, 386
- SATAN, 441442
- Secure Shell program, 416, 856
- Secure Telnet, 856
- SNMP FTP Archives, 856
- socks IP encapsulation program, 418
- TCP wrappers (SATAN scan detection program), 414
- Texas A&M University Security Archives, 856
- TIS FTP Archive, 856
- usage reports (TIS Firewall Toolkit), 302
- Vince Cates Security Page, 856
- Wietse Venema (co-creator of SATAN), 411, 856
- Xinetd SATAN scan detection program, 414
- Gabriel, 854
- GateD Consortium, 215
- Gene Spafford, 855
- Gopher sites, connecting to with http-gw, 270275
- Innovative Security Products Security, 855
- Internet Engineering Task Force, 575
- Internet RFC Index, 855
- Microsoft, 576
- National Security Agency, 855
- National Security Institutes, 855
- Netscape Corporation, 855
- Network-1 Software, 682
- NIST (U.S. National Institute of Standards and Technology), 855
- PGP and IDEA Archives, 855
- Purdue University COAST Lab, 225
- Raptor Systems, 682, 855
- RCMP Information Technology, 855
- Ron Rivests Security Links, 604
- RSA Data Security, 599
- RSAs Crypto FAQ, 604
- Security Dynamics, 574, 599
- SRI Computer Science Lab, 856
- SSLref Source, 856
- Telnet
- connecting to with tn-gw application, 252253
- verifying connections with tn-gw, 254255
- Terry Ritters Cyphers, 604
- Unix Systems Security, 856
- U.S. Post Office, 568
- VeriSign, 856
- ViaCrypt, 856
- White Paper Series, 855
- SKE (secret key encryption), 608
- slc (telnet command), 46
- slink daemon, 25
- SLIP (Serial Line Internet Protocol), 17
- slow viruses
- infection process, 817819
- non-stealthing, 817819
- smap (sendmail proxy) application, 336337
- configurations, 265267
- DNS configurations, 269271
- installation, 265, 337
- reports, 303304
- smapd (sendmail proxy daemon) application, 337339
- configurations, 267269
- installation, 267, 338339
- options, 337338
- smart card password security programs, 432
- sname field
- Kerberos tickets, 514
- KRB_CRED message, 546
- KRB_KDC_REP message, 533
- KRB_KDC_REQ message, 530
- sniffing
- confidential data, 178
- data capturing capabilities, 175176
- defined, 174
- exploitation by hackers, 404405
- financial account numbers, 177178
- hardware barriers, 183190
- mutually trusting machines, 186
- secure user segments, 184185
- low-level protocol information, 178181
- network administrators, troubleshooting, 175176
- passwords, 177
- physical security options, 182
- process overview, 174176
- software
- Esniff.c, 176
- EthDump, 176
- EthLoad, 176
- NetMan, 176
- TCPDump, 176
- software availability, 175176
- TCP connections, 228229
- trust relationships, 182
- use of network analyzers, 174
- SNMP (Simple Network Management Protocol), 26
- ARP spoofing monitors
- arpmon, 208209
- ARPWatch, 208209
- netlog, 208209
- Tricklet, 208209
- daemon, 26
- FTP Archives, 856
- RMON (remote monitoring) protocol, 208209
- servers, vulnerability to/exploitation by hackers, 406407
- Windows NT, logging local network activity, 165
- snmpget program, 406
- snmpnetstat program, 406
- snmpwalk program, 406
- sockets
- querying status, 3538
- states, 38
- socks
- Internet sites, 418
- IP encapsulation, 418
- vulnerability to SATAN, 418
- software (sniffing)
- Esniff.c, 176
- EthDump, 176
- EthLoad, 176
- NetMan, 176
- TCPDump, 176
- source routing, exploitation by hackers, 405
- special characters
- chat scripts (UUCP), 114115, 135
- UUCP Dialer file, 109
- Speed (BNU Devices file field name), 106
- Speed (BNU Systems file field name), 112
- Speed (L-devices file field), 132
- Speed (L.sys file field), 134
- spoofing
- active attacks on DNS servers, 222223
- Berkeley Internet Name Daemon (BIND), 225
- DNS server scenarios, 220221
- DNS spoofing, preventing in TIS Firewall Toolkit configuration, 245
- hardware addresses, 196197
- IP spoofing, SATAN scans, 434437
- passive attacks on DNS servers, 221222
