Index

Symbols

802.11x, Wireless Networks
and security, Wireless Networks

A

Apache HTTP Server
cgi security, Restrict Permissions for Executable Directories
directives, Securing the Apache HTTP Server
introducing, Securing the Apache HTTP Server
attackers and risks, Attackers and Vulnerabilities

B

basic input output system
See BIOS
BIOS
non-x86 equivalents
passwords, Securing Non-x86 Platforms
security, BIOS and Boot Loader Security
passwords, BIOS Passwords
black hat hacker
See crackers
boot loaders
GRUB
password protecting, Password Protecting GRUB
LILO
password protecting, Password Protecting LILO
security, Boot Loader Passwords

C

CIPE, Crypto IP Encapsulation (CIPE)
customizing, Customizing CIPE
installation, CIPE Installation
co-location services, Hardware Security
collecting evidence
See incident response
file auditing tools, Gathering Post-Breach Information
dd, Gathering Post-Breach Information
file, Gathering Post-Breach Information
find, Gathering Post-Breach Information
grep, Gathering Post-Breach Information
md5sum, Gathering Post-Breach Information
script, Investigating the Incident
stat, Gathering Post-Breach Information
strings, Gathering Post-Breach Information
common exploits and attacks, Common Exploits and Attacks
table, Common Exploits and Attacks
common ports
table, Common Ports
communication ports, Common Ports
communication tools
secure, Security Enhanced Communication Tools
GPG, Security Enhanced Communication Tools
OpenSSH, Security Enhanced Communication Tools
computer emergency response team, The Computer Emergency Response Team (CERT)
controls, Security Controls
administrative, Administrative Controls
physical, Physical Controls
technical, Technical Controls
conventions
document, Document Conventions
cracker
black hat hacker, Shades of Grey
crackers
definition, A Quick History of Hackers
cupsd, Identifying and Configuring Services

D

dd
collecting evidence with, Collecting an Evidential Image
file auditing using, Gathering Post-Breach Information
De-Militarized Zone, DMZs and iptables
Denial of Service (DoS)
distributed, Security Today
DMZ
See De-Militarized Zone
See networks

E

EFI Shell
security
passwords, Securing Non-x86 Platforms

F

file
file auditing using, Gathering Post-Breach Information
file auditing
tools, Gathering Post-Breach Information
find
file auditing using, Gathering Post-Breach Information
firewall types, Firewalls
network address translation (NAT), Firewalls
packet filter, Firewalls
proxy, Firewalls
firewalls, Firewalls
additional resources, Additional Resources
personal, Personal Firewalls
types, Firewalls
FTP
anonymous access, Anonymous Access
anonymous upload, Anonymous Upload
greeting banner, FTP Greeting Banner
introducing, Securing FTP
TCP wrappers and, Use TCP Wrappers To Control Access
user accounts, User Accounts
vsftpd, Securing FTP

G

grep
file auditing using, Gathering Post-Breach Information
grey hat hacker
See hackers

H

hacker ethic, A Quick History of Hackers
hackers
black hat
See cracker
definition, A Quick History of Hackers
grey hat, Shades of Grey
white hat, Shades of Grey
hardware, Hardware and Network Protection
and security, Hardware Security
laptops, Hardware Security
servers, Hardware Security
workstations, Hardware Security

I

IDS
See intrusion detection systems
incident response
and legal issues, Legal Considerations
collecting evidence
using dd, Collecting an Evidential Image
computer emergency response team (CERT), The Computer Emergency Response Team (CERT)
creating a plan, Creating an Incident Response Plan
definition of, Defining Incident Response
gathering post-breach information, Gathering Post-Breach Information
implementation, Implementing the Incident Response Plan
introducing, Incident Response
investigation, Investigating the Incident
post-mortem, Investigating the Incident
reporting the incident, Reporting the Incident
restoring and recovering resources, Restoring and Recovering Resources
incident response plan, Creating an Incident Response Plan
insecure services, Insecure Services
rsh, Insecure Services
Telnet, Insecure Services
vsftpd, Insecure Services
introduction, Introduction
categories, using this manual, Introduction
other Red Hat Enterprise Linux manuals, Introduction
topics, Introduction
intrusion detection systems, Intrusion Detection
and log files, Host-based IDS
defining, Defining Intrusion Detection Systems
host-based, Host-based IDS
network-based, Network-based IDS
Snort, Snort
RPM Package Manager (RPM), RPM as an IDS
Tripwire, Tripwire
types, IDS Types
ip6tables, IP6Tables
IPsec, IPsec
configuration, IPsec Network-to-Network configuration
host-to-host, IPsec Host-to-Host Configuration
host-to-host, IPsec Host-to-Host Configuration
installing, IPsec Installation
network-to-network, IPsec Network-to-Network configuration
iptables, Netfilter and IPTables
additional resources, Additional Resources
and DMZs, DMZs and iptables
using, Using IPTables

