Symbols
| A
| B
| C
| D
| E
| F
| G
| H
| I
| J
| K
| L
| M
| N
| O
| P
| Q
| R
| S
| T
| U
| V
| W
| X
| Y
| Z
Index: P
- packages, auditing: 10.10.7.1. Auditing packages
- Unix: 11.6. Running a Security Audit
- packet altering: 4.1. What Does a Packet Look Like?
- IP (see IP)
- packet filtering: 5.1. Some Firewall Definitions
- 5.2. Packet Filtering
- 8. Packet Filtering
- implementations, on general-purpose computers: 8.9. Packet Filtering Implementations for General-Purpose Computers
- on Windows NT: 8.9.5. Windows NT Packet Filtering
- by address: 8.6. Filtering by Address
- administering systems: 8.4. Packet Filtering Tips and Tricks
- bastion hosts, protection for: 10.10.4. Controlling Inbound Traffic
- bugs in packages: 5.2.2.1. Current filtering tools are not perfect
- conventions for: 8.8.3. It Should Allow Simple Specification of Rules
- dynamic: 8.1.2. Stateful or Dynamic Packet Filtering
- examples of: 8.12. Putting It All Together
- with exterior router: 6.3.4. Exterior Router
- inbound vs. outbound: 8.8.6. It Should Apply Rules Separately to Incoming and Outgoing Packets, on a Per-Interface Basis
- with interior router: 6.3.3. Interior Router
- perimeter, encryption and: 5.5.1. Where Do You Encrypt?
- routers,
configuring: 8.2. Configuring a Packet Filtering Router
- rules for: 8.5. Conventions for Packet Filtering Rules
- 8.11. What Rules Should You Use?
- 8.12. Putting It All Together
- 24.2.2. Packet Filtering Rules
- in screened subnet architecture: 24.1.2. Packet Filtering Rules
- editing offline: 8.4.1. Edit Your Filtering Rules Offline
- IP addresses in: 8.4.4. Always Use IP Addresses, Never Hostnames
- reloading: 8.4.2. Reload Rule Sets from Scratch Each Time
- sequence of: 8.8.5. It Should Apply Rules in the Order Specified
- updating: 8.4.3. Replace Packet Filters Atomically
- with screened host architecture: 6.2. Screened Host Architectures
- by service: 8.7. Filtering by Service
- by source port: 8.7.4. Risks of Filtering by Source Port
- stateful: 8.1.2. Stateful or Dynamic Packet Filtering
- tools for: B.3. Packet Filtering Tools
- where to do: 8.10. Where to Do Packet Filtering
- packet ltering
- routers,
choosing: 8.8. Choosing a Packet Filtering Router
- testing: 8.8.8. It Should Have Good Testing and Validation Capabilities
- packet sniffing attacks: 13.1.6. Packet Sniffing
- protecting against: 13.1.10. Protecting Services
- packets: 4. Packets and Protocols
- 5.1. Some Firewall Definitions
- 22.4.2. traceroute
- (see also traceroute program)
- accepted/dropped, logging: 8.8.7. It Should Be Able to Log Accepted and Dropped Packets
- forged: 8.2.3. Default Permit Versus Default Deny
- fragmenting: 4.1.1.2. IP layer
- 4.2.3. IP Fragmentation
- handling (by router): 8.3. What Does the Router Do with Packets?
- headers of: 4.1. What Does a Packet Look Like?
- ICMP: 22.4.3. Other ICMP Packets
- inbound vs. outbound: 8.2.2. Be Careful of "Inbound" Versus "Outbound" Semantics
- sniffing: 4.8.4. Packet Interception
- 13.1.10. Protecting Services
- programs: 13.1.6. Packet Sniffing
- source-routed: 10.10.3. Turning Off Routing
- structure: 4.1. What Does a Packet Look Like?
- TCP: 4.3.1. TCP
- UDP: 4.3.2. UDP
- page process: 11.3.3. Which Services Should You Leave Enabled?
