R[ Top ]
"r" command services, 285
"r" commands, 285, 492-495
NAT characteristics of, 495
packet ?ltering characteristics of, 493-494
proxy services characteristics of, 494
RADIUS (Remote Authentication Dial-in User Service), 622-625
random numbers, 831-832
RAS (Remote Access Service), 377-378
disabling, 310
RC2/RC4 algorithms, 843
RCMD service, 497-498
RCONSOLE service, 497-498
rcp transfer program, 45
rdist program, 658
RDP (Remote Desktop Protocol), 49, 517
read-only ?lesystems, 265, 294
RealAudio/RealVideo, 417-419
RealNetworks, 417-419
RealServer, 417
real-time conferencing services, 520-538
rebooting, 271
recording activity (see logs)
recovering after incident, 770-772
plan for, 786
registry keys
insecure, 306
permissions on, 314
for services, 304-306
remote
command execution, 491-507
computers, hijacking, 321-322
terminal access, 48
Remote Access Service (see RAS)
Remote Authentication Dial-in User Service (RADIUS), 622-625
Remote Desktop Protocol (see RDP)
remote graphical interfaces
Windows operating systems, 49, 514-519
X Window System, 507-514
Remote Procedure Call (see RPC)
REMOTE service, 497-498
remote terminal access (see Telnet)
replay attacks, 324
protecting against, 326
reputation, 6, 40
resources, 5
(see also memory)
response teams (see incident response teams)
retina authentication, 593
reverse lookups, 548, 553
reviewing security policies, 728
rex service, 497
rexec server, 495-496
rhosts authentication mechanism, 502
RIP (Routing Information Protocol), 637-639
RISKS mailing list, 801
rlogin program, 49
proxying with TIS FWTK, 238
root privileges, required by Sendmail, 435
routed server, 285
router discovery, 642-643
routers, 165
as choke point, 166
choosing, 190-202
disabling, 262-263
on Unix/Linux, 287-288
on Windows NT, 312-313
exterior (or access) (see exterior routers)
handling packets, 173-177
interior (see interior routers)
logging actions of, 173
merging interior and exterior, 139
multicast, 92
network address translation, 103
proxy-aware, 230
returning ICMP error codes, 175-177
screening (see screening routers)
single-purpose vs. general-purpose, 192
testing, 151
where to ?lter, 214-216
routing protocols, 56, 637-644
RPC Locator server, 351
RPC (Remote Procedure Call), 349-358
disabling, 283
network address translation in, 357
packet filtering in, 354-356
portmapper server, 351
proxying in, 357
RPC Locator server, 351
service number, 350
on Windows NT, 309
RSA algorithm, 841, 847
rsh program, 49
rsync program, 658-660
S[ Top ]
sabotage (see denial of service attacks)
SAGE (System Administrators Guild), 805
Samba, 481-482
sandbox security model, 408-410
SANS Institute, 806
SATAN (Security Administrator's Tool for Analyzing Networks), 295, 816
sc command, 304
scanning ports, 97
SCM (Service Control Manager), 302
scorekeepers, 13
screened hosts
architecture of, 126-128
screened subnets and, 147
screened subnets
architecture of, 128-133, 681-704
screened hosts and, 147
screening routers, 75, 104-110, 122-123
acceptable addresses for, 180-183
choosing, 190-202
con?guring, 171-173
proxy systems, 225
rules for, 180-223
where to use, 214-216
(see also packet ?ltering)
Secure HTTP, 404-405
Secure RPC, 353
secure shell (see SSH)
Secure Socket Layer (see SSL)
security
ActiveX and, 410
against system failure, 64-67
audit, 266-269
on Unix, 295-296
of backups, 270-272
bastion host speed and, 246
books on, 810-812
of BSD "r" commands, 492
on Unix/Linux, 492
on Windows, 493
of checksums, 789
choke points, 701, 717
of computer games, 678
of database protocols, 664
default deny stance, 172
default permit stance, 172
defense in depth, 701, 717
designing for network, 28-30
diversity of defense, 68, 703, 718
of DNS, 547-550
drills for, practicing, 793
of email, 425-426
fail-safe stance, 702, 718
of FTP, 460
host, 18
of HTTP, 385-397
of ICMP, 647
incident response teams (see incident response teams)
incidents (see incidents)
of IRC, 520
of Java, 409
of JavaScript, 407
lack of, 17
least privilege, 700, 717
legal responsibilities, 732-734
of lpr and lp printing systems, 484
of machine, 256-259
Unix/Linux, 276-277
Windows NT, 299-301
models, 17-21
modem pools, 148-149
of Net8, 670-671
netacl, 290
of NetBT name service, 574
networks
insecure, 151
protecting, 149-156
of NIS, 563
of NNTP, 451
operating system bugs, 257
of passwords, 597
policies for, 23, 723-741
reviewing, 728
of POP, 446
of PostScript printers, 483
of programs
evaluating, 339-346
indicators of, 344-346
of protocols, 838-841
proxying and, 339
of push technologies, 416
of rdist, 658
of remote graphical interfaces
on Windows operating systems, 514-515
resources for, 797-812
of routing protocols, 637
sandbox model, 408-410
of Sendmail, 434-436
simplicity of, 70
of SNMP, 632
of SQLxNet, 670-671
of SSH, 500-501