K

Kerberos
NIS, Use Kerberos Authentication

L

legal issues, Legal Considerations
lpd, Identifying and Configuring Services
lsof, Verifying Which Ports Are Listening

M

md5sum
file auditing using, Gathering Post-Breach Information

N

Nessus, Nessus
Netfilter, Netfilter and IPTables
additional resources, Additional Resources
Netfilter 6, IP6Tables
netstat, Verifying Which Ports Are Listening
network services, Available Network Services
identifying and configuring, Identifying and Configuring Services
risks, Risks To Services
buffer overflow, Risks To Services
denial-of-service, Risks To Services
script vulnerability, Risks To Services
network topologies, Secure Network Topologies
linear bus, Physical Topologies
ring, Physical Topologies
star, Physical Topologies
networks, Hardware and Network Protection
and security, Secure Network Topologies
de-militarized zones (DMZs), Network Segmentation and DMZs
hubs, Transmission Considerations
segmentation, Network Segmentation and DMZs
switches, Transmission Considerations
wireless, Wireless Networks
NFS, Securing NFS
and Sendmail, NFS and Sendmail
network design, Carefully Plan the Network
syntax errors, Beware of Syntax Errors
Nikto, Nikto
NIS
introducing, Securing NIS
IPTables, Assign Static Ports and Use IPTables Rules
Kerberos, Use Kerberos Authentication
NIS domain name, Use a Password-Like NIS Domain Name and Hostname
planning network, Carefully Plan the Network
securenets, Edit the /var/yp/securenets File
static ports, Assign Static Ports and Use IPTables Rules
nmap, Verifying Which Ports Are Listening, Scanning Hosts with Nmap
command line version, Using Nmap

O

OpenSSH, Security Enhanced Communication Tools
scp, Security Enhanced Communication Tools
sftp, Security Enhanced Communication Tools
ssh, Security Enhanced Communication Tools
overview, Security Overview

P

password aging, Password Aging
password security, Password Security
aging, Password Aging
and PAM, Forcing Strong Passwords
auditing tools, Forcing Strong Passwords
Crack, Forcing Strong Passwords
John the Ripper, Forcing Strong Passwords
Slurpie, Forcing Strong Passwords
enforcement, Forcing Strong Passwords
in an organization, Creating User Passwords Within an Organization
methodology, Secure Password Creation Methodology
strong passwords, Creating Strong Passwords
passwords
within an organization, Creating User Passwords Within an Organization
pluggable authentication modules (PAM)
strong password enforcement, Forcing Strong Passwords
portmap, Identifying and Configuring Services
and IPTables, Protect portmap With IPTables
and TCP wrappers, Protect portmap With TCP Wrappers
ports
common, Common Ports
monitoring, Verifying Which Ports Are Listening
post-mortem, Investigating the Incident

R

reporting the incident, Reporting the Incident
restoring and recovering resources, Restoring and Recovering Resources
patching the system, Patching the System
reinstalling the system, Reinstalling the System
risks
insecure services, Inherently Insecure Services
networks, Threats to Network Security
architectures, Insecure Architectures
open ports, Unused Services and Open Ports
patches and errata, Unpatched Services
servers, Threats to Server Security
inattentive administration, Inattentive Administration
workstations and PCs, Threats to Workstation and Home PC Security, Bad Passwords
applications, Vulnerable Client Applications
root, Allowing Root Access
allowing access, Allowing Root Access
disallowing access, Disallowing Root Access
limiting access, Limiting Root Access
and su, The su Command
and sudo, The sudo Command
with User Manager, The su Command
methods of disabling, Disallowing Root Access
changing the root shell, Disabling Root Logins
disabling SSH logins, Disabling Root SSH Logins
with PAM, Disabling Root Using PAM
root user
See root
RPM
and intrusion detection, RPM as an IDS
check GPG signature, Using the Red Hat Errata Website
importing GPG key, Using the Red Hat Errata Website