- PAM (Pluggable Authentication Modules): 21.4.2. Pluggable Authentication Modules (PAM)
- papers, security-related: A.8. Papers
- passive (or PASV) mode, FTP: 17.1.1. Packet Filtering Characteristics of FTP
- password aging: 26.1.2. Managing Your Accounts
- passwords: 21.1. What Is Authentication?
- 21.1.2. Something You Know
- for packet filters: 8.4.5. Password Protect Your Packet Filters
- on PostScript printers: 17.6. Printing Protocols
- in SSH: 18.2.5.3. SSH client authentication
- on web pages: 15.2.1. Inadvertent Release of Information
- automatically generated: 21.2. Passwords
- cracking: 21.2. Passwords
- false authentication and: 13.1.4. False Authentication of Clients
- one-time: 21.1.3. Something You Have
- 21.3.1. One-Time Password Software
- stealing with network taps: 1.2.1.3. Information theft
- time-based: 21.5. Kerberos
- Unix: 21.2. Passwords
- Windows NT: 21.2. Passwords
- patches: 26.3.2. Keeping Your Systems up to Date
- pcbind service: 11.3.4.2. Other RPC services
- Performance Monitor: 22.1.4. Performance Monitor and Network Monitor
- performance, with multiple interior routers: 6.5.5. It's Dangerous to Use Multiple Interior Routers
- perimeter networks: 5.1. Some Firewall Definitions
- 6.3.1. Perimeter Network
- shared: 6.7.5. A Shared Perimeter Network Allows an "Arms-Length"Relationship
- PGP program: 12.4.3. Next Steps After Disabling Services
- ping program: 2.9.3. Network Diagnostics
- 22.4.1. ping
- PKIX (Public-Key Infrastructure X.509): C.3.2. Certificates
- plaintext: C.2.1. Encryption
- platforms: 0.3. Platforms
- playback attacks: 13.1.4. False Authentication of Clients
- Plug and Play service: 12.4.4. Which Services Should You Leave Enabled?
- plug-gw proxy: 9.6.3. Generic Proxying with TIS FWTK
- plug-ins: 2.2.1. Web Client Security Issues
- 15.2.2. External Viewers
- Pluggable Authentication Modules (PAM): 21.4.2. Pluggable Authentication Modules (PAM)
- PlugPlayServiceType registry key: 12.4.1.1. Registry keys
- Point-to-Point Protocol (PPP): 14.11. Point-to-Point Tunneling Protocol (PPTP)
- Pointcast program: 15.6. Push Technologies
- policy, security (see security, policies for)
- POP (Post Ofce Protocol): 2.3.1. Electronic Mail
- POP (Post Office Protocol): 16.6. Post Office Protocol (POP)
- port forwarding, in SSH: 18.2.5.6. Port forwarding
- port numbers
- assigned: 13.4.4. Assigned Ports
- finding: 13.3. Analyzing Other Protocols
- client: 13. Internet Services and Firewalls
- setting: 14.1.3. Packet Filtering Characteristics of RPC
- portmap service: 11.3.4.2. Other RPC services
- 11.3.4.2. Other RPC services
- B.5.7. portmap
- portmapper server: 14.1. Remote Procedure Call (RPC)
- 17.3.6. Packet Filtering Characteristics of NFS
- ports
- network address translation: 5.4.2.5. Dynamic allocation of ports may interfere with packet filtering
- scanning: 4.8.1. Port Scanning
- source, filtering by: 8.7.4. Risks of Filtering by Source Port
- Postfix program: 16.2.8.2. Postfix
- PostScript
- files: 15.2.2. External Viewers
- printers, attacks from: 17.6. Printing Protocols
- PPP (Point-to-Point Protocol): 14.11. Point-to-Point Tunneling Protocol (PPTP)
- printing: 3.1. Least Privilege
- 17.6. Printing Protocols
- Hewlett-Packard printers: 17.6.3. Other Printing Systems
- PostScript printers: 17.6. Printing Protocols
- systems: 2.4.3. Printing Systems
- Windows-based: 17.6.2. Windows-based Printing
- private newsgroups: 2.3.2. Usenet News
- privileges, root: 16.2.7. Sendmail
- probes, responding to: 26.2.5. Responding to Probes
- procedures for proxying, custom: 9.2.3. Using Proxy-Aware User Procedures for Proxying
- processing speed: 10.3.2. How Fast a Machine?