- prevention methods
- certificate-based, 573574
- two-factor authentication, 573574
- selective caching defense for DNS servers, 224225
- TCP connections, 225226
- SQFILE file, UUCP version 2, 139
- SQL Server (Windows NT), transaction logging, 166
- SRA (Texas A&M),
- encrypted password mechanisms, 194
- Secure RPC technology, 194
- src directory (SATAN), 450
- src/boot directory (SATAN), 450
- src/fping directory (SATAN), 452453
- src/misc directory (SATAN), 451
- src/nfs-chk directory (SATAN), 451
- src/port_scan directory (SATAN), 452
- src/rpcgen directory (SATAN), 453
- src/yp-chk directory (SATAN), 453454
- srealm field
- KRB_CRED message, 546
- KRB_KDC_REP message, 533
- SRI Computer Science Lab web site, 856
- SSI (Server Side Includes)
- access restrictions, 746
- alternatives to, 746747
- CGIs, 746747
- SSLref Source web site, 856
- stacks (Java Virtual Machines)
- constant pool memory area, 728734
- execution environment, 727
- garbage collected heap, 727
- local variables, 726727
- method memory area, 728734
- operand stacks, 727
- stages (TCP connections)
- data exchange, 227
- setup, 226227
- starting netacl application (TIS Firewall Toolkit), 245
- starttime field
- Kerberos tickets, 514
- KRB_CRED message, 546
- statd daemon, 62
- stateful packet filters
- firewall architecture, 352
- protocols
- IP, 352
- TCP, 352
- UDP, 352
- versus transport firewalls, 355356
- static web pages, Internet Information Server (IIS), 686
- status (telnet command), 46
- status files (UUCP), 119, 135
- STDERR (standard error files), 68
- STDIN (standard input files), 68
- STDOUT (standard output files), 68
- stealth viruses
- defined, 813815
- infection process, 815817
- read stealthing, 813815
- size stealthing, 813815
- versus integrity checkers, 830831
- stealthing technique in partition boot record viruses, 785
- stime field, KRB_ERROR message, 550
- Stoned Monkey virus, master boot record viruses, 789
- stream ciphers versus block ciphers, 593594
- streams, querying, 35
- STREAMS modules, linking, 25
- subexpect-subsend pairs, 113116, 134135
- subkey field
- Kerberos ticket authenticators, 516
- KRB_AP_REP message, 539
- subnets, 1114
- address interpretation, 12
- determining fixed bits, 13
- dividing addresses into, 1214
- netmasks, determining, 14
- reserved divisions, 12
- types, selecting, 13
- subnetting router installation, ARP spoofing, 204205
- substitution (symmetric encryption)
- Caesar Cipher, 582584
- monoalphabetic, 584589
- SUCCEEDED (UUCP log file error message), 128
- sudo command, 152
- sulog file, Unix audit log, 152153
- Sun Microsystems, network addresses, 11
- superuser access programs, 380
- susec field, KRB_ERROR message, 550
- swapper daemon, 57
- SwIPe, encryption technology, 231232
- switch user command, 152
- Symantec AntiVirus Research Center, 786
- symmetric encryption
- block ciphers, 577578
- Blowfish cipher, 599
- ciphertext bit size, 577578
- deciphering, 580581
- digital envelope, 577
- monoalphabetic substitution, letter frequency, 587589
- overview, 577
- size of keys, 577578
- stream ciphers, 577578
- substitution, 577578
- Caesar Cipher, 582584
- monoalphabetic, 584589
- transposition, 577578
- Vigenere encryption, 590593
- symmetric key encryption, 558559
- symmetric multiprocessing (Windows NT), 665666
- SYN_RECEIVED (socket state), 38
- SYN_SENT (socket state), 38
- synchronizing threads with Java, 710
- SYS files
- computer viruses, 769770
- entry points for file viruses, 794
- Sysfiles (Basic Networking Utilities file), 99
- sysinit (run level action field), 75
- SYSLOG (UUCP version2), 139
- syslog (syslog file facility), 151
- buffers, vulnerability to hackers, 382
- daemon, 28, 5960
- files
- facilities, 151
- messages, fake, 168
- severity levels, 151152
- Unix audit log, 150152
- syslog.conf file, 5960, 150
- syslogd daemon, 150