S

security considerations
hardware, Hardware and Network Protection
network transmission, Transmission Considerations
physical networks, Hardware and Network Protection
wireless, Wireless Networks
security errata, Security Updates
applying changes, Applying the Changes
via Red Hat errata website, Using the Red Hat Errata Website
via Red Hat Network, Using Red Hat Network
when to reboot, Applying the Changes
security overview, Security Overview
conclusion, Conclusion
controls
See controls
defining computer security, What is Computer Security?
Denial of Service (DoS), Security Today
evolution of computer security, How did Computer Security Come about?
viruses, Security Today
sendmail, Identifying and Configuring Services
and NFS, NFS and Sendmail
introducing, Securing Sendmail
limiting DoS, Limiting Denial of Service Attack
server security
Apache HTTP Server, Securing the Apache HTTP Server
cgi security, Restrict Permissions for Executable Directories
directives, Securing the Apache HTTP Server
FTP, Securing FTP
anonymous access, Anonymous Access
anonymous upload, Anonymous Upload
greeting banner, FTP Greeting Banner
TCP wrappers and, Use TCP Wrappers To Control Access
user accounts, User Accounts
vsftpd, Securing FTP
NFS, Securing NFS
network design, Carefully Plan the Network
syntax errors, Beware of Syntax Errors
NIS, Securing NIS
IPTables, Assign Static Ports and Use IPTables Rules
Kerberos, Use Kerberos Authentication
NIS domain name, Use a Password-Like NIS Domain Name and Hostname
planning network, Carefully Plan the Network
securenets, Edit the /var/yp/securenets File
static ports, Assign Static Ports and Use IPTables Rules
overview of, Server Security
portmap, Securing Portmap
ports
monitoring, Verifying Which Ports Are Listening
Sendmail, Securing Sendmail
and NFS, NFS and Sendmail
limiting DoS, Limiting Denial of Service Attack
TCP wrappers, Enhancing Security With TCP Wrappers
attack warnings, TCP Wrappers and Attack Warnings
banners, TCP Wrappers and Connection Banners
logging, TCP Wrappers and Enhanced Logging
xinetd, Enhancing Security With xinetd
managing resources with, Controlling Server Resources
preventing DoS with, Controlling Server Resources
SENSOR trap, Setting a Trap
services, Verifying Which Ports Are Listening
Services Configuration Tool, Identifying and Configuring Services
Snort, Snort
sshd, Identifying and Configuring Services
stat
file auditing using, Gathering Post-Breach Information
strings
file auditing using, Gathering Post-Breach Information
su
and root, The su Command
sudo
and root, The sudo Command

T

TCP wrappers
and FTP, Use TCP Wrappers To Control Access
and portmap, Protect portmap With TCP Wrappers
attack warnings, TCP Wrappers and Attack Warnings
banners, TCP Wrappers and Connection Banners
logging, TCP Wrappers and Enhanced Logging
Tripwire, Tripwire

U

updates
See security errata

V

Virtual Private Networks, Virtual Private Networks
CIPE, Crypto IP Encapsulation (CIPE)
IPsec, IPsec
configuration, IPsec Network-to-Network configuration
host-to-host, IPsec Host-to-Host Configuration
installing, IPsec Installation
viruses
trojans, Security Today
VLAD the Scanner, VLAD the Scanner
VPN, Virtual Private Networks
vulnerabilities
assessing with Nessus, Nessus
assessing with Nikto, Nikto
assessing with Nmap, Scanning Hosts with Nmap
assessing with VLAD the Scanner, VLAD the Scanner
assessment, Vulnerability Assessment
defining, Defining Assessment and Testing
establishing a methodology, Establishing a Methodology
testing, Defining Assessment and Testing

W

white hat hacker
See hackers
Wi-Fi networks
See 802.11x
wireless security, Wireless Networks
802.11x, Wireless Networks
workstation security, Workstation Security
BIOS, BIOS and Boot Loader Security
boot loaders
passwords, Boot Loader Passwords
evaluating
administrative control, Evaluating Workstation Security
BIOS, Evaluating Workstation Security
boot loaders, Evaluating Workstation Security
communications, Evaluating Workstation Security
passwords, Evaluating Workstation Security
personal firewalls, Evaluating Workstation Security

X

xinetd, Identifying and Configuring Services
managing resources with, Controlling Server Resources
preventing DoS with, Controlling Server Resources
SENSOR trap, Setting a Trap

mirror server hosted at Truenetwork, Russian Federation.