[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] daemons IMAP, within xinetd imapd [See imapd] inetd [See inetd] Kerberized Telnet daemon, enabling mail, receiving mail without running POP, enabling within xinetd or inetd sendmail, security risks with visibility of Snort, running as sshd [See sshd] starting/stopping via sudo tcpd using with inetd using with xinetd Telnet, disabling standard xinetd [See xinetd] dangling network connections, avoiding date command DATE environment variable datestamps, handling by logwatch Debian Linux, debsums tool debugging debug facility, system messages Kerberized authentication on Telnet Kerberos authentication on POP Kerberos for SSH PAM modules SSL connection problems from server-side dedicated server, protecting with firewall denial-of-service (DOS) attacks preventing Snort detection of vulnerability to using REJECT DENY absorbing incoming packets (ipchains) with no response pings, preventing REJECT vs. (firewalls) DER (binary format for certificates) converting to PEM DES-based crypt( ) hashes in passwd file destination name for remote file copying detached digital signature (GnuPG) devfs device special files inability to verify with manual integrity check securing DHCP, initialization scripts dictionary attacks against terminals diff command, using for integrity checks DIGEST-MD5 authentication (SMTP) digital signatures ASCII-format detached signature, creating in GnuPG binary-format detached signature (GnuPG), creating email messages, verifying with mc-verify function encrypted email messages, checking with mc-verify GnuPG-signed file, checking for alteration signing a text file with GnuPG signing and encrypting files signing email messages with mc-sign function uploading new to keyserver verifying for keys imported from keyserver verifying on downloaded software for X.509 certificates directories encrypting entire directory tree fully-qualified name inability to verify with manual integrity check marking files for inclusion or exclusion from Tripwire database recurse=n attribute (Tripwire) recursive remote copying with scp restricting a service to a particular directory setgid bit shared, securing skipping with find -prune command specifying another directory for remote file copying sticky bit set on disallowed connections [See hosts.deny file] DISPLAY environment variable (X windows) 2nd display filter expressions using with Ethereal using with tcpdump display-filters for email (PinePGP) Distinguished Encoding Rules [See DER] DNS Common Name for certificate subjects using domain name in Kerberos realm name dormant accounts monitoring login activity DOS [See denial-of-service attacks] DROP pings, preventing REJECT and, refusing packets (iptables) specifying targets for iptables dsniff program -m option (matching protocols used on nonstandard ports) Berkeley database library, requirement of downloading and installing filesnarf command insecure network protocols auditing use of detecting libnet, downloading and compiling libnids downloading and installing reassembling TCP streams with libpcap snapshot, adjusting size of mailsnarf command urlsnarf command dual-ported disk array dump-acct command |