- System (L.sys file field), 133
- system boot
- init daemon, 57
- required files
- HP-UX, 5455
- SCO Unix, 5556
- SunOS, 53
- run levels, 74
- System Log (Windows NT), 164
- SYSTEM NOT IN Systems (UUCP log file error message), 128
- system security
- audit trails (Windows NT), 162166
- break-ins, 168
- command log files, 157
- crontab file, logging usage, 153
- dial-out facilities, logging usage, 153
- DOS utilities, 166167
- Ethernet sniffers, 159
- file transfer logs, 154
- generating access reports, 149150
- history logs, shell histories, 155
- Host Equivalency, 2324
- intruder indicators, 167
- log file utilities
- recommendations, 167169
- security problems, 168169
- logging utilities, tampering, 169
- logins, UTMP file unreliability, 148
- lpd bugs, 154
- network connections logs, 158159
- passwords, FTP access, 4850
- permission files (UUCP version 2), 136
- process accounting, 155
- process activity logs, 158
- procmon.cfg configuration file, 71
- remote command execution, 139
- sendmail logs, SMTP port bugs, 153
- TCP wrapper logs, 168
- Trusted Host Access, 2324
- trusted hosts list, /etc/hosts.equiv, 23
- Unix reporting utilities, 160161
- user privileges, 153
- USERFILE (UUCP version 2), 137138
- usernames, recording switched, 152
- UUCP
- anonymous login, 125126
- CALLBACK Permissions file option, 124
- command sequence, 118
- debugging network connections, 119120
- open connections, 117120
- Permissions file, 120125
- SENDFILES Permissions file option, 124
- validating hostnames, 124
- System_Name (BNU Systems file field name), 110
- systems
- activity, generating reports, 149150
- configuring on the fly, 71
- conversations, tracking, 139
- information logs, 5960
- messages, logging, 28
- names (UUCP systems), 102103
- remote
- accessing with chat scripts, 113116, 134135
- validating identity, 137
- run levels, 7376
- viewing current, 76
- shutdowns, records, 149
- subsystems, querying, 3538
- system monitoring messages, 7172
- troubleshooting log files, 126
- UUCP
- defining, 110113
- system statistics, 129
- Systems (Basic Networking Utilities file), 99
- Systems file (UUCP), 110113, 125
- Systems Management Server (Windows NT), monitoring TCP/IP traffic, 166
T
- -t (netstat command options), 35
- -t (ruptime command option), 32
- tables
- address resolution protocol, 4041
- host, 14
- Internet-to-Ethernet address translation, 40
- process, 5253
- routing, 26, 61
- Tag command (Java Appletviewer), 730
- talk.politics.crypto newsgroup, 857
- TALKING (UUCP log file error message), 128
- targeting
- floppy disks for viruses, 762
- master boot records for viruses, 763
- partition boot records for viruses, 765
- task scheduling, 58
- Tcl CGI programming language, 751
- TCP (Transmission Control Protocol)
- connections
- preventing remote access to local services, 396
- sniffing, 228229
- spoofing, 225226
- stages, 226227
- via modems, 430
- via proxy servers, 418
- vulnerability to hackers, 383
- datagrams, forging, 227228
- forging without sniffing, 229
- ports, scanning by hackers, 395396
- SATAN scans, 419
- services
- accessing with netacl, 245
- scanning with portscan, 241, 294
- wrapper log utility, 161, 168
- wrappers, 396
- SATAN scan detection programs, 413414
- TCP/IP (Transmission Control Protocol/Internet Protocol)
- command categories, 28
- configuring for TIS Firewall Toolkit, 242243
- forging, case studies, 229230
- history, 89
- spoofing defense mechanisms
- eliminating inactive terminal sessions, 230231
- encryption-based terminal protocol, 230231
- terminal session protocols, 230231
- timesharing machines, 230231
- Systems Management Server, monitoring traffic, 166
- TCPDump, sniffing software, 176, 405
- telnet protocol, 4550
- command, 4550
- proxy application, see tn-gw application
- sites
- connecting with tn-gw application (TIS Firewall Toolkit), 252253
