Index
Symbols
- 802.11x, Wireless Networks
- and security, Wireless Networks
A
- Apache HTTP Server
- cgi security, Restrict Permissions for Executable Directories
- directives, Securing the Apache HTTP Server
- introducing, Securing the Apache HTTP Server
- attackers and risks, Attackers and Vulnerabilities
B
- basic input output system (see BIOS)
- BIOS
- non-x86 equivalents
- passwords, Securing Non-x86 Platforms
- security, BIOS and Boot Loader Security
- passwords, BIOS Passwords
- black hat hacker (see crackers)
- boot loaders
- GRUB
- password protecting, Password Protecting GRUB
- security, Boot Loader Passwords
C
- co-location services, Hardware Security
- collecting evidence (see incident response)
- file auditing tools, Gathering Post-Breach Information
- dd, Gathering Post-Breach Information
- file, Gathering Post-Breach Information
- find, Gathering Post-Breach Information
- grep, Gathering Post-Breach Information
- md5sum, Gathering Post-Breach Information
- script, Investigating the Incident
- stat, Gathering Post-Breach Information
- strings, Gathering Post-Breach Information
- common exploits and attacks, Common Exploits and Attacks
- table, Common Exploits and Attacks
- common ports
- table, Common Ports
- communication ports, Common Ports
- communication tools
- computer emergency response team, The Computer Emergency Response Team (CERT)
- controls, Security Controls
- administrative, Administrative Controls
- physical, Physical Controls
- technical, Technical Controls
- cracker
- black hat hacker, Shades of Grey
- crackers
- definition, A Quick History of Hackers
- cupsd, Identifying and Configuring Services
D
- dd
- collecting evidence with, Collecting an Evidential Image
- file auditing using, Gathering Post-Breach Information
- Demilitarized Zone, DMZs and iptables
- Denial of Service (DoS)
- distributed, Security Today
- DMZ (see Demilitarized Zone) (see networks)
E
- EFI Shell
- security
- passwords, Securing Non-x86 Platforms
F
- file
- file auditing using, Gathering Post-Breach Information
- file auditing
- find
- file auditing using, Gathering Post-Breach Information
- firewall types, Firewalls
- firewalls, Firewalls
- additional resources, Additional Resources
- and connection tracking, iptables and Connection Tracking
- and viruses, Viruses and Spoofed IP Addresses
- personal, Personal Firewalls
- policies, Basic Firewall Policies
- stateful, iptables and Connection Tracking
- types, Firewalls
- Firewalls
- iptables, Netfilter and iptables
- FTP
- anonymous access, Anonymous Access
- anonymous upload, Anonymous Upload
- greeting banner, FTP Greeting Banner
- introducing, Securing FTP
- TCP wrappers and, Use TCP Wrappers To Control Access
- user accounts, User Accounts
- vsftpd, Securing FTP
G
- grep
- file auditing using, Gathering Post-Breach Information
- grey hat hacker (see hackers)
H
- hacker ethic, A Quick History of Hackers
- hackers
- black hat (see cracker)
- definition, A Quick History of Hackers
- grey hat, Shades of Grey
- white hat, Shades of Grey
- hardware, Hardware and Network Protection
- and security, Hardware Security
- laptops, Hardware Security
- servers, Hardware Security
- workstations, Hardware Security
I
- IDS (see intrusion detection systems)
- incident response
- and legal issues, Legal Considerations
- collecting evidence
- using dd, Collecting an Evidential Image
- computer emergency response team (CERT), The Computer Emergency Response Team (CERT)
- creating a plan, Creating an Incident Response Plan
- definition of, Defining Incident Response
- gathering post-breach information, Gathering Post-Breach Information
- implementation, Implementing the Incident Response Plan
- introducing, Incident Response
- investigation, Investigating the Incident
- post-mortem, Investigating the Incident
- reporting the incident, Reporting the Incident
- restoring and recovering resources, Restoring and Recovering Resources
- incident response plan, Creating an Incident Response Plan
- insecure services, Insecure Services
- rsh, Insecure Services
- Telnet, Insecure Services
- vsftpd, Insecure Services
- introduction, Introduction
- categories, using this manual, Introduction
- other Red Hat Enterprise Linux manuals, Introduction
- topics, Introduction
- intrusion detection systems, Intrusion Detection
- and log files, Host-based IDS
- defining, Defining Intrusion Detection Systems
- host-based, Host-based IDS
- network-based, Network-based IDS
- Snort, Snort
- RPM Package Manager (RPM), RPM as an IDS
- Tripwire, Tripwire
- types, IDS Types
- ip6tables, ip6tables
- IPsec, IPsec
- configuration, IPsec Network-to-Network configuration
- host-to-host, IPsec Host-to-Host Configuration
- host-to-host, IPsec Host-to-Host Configuration
- installing, IPsec Installation
- network-to-network, IPsec Network-to-Network configuration
- phases, IPsec
- iptables, Netfilter and iptables
- additional resources, Additional Resources
- and DMZs, DMZs and iptables
- and viruses, Viruses and Spoofed IP Addresses
- chains, Using iptables
- FORWARD, FORWARD and NAT Rules
- INPUT, Common iptables Filtering
- OUTPUT, Common iptables Filtering
- POSTROUTING, FORWARD and NAT Rules
- PREROUTING, FORWARD and NAT Rules, DMZs and iptables