- programming languages, web-related: 15.4. Mobile Code and Web-Related Languages
- programs
- uploading on HTTP servers: 15.1.1.2. Running unexpected external programs
- evaluating security of: 13.5. Choosing Security-Critical Programs
- external
- on HTTP clients: 15.2.3. Extension Systems
- on HTTP servers: 15.1.1. HTTP Extensions
- removing nonessential: 11.5.2. Remove Nonessential Programs
- removing nonessential on Windows NT: 12.4.3. Next Steps After Disabling Services
- promiscuous mode: 10.5. Locating Bastion Hosts on the Network
- Protected Storage service: 12.4.4. Which Services Should You Leave Enabled?
- protocol checking: 8.1.3. Protocol Checking
- protocol modification: 13.4.5. Protocol Security
- protocols
- from OSI: 16.3. Other Mail Transfer Protocols
- analyzing: 13.2.4. What Else Can Come in If I Allow This Service?
- assigned port numbers: 13.4.4. Assigned Ports
- bidirectionality of: 8.2.1. Protocols Are Usually Bidirectional
- custom: 23.1.1.4. Using a custom protocol to connect to a perimeter web server
- evaluating: 13.2.1. What Operations Does the Protocol Allow?
- file synchronization: 22.6. File Synchronization
- implementation of, evaluating: 13.2.3. How Well Is the Protocol Implemented?
- above IP: 4.3. Protocols Above IP
- below IP: 4.4. Protocols Below IP
- non-IP: 4.7. Non-IP Protocols
- routing: 22.2. Routing Protocols
- security of: C.4. What Makes a Protocol Secure?
- proxying and: 13.4.5. Protocol Security
- time-dependence of: 22.5. Network Time Protocol (NTP)
- Proxy Server: 9.7. Using Microsoft Proxy Server
- proxy services: 5.1. Some Firewall Definitions
- 5.3. Proxy Services
- 9. Proxy Systems
- without proxy server: 9.4. Proxying Without a Proxy Server
- advantages/disadvantages: 5.3.1. Advantages of Proxying
- application- versus circuit-level: 9.3.1. Application-Level Versus Circuit-Level Proxies
- generic vs. dedicated: 9.3.2. Generic Versus Dedicated Proxies
- intelligent servers: 9.3.3. Intelligent Proxy Servers
- Microsoft Proxy Server: 9.7. Using Microsoft Proxy Server
- multiple operating systems: 9.1. Why Proxying?
- protocol security: 13.4.5. Protocol Security
- SOCKS package for: 9.5. Using SOCKS for Proxying
- software for: 9.2. How Proxying Works
- TIS Internet Firewalls Toolkit for: 9.6. Using the TIS Internet Firewall Toolkit for Proxying
- tools for: B.4. Proxy Systems Tools
- when unable to provide: 9.8. What If You Can't Proxy?
- public key cryptography: C.2.1.1. Kinds of encryption algorithms
- C.4.3. Sharing a Secret
- in SSH: 18.2.5.2. SSH server authentication
- 18.2.5.3. SSH client authentication
- Public-Key Infrastructure X.509 (PKIX): C.3.2. Certificates
- pull technology: 15.6. Push Technologies
- pursuing intruders: 27.3. Pursuing and Capturing the Intruder
- push technologies: 15.6. Push Technologies
Symbols
| A
| B
| C
| D
| E
| F
| G
| H
| I
| J
| K
| L
| M
| N
| O
| P
| Q
| R
| S
| T
| U
| V
| W
| X
| Y
| Z
Copyright © 2002
O'Reilly & Associates, Inc.
All Rights Reserved.
|