- verifying connections with tn-gw application (TIS Firewall Toolkit), 254255
- terminals
- * (asterisk) write status, 33
- idle time, 33
- remote terminal type, 42
- remote terminal sessions, 42
- terminal emulation, 4547
- see also telnet
- Terry Ritters Cyphers web site, 604
- testing
- applets, 707, 729731
- firewall performance guidelines, 362367
- network security with SATAN, 372373
- Texas A&M University Security Archives FTP site, 856
- text files, processing with PGP, 638639
- TEXTMODE configuration keyword (PGP), 652
- threads, synchronizing with Java, 710
- ticket field
- KRB_AP_REQ message, 538
- KRB_KDC_REP message, 533
- Ticket Granting Service exchange (Kerberos), 520526
- specifications, 526533
- tickets (Kerberos), 478, 513515
- authentication, 512
- authenticators, 515516
- expiration, 519
- fields, 514515
- flags, 509512
- forwardable, 511512
- initial, 510
- invalid, 510
- postdated, 511
- preauthenticated, 510
- proxiable, 511
- proxied, 511
- renewable, 510511
- requests
- via Authentication Service exchange, 517520
- via Ticket Granting Service exchange, 520526
- tickets field, KRB_CRED message, 546
- till field, KRB_KDC_REQ message, 531
- time stamps, Kerberos support, 547
- Time_to_Call (BNU Systems file field name), 110
- TIME_WAIT (socket state), 38
- timestamp field
- KRB_CRED message, 546
- KRB_SAFE message, 541
- TIS (Trusted Information Systems) Firewall Toolkit, 234238
- applications
- authentication server, 276288
- authmgr client, 310311
- authsrv, 311318
- clauses, 244
- comments, inserting, 244
- ftp-gw, 259264, 318322
- http-gw, 270275, 322328
- login-sh, 328329
- netacl, 245249, 330331
- plug-gw, 288294, 332333
- rlogin-gw, 255259, 334335
- rules, 244, 255
- smap client, 265, 336337
- smapd, 267, 337339
- tn-gw, 249255, 339342
- x-gw, 275276, 342343
- compiling
- under BSDI, 236
- under SunOS, 236
- disabling IP address forwarding, 242243
- disabling inetd services, 240
- FTP site, 408
- Help, 305306
- installation, 237238
- mailing lists regarding, 306
- makefiles, editing under BSDI, 236
- netperm table, 244245, 306310
- netscan utility, 295
- newsgroups regarding, 305
- portscan utility, 294
- preparing for configuration, 238242
- preventing DNS spoofing, 245
- report utilities, 296310
- TCP/IP configurations, 242243
- web site, 852
- TIS FTP Archive, 856
- TIS Gauntlet, 370
- TMP configuration keyword (PGP), 652
- tn-gw (telnet gateway) application, 249255, 339342
- clauses, 250251
- commands, 252
- configurations, 249255
- host access rules, 253254
- installation, 341342
- options, 340341
- reports, 304305
- rules, 250251
- Telnet connections
- establishing, 252253
- verifying, 254255
- todo records
- SATAN databases, 471
- SATAN scan rulesets, 474
- toggle (telnet command), 46
- token authentication devices, obtaining, 572574
- token ring, 8
- top-level directories (SATAN), 442
- traceroute command, 3839
- traceroute program, finding IP layer information, 405
- trailer encapsulation, 18
- trailers command (ifconfig), 18
- Transarc Kerberos distribution, 498501
- transited fields, encoding in Kerberos Ticket Granting Service exchange, 514, 525
- Transmission Control Protocol/Internet Protocol, see TCP/IP
- transmitting passwords, security strategies, 190196
- transport firewalls versus stateful packet filters, 355356
- transport level proxies, 356357
- performance guidelines for firewalls, 365366
- product comparisions in firewalls, 365366
- transposition, symmetric encryption, 578
- trap doors in cryptosystems, 563564
- tripwire (Unix file system utility), 161
- troubleshooting
- memory failures, 37
- sniffing by network administrators, 175176
- system log files, 126
- trust files, SATAN scan rulesets, 474
- trust relationships
- configuring, 671672
- creating, 671672
- defined, 671672
- PGP keys, 620622, 630