- connection tracking, iptables and Connection Tracking
- states, iptables and Connection Tracking
- policies, Basic Firewall Policies
- rules, Saving and Restoring iptables Rules
- common, Common iptables Filtering
- forwarding, FORWARD and NAT Rules
- NAT, FORWARD and NAT Rules, DMZs and iptables
- restoring, Saving and Restoring iptables Rules
- saving, Saving and Restoring iptables Rules
- stateful inspection, iptables and Connection Tracking
- states, iptables and Connection Tracking
- using, Using iptables
K
- Kerberos
L
- legal issues, Legal Considerations
- lpd, Identifying and Configuring Services
- lsof, Verifying Which Ports Are Listening
M
- md5sum
- file auditing using, Gathering Post-Breach Information
N
- NAT (see Network Address Translation)
- Nessus, Nessus
- Netfilter, Netfilter and iptables
- additional resources, Additional Resources
- Netfilter 6, ip6tables
- netstat, Verifying Which Ports Are Listening
- Network Address Translation, FORWARD and NAT Rules
- with iptables, FORWARD and NAT Rules
- network services, Available Network Services
- buffer overflow
- ExecShield, Risks To Services
- identifying and configuring, Identifying and Configuring Services
- risks, Risks To Services
- buffer overflow, Risks To Services
- denial-of-service, Risks To Services
- script vulnerability, Risks To Services
- network topologies, Secure Network Topologies
- linear bus, Physical Topologies
- ring, Physical Topologies
- star, Physical Topologies
- networks, Hardware and Network Protection
- and security, Secure Network Topologies
- de-militarized zones (DMZs), Network Segmentation and DMZs
- hubs, Transmission Considerations
- segmentation, Network Segmentation and DMZs
- switches, Transmission Considerations
- wireless, Wireless Networks
- NFS, Securing NFS
- and Sendmail, NFS and Sendmail
- network design, Carefully Plan the Network
- syntax errors, Beware of Syntax Errors
- Nikto, Nikto
- NIS
- introducing, Securing NIS
- IPTables, Assign Static Ports and Use IPTables Rules
- Kerberos, Use Kerberos Authentication
- NIS domain name, Use a Password-like NIS Domain Name and Hostname
- planning network, Carefully Plan the Network
- securenets, Edit the /var/yp/securenets File
- static ports, Assign Static Ports and Use IPTables Rules
- nmap, Verifying Which Ports Are Listening
- Nmap, Scanning Hosts with Nmap
- command line version, Using Nmap
O
P
- password aging, Password Aging
- password security, Password Security
- aging, Password Aging
- and PAM, Forcing Strong Passwords
- auditing tools, Forcing Strong Passwords
- Crack, Forcing Strong Passwords
- John the Ripper, Forcing Strong Passwords
- Slurpie, Forcing Strong Passwords
- enforcement, Forcing Strong Passwords
- in an organization, Creating User Passwords Within an Organization
- methodology, Secure Password Creation Methodology
- strong passwords, Creating Strong Passwords
- passwords
- within an organization, Creating User Passwords Within an Organization
- pluggable authentication modules (PAM)
- strong password enforcement, Forcing Strong Passwords
- portmap, Identifying and Configuring Services
- and IPTables, Protect portmap With IPTables
- and TCP wrappers, Protect portmap With TCP Wrappers
- ports
- common, Common Ports
- monitoring, Verifying Which Ports Are Listening
- post-mortem, Investigating the Incident
R
- reporting the incident, Reporting the Incident
- restoring and recovering resources, Restoring and Recovering Resources
- patching the system, Patching the System
- reinstalling the system, Reinstalling the System
- risks
- insecure services, Inherently Insecure Services
- networks, Threats to Network Security
- architectures, Insecure Architectures
- open ports, Unused Services and Open Ports
- patches and errata, Unpatched Services
- servers, Threats to Server Security
- inattentive administration, Inattentive Administration
- workstations and PCs, Threats to Workstation and Home PC Security, Bad Passwords
- applications, Vulnerable Client Applications
- root, Allowing Root Access
- allowing access, Allowing Root Access
- disallowing access, Disallowing Root Access
- limiting access, Limiting Root Access
- and su, The su Command
- and sudo, The sudo Command
- with User Manager, The su Command
- methods of disabling, Disallowing Root Access
- changing the root shell, Disallowing Root Access
- disabling access via tty, Disallowing Root Access
- disabling SSH logins, Disallowing Root Access
- with PAM, Disallowing Root Access
- root user (see root)
- RPM
- and intrusion detection, RPM as an IDS
- importing GPG key, Using the Red Hat Errata Website
- verifying signed packages, Verifying Signed Packages, Installing Signed Packages
S
- security considerations
- hardware, Hardware and Network Protection
- network transmission, Transmission Considerations
- physical networks, Hardware and Network Protection
- wireless, Wireless Networks
- security errata, Security Updates
- applying changes, Applying the Changes
- via Red Hat errata website, Using the Red Hat Errata Website
- via Red Hat Network, Using Red Hat Network
- when to reboot, Applying the Changes
- security overview, Security Overview
- conclusion, Conclusion
- controls (see controls)
- defining computer security, What is Computer Security?