- security, sniffing, 182
- User Manager for Domains utility (Windows NT), 672
- Windows NT Directory Services, 696
- trust-based networks, vulnerability to hackers, 427
- Trusted Host Access, 2324
- Trusted Information Systems Gauntlet, 354
- Trusted Information Systems, see TIS Firewall Toolkit
- two factor auhentication systems, 360361
- Type (BNU Dialers file field name), 109
- Type (BNU Systems file field name), 111
- Type (L-devices file field), 131
- TZFIX configuration keyword (PGP), 653
U
- -u (ruptime command option), 32
- UDP (User Datagram Protocol)
- connections, preventing remote access to local services, 396
- ports, scanning by hackers, 395396
- SATAN scans, 419
- uname command (UUCP), 102
- University of California at Berkeley, 8
- Berkeley r-commands, 4245
- Unix
- audit logs, 148155
- process accounting, 155157
- firewall systems, 354355
- mailers, integration with PGP, 659
- operating systems, /etc/inetd.config file, 22
- PGP interface, 658659
- rlogin protocol, 191192
- Security web site, 856
- Unix to Unix CoPy, see UUCP
- unknown trust relationships (PGP), 621622, 630
- Unrestricted security mode, Java applets, 731
- unset (telnet command), 46
- UNUSED field, Kerberos tickets, 527
- up command (ifconfig), 18
- update daemon, 57
- U.S. Postal Service
- certificate authorities, 568569
- public key encryption, messaging process, 559562
- web site, 568
- usec field
- KRB_CRED message, 546
- KRB_SAFE message, 541
- UseNet newsgroups
- Kerberos-related, 553
- network security hole-related, 386
- newsgroups
- alt.2600, 857
- alt.hacker, 857
- alt.security, 857
- alt.security.pgp, 857
- alt.security.ripem, 857
- comp.protocols.kerberos, 857
- comp.security.announce, 857
- comp.security.firewalls, 857
- comp.security.misc, 857
- comp.security.unix, 857
- sci.crypt, 857
- security topics, 857
- talk.politics.crypto, 857
- TIS Firewall Toolkit-related, 305
- user accounts
- adding to authentication server database (TIS Firewall Toolkit), 280284
- authenticating with Kerberos, 480484
- authorizing with Kerberos, 481
- configuring, User Manager (Windows NT), 672
- hacker acquisition of, 378379
- hosts.equiv files, vulnerability to hackers, 382
- passwords, cracking, 379
- requesting credentials from Kerberos authentication servers, 483
- User Manager (Windows NT), security identifiers (SID), 672
- UUCP anonymous login, 125126
- user commands, 42
- User Manager (Windows NT), user accounts, configuring, 672
- User Manager for Domains utility (Windows NT), 672
- user-data field, KRB_SAFE message, 541
- USERFILE (UUCP version 2), 99
- file transfer entries, 138
- system security, 137138
- userids, PGP keys, creating, 624626
- usernames
- logging, 152153
- system security, Ethernet sniffers, 159
- users
- currently logged reports, 32
- information
- distributing, 35
- querying, 3335
- logging activity, 158
- utilities (CGIWrap), 745
- UTMP file, Unix audit log, 148149
- utmp files, vulnerability to hackers, 385
- uucheck (Basic Networking Utilities file), 99
- uucico (Basic Networking Utilities file), 99
- command (UUCP), 116
- uuclean (UUCP version 2 file), 99
- uuclean command, 140
- uucleanup (Basic Networking Utilities file), 99
- UUCP (Unix to Unix CoPy), 97
- addresses
- bang addressing, 101102
- Internet compatibility, 101102
- cancelling jobs, 129
- chat scripts, 113116, 134135
- defining, 113116, 134
- special characters, 114115, 135
- with TCP/IP, 116
- configuring, 105, 131
- devices, 105107
- over TCP/IP, 141142
- debugging network connections, 116117
- checking file ownership, 117
- device connections, 108
- displaying error messages, 116, 135
- devices
- defining for local networks, 107
- defining for TCP/IP connections, 107
- file ownership, 107
- testing connections, 108, 132133
- Dialer file, special characters, 109
- directories, file layout, 104113
- files
- maintenance, 128129, 140141
- status, 119, 135
- transferring, 101102
- history, 98100
- log files, 126128
- error messages, 127128
- troubleshooting network connections, 126
- modem connections, defining phone numbers, 112113
- networks, 100101
- defining, 110113
- Permissions file, 120121
- anonymous login, 125126
- defaults, 120121
- validating hostnames, 124
- system names, 102103
- choosing, 103104
- length limitations, 102
- setting, 103
- system security
- anonymous login, 125126
- CALLBACK Permissions file option, 124
- command sequence, 118
- debugging network connections, 119120
- open connections, 117120
- Permissions file, 120125
- SENDFILES Permissions file option, 124
- systems file
- calling time scheduling, 111
- retry numbers, 111
- utilities, Unix audit logs, 154
- version 2
- commands, 130131
- debugging permission files, 137
- file layout, 130131
- permission files, 136139
- versions, 98
- file listings, 98100
- verification, 103104
- uucp (syslog file facility), 151
- uudemon.admin (Basic Networking Utilities file), 99
- uudemon.cleanup (Basic Networking Utilities file), 99, 129
- uudemon.day (UUCP version 2 file), 99
- uudemon.hour (Basic Networking Utilities file), 99
- uudemon.kr (UUCP version 2 file), 100
- uudemon.poll (Basic Networking Utilities file), 99, 129
- uudemon.wk (UUCP version 2 file), 100
- uugetty (Basic Networking Utilities file), 100
- uusched (Basic Networking Utilities file), 100
- uustat command, 129
- uusub (UUCP version 2 file), 100
- uutry (Basic Networking Utilities file), 100, 116
- uuxqt (Basic Networking Utilities file), 100
V
- -v (ping command option), 30
- VALIDATE (Permissions file keyword), 123
- VALIDATE field
- Kerberos tickets, 528
- variables, local in JVM stacks, 726727
- vector distance routing protocols, 212213
- vendors for security software, 852
- Venema, Wietse (co-creator of SATAN), 411
- VERBOSE configuration keyword (PGP), 653
- verifying
- binary file integrity to prevent hacker attacks, 439440
- e-mail messages with PGP, 616617, 643645
- firewalls, security assessments, 367368
- ftp-gw application operations, 262263
- Java bytecodes, 721
- PGP keys, 635636
- rlogin-gw application operations, 259
- Telnet connections with tn-gw application (TIS Firewall Toolkit), 254255
- Verisign Corporation
- certificate authorities, 568569, 690691
- digital certificates, class levels, 570
- public key infrastructure (PKI), 570571
- web site, 856
- ViaCrypt web site, 856
- viewing
- applets with Netscape, 732
- PostScript files to prevent hacker attacks, 440
- public key ring contents, 632633
- secret key ring contents, 632633
- Vigenere encryption versus monoalphabetic substitution, 590593
- Vince Cates Security Page, 856
- virtual private networks (VPNs), encrypted tunnels, 360361
- virus behaviors (Windows NT)
- boot record viruses, 840842
- master boot record viruses, 838840
- virus scanners
- advent of algorithmic entry point scanners, 823826
- decryption routines, 821
- early versions, 820826
- file search strategies, 820826
- functions, 820826
- generic decryption (GD) in polymorphic viruses, 824826
- lack of success against polymorphic viruses, 822826
- rating criteria, 825826
- use of algorithms, 820826
- wild card signatures, 821826
- viruses, see computer viruses
W
- -w (finger command option), 34
- wait (run level action field), 75
- WANs (wide area networks), firewall architecture, 346347
- warning (syslog file severity level), 152
- Watchdog (DOS audit trail utility), 167
- web, see WWW (World Wide web)
- web pages (Internet Information Server)
- dynamic, 686
- static, 686
- web servers
- CGI request logins, 753
- CGI security issues, 744
- CGI trust relationships, 740
- converting from root to controlled file systems, 744
- internal network security, protocol isolation, 681682
- replication scheme, 681682