- Denial of Service (DoS), Security Today
- evolution of computer security, How did Computer Security Come about?
- viruses, Security Today
- sendmail, Identifying and Configuring Services
- Sendmail
- and NFS, NFS and Sendmail
- introducing, Securing Sendmail
- limiting DoS, Limiting a Denial of Service Attack
- server security
- Apache HTTP Server, Securing the Apache HTTP Server
- cgi security, Restrict Permissions for Executable Directories
- directives, Securing the Apache HTTP Server
- FTP, Securing FTP
- anonymous access, Anonymous Access
- anonymous upload, Anonymous Upload
- greeting banner, FTP Greeting Banner
- TCP wrappers and, Use TCP Wrappers To Control Access
- user accounts, User Accounts
- vsftpd, Securing FTP
- NFS, Securing NFS
- network design, Carefully Plan the Network
- syntax errors, Beware of Syntax Errors
- NIS, Securing NIS
- IPTables, Assign Static Ports and Use IPTables Rules
- Kerberos, Use Kerberos Authentication
- NIS domain name, Use a Password-like NIS Domain Name and Hostname
- planning network, Carefully Plan the Network
- securenets, Edit the /var/yp/securenets File
- static ports, Assign Static Ports and Use IPTables Rules
- overview of, Server Security
- portmap, Securing Portmap
- ports
- monitoring, Verifying Which Ports Are Listening
- Sendmail, Securing Sendmail
- and NFS, NFS and Sendmail
- limiting DoS, Limiting a Denial of Service Attack
- TCP wrappers, Enhancing Security With TCP Wrappers
- attack warnings, TCP Wrappers and Attack Warnings
- banners, TCP Wrappers and Connection Banners
- logging, TCP Wrappers and Enhanced Logging
- xinetd, Enhancing Security With xinetd
- managing resources with, Controlling Server Resources
- preventing DoS with, Controlling Server Resources
- SENSOR trap, Setting a Trap
- services, Verifying Which Ports Are Listening
- Services Configuration Tool, Identifying and Configuring Services
- Snort, Snort
- sshd, Identifying and Configuring Services
- stat
- file auditing using, Gathering Post-Breach Information
- strings
- file auditing using, Gathering Post-Breach Information
- su
- and root, The su Command
- sudo
- and root, The sudo Command
T
- TCP wrappers
- and FTP, Use TCP Wrappers To Control Access
- and portmap, Protect portmap With TCP Wrappers
- attack warnings, TCP Wrappers and Attack Warnings
- banners, TCP Wrappers and Connection Banners
- logging, TCP Wrappers and Enhanced Logging
- Tripwire, Tripwire
U
- updates (see security errata)
V
- Virtual Private Networks, Virtual Private Networks
- IPsec, IPsec
- configuration, IPsec Network-to-Network configuration
- host-to-host, IPsec Host-to-Host Configuration
- installing, IPsec Installation
- viruses
- trojans, Security Today
- VLAD the Scanner, VLAD the Scanner
- VPN, Virtual Private Networks
- vulnerabilities
- assessing with Nessus, Nessus
- assessing with Nikto, Nikto
- assessing with Nmap, Scanning Hosts with Nmap
- assessing with VLAD the Scanner, VLAD the Scanner
- assessment, Vulnerability Assessment
- defining, Defining Assessment and Testing
- establishing a methodology, Establishing a Methodology
- testing, Defining Assessment and Testing
W
- white hat hacker (see hackers)
- Wi-Fi networks (see 802.11x)
- wireless security, Wireless Networks
- 802.11x, Wireless Networks
- workstation security, Workstation Security
- BIOS, BIOS and Boot Loader Security
- boot loaders
- passwords, Boot Loader Passwords
- evaluating
- administrative control, Evaluating Workstation Security
- BIOS, Evaluating Workstation Security
- boot loaders, Evaluating Workstation Security
- communications, Evaluating Workstation Security
- passwords, Evaluating Workstation Security
- personal firewalls, Evaluating Workstation Security
X
- xinetd, Identifying and Configuring Services
- managing resources with, Controlling Server Resources
- preventing DoS with, Controlling Server Resources
- SENSOR trap, Setting a Trap