- SSL protection, 416
- see also WWW servers
- web sites, see WWW sites
- White Paper Series web site, 855
- who command, 76
- whois program, hacker exploitation of, 387
- Wietse Venema FTP Archive, 856
- Windows, front-end applications for PGP, 659
- Windows 3.1 file viruses
- in Windows NT environment, 845
- Ph33r, 845
- TSR type, 845
- Windows Internet Naming Service, see WINS
- Windows NT
- Application Log, 163
- ARP cache entries
- arp command, 202
- displaying, 202
- audit trails, 162166
- boot record viruses
- dropper programs, 840
- floppy disk booting, 840
- multipartite viruses, 840
- bootup process with master boot record infection, 839840
- components
- Internet Information Server (IIS), 664665
- Microsoft Proxy Server, 664665
- crashing Registry Editor, 164
- directory hierarchies, 694696
- Directory Auditing dialog box, 162
- Directory Services features
- CryptoAPI, 595
- Kerberos version 5, 595
- public key certification, 595
- Secure Sockets Layer (SSL), 595
- trust relationships, 595
- DNS Server, intranet implementation, 679
- domain controllers
- backup, 670671
- primary, 670671
- domain model, 665
- domains
- account configurations, 669670
- administrator accounts, 669670
- audit configurations, 669670
- creating, 670671
- defined, 669670
- trust relationships, 669670
- DOS viruses, potential damage, 844845
- Dynamic Host Configuration Protocol (DHCP), 680
- enabling auditing, 162
- Event Viewer, log entry types, 163164
- features, 664665
- file sharing protocols, 664665
- file viruses, DOS variety, 842845
- firewall systems, 354355
- global groups, 673
- Domain Admins, 673
- Domain Guests, 673
- Domain Users, 673
- groups
- Administrators, 673
- Backup Operators, 673
- Guests, 673
- Print Operators, 673
- Replicators, 673
- rights, 674
- Server Operators, 673
- Users, 673
- hardware requirements for Internet connections, 680682
- httpd service, 165
- installing with boot record viruses, 842
- Kernel Mode, 666
- log files
- TCP/IP applications, 165166
- viewing, 163164
- logging ftp connections, 164
- logon procedure
- challenge/response authentication, 677679
- interactive, 675677
- remote, 675677
- logon types
- domain, 675677
- local, 675677
- trusted domain, 675677
- macro viruses, virus behavior, 845
- master boot record viruses
- dropper programs, 838
- floppy disk booting, 838
- multipartite viruses, 838
- Microsoft web site resources, 665
- modular design, 665666
- multiple processor platforms, 665666
- multithreading, 665666
- native viruses, 846
- permissions
- add, 674675
- add and read, 674675
- change, 674675
- full control, 674675
- list, 674675
- no access, 674675
- read, 674675
- ports, configuring, 685686
- proxy server configurations, 683684
- security integration with Internet Information Server (IIS), 687
- Security Log, 164
- security model
- Local Security Authority (LSA), 668
- Logon Process, 668
- Security Account Manager (SAM), 668
- Security Reference Monitor, 667668
- security subsystems
- access control lists (ACLs), 667668
- administrator responsibilities, 667668
- Server version, 664
- services
- configuring, 684685
- disabling, 684685
- SNMP, logging local network activity, 165
- SQL Server, transaction logging, 166
- subsystems, 666
- support of possible worm programs, 808809
- symmetric multiprocessing, 665666
- System Log, 164
- Systems Management Server, monitoring TCP/IP traffic, 166
- User Mode, 666
- users
- accounts, 669
- file rights, 669
- logons, 669
- rights, 674
- virus behaviors
- boot record viruses, 840842
- master boot record viruses, 838840
- overview, 838846
- web servers, internal network security, 681682
- Windows 3.1 file viruses, virus behavior, 845
- WINS Server, intranet implementation, 680
- workgroup model, 665
- Workstation version, 664
- WINS (Windows Internet Naming Service) Server, intranet implementation, 680
- wiping files with PGP, 648649
- Word for Windows, macro virus infection process, 806807
- workstation authentication in Kerberos, 551552
- World Wide web Consortium (W3C), Digital Signature Initiative, 576
- world-writeable e-mail directories, vulnerability to hackers, 384
- worm programs
- computer viruses, 808809
- lack of PC effects, 808809
- UNIX/SUN incident, 808809
- WRITE (Permissions file keyword), 122
- write permission, Internet Information Server (IIS), 689
- WRONG MACHINE NAME (UUCP log file error message), 128
- WRONG TIME TO CALL (UUCP log file error message), 128
- WTMP file, Unix audit log, 149150
- WWW (World Wide web)
- browsers
- Netscape, Java support, 732
- non-proxy aware, 271272
- proxy aware, 272
- running SATAN, 429430
- servers
- CGI request logins, 753
- CGI security issues, 744
- CGI trust relationships, 740
- converting from root to controlled file systems, 744
- HTTPD servers, Unix audit logs, 155
- SSL protection, 416
- sites
- ActivCard, Inc., 574
- asax, 160
- Ascend, 683
- ASCOM, 599
- AT&T web site, 854
- Bellcore, 194
- Canadian Security Intelligence Service, 854
- Central Intelligence Agency, 854
- CERN WWW Consortium, 854
- CGI libraries, 739
- CGI specifications, 736
- Checklist, 856
- Checkpoint Software Technologies, 682
- chklastlog, 160
- chkwtmp, 160
- CIAC Archives, 405, 850, 854
- CIAC regarding SATAN, 412
- Cisco Systems, 576
- COAST Project, 850, 854
- CommerceNet, 570
- Computer Systems Consulting, 854
- Computer Virus Help Desk, 604
- Counterpane, 599
- Courtney SATAN scan detection program, 413
- Cypherpunks, 854
- Datakey, Inc., 574
- Digital Pathways, 574
- Farmer, Dan (co-creator of SATAN), 411
- FBI, 854
- FIRST, 851
- Fremont, 854
- Gabriel SATAN Scan Detection, 413, 854
- GateD Consortium, 215
- Gene Spafford, 855
- httpd, 408
- Innovative Security Products Security, 855
- international law dealing with encryption, 490
- Internet Engineering Task Force, 575
- Internet RFC Index, 855
- ISS network security evaluation program, 412
- Java, 734
- LOCK, 167
- MacPGP, 660
- Microsoft, 576
- National Security Agency, 855
- National Security Institutes, 855
- netlog, 161
- Netscape Corporation, 855
- network security-related, 386
- Network-1 Software, 682
- NFS watch utility, 161
- NIST (U.S. National Institute of Standards and Technology), 855
- PGP add-on utilities, 659
- PGP and IDEA Archives, 855
- Purdue University COAST Lab, 225
- Python CGI programming language, 751
- Raptor Systems, 682, 855
- RCMP Information Technology, 855
- Ron Rivests Security Links, 604
- RSA Cryptography, 852
- RSA Data Security, 599
- RSAs Crypto FAQ, 604
- Security Dynamics, 574, 599
- sendmail program, 408
- SESAME, 499
- socks IP encapsulation program, 418
- SRI Computer Science Lab, 856
- SSL, 417
- SSLref Source, 856
- Tcl CGI programming language, 751
- TCP wrapper utility, 161
- Terry Ritters Cyphers, 604
- TIS Firewall Toolkit, 852
- tripwire, 161
- Unix Systems Security, 856
- U.S. Post Office, 568
- VeriSign, 856
- ViaCrypt, 856
- White Paper Series, 855
- X Windows security, 429
X - Y - Z
- xray, file transfer entry, USERFILE (UUCP version 2), 138
- X servers, SATAN scans, 428429
- X Window System Athena Widget set, 235
- X Windows proxy application, see x-gw application
- X Windows
- Security web site, 429
- servers, vulnerability to hackers, 405
- x-gw (X Windows proxy) application, 275276, 342343
- configurations, 275276
- installation, 343
- options, 343
- X.509 specification, public key infrastructure (PKI), 570571
- Xerox NS Routing Information Protocol, 26, 61
- -xfer program, hacker exploitation of, 388
- Xinetd (SATAN scan detection program), 414
- z (telnet command), 46
- zero-knowledge authentication mechanisms
- DESlogin 1.3, 194195
- passwords, 194195
- RFC 1704, 194195
- S/KEY, 194195
|