Index_P

Packet filtering, 189–193, See also Firewalls

defining traffic for router/firewall configuration, 212

illegitimate source addresses, 205–206

limitations, 223–224

router and firewall capabilities, 204–206

rule ordering, 191, 218–219, 236

writing and applying, 236–242

Packet fragmentation, 76–79

Packet over Sonet (POS), 304

Packet-switched VPNs, 280–283

Palm scans, 161–162, 163

PAP, 345–346

Password-Based Cryptography Standard, 182

Passwords, 147, 155–160

changing, 158–159

guidelines for creating, 157

hashing, 156

keys, 120

logging, 153

one-time, 159–160

RADIUS, 164–165

recovery capability, 36

sample standards, 53, 55

single sign-on, 169

software tools, 156–157

user training, 44

vulnerabilities, 157–158

Patches, 137–138, 244

Path vector routing protocols, 97

Peer-to-peer file sharing programs, 217

Penetration testing, See Network penetration testing

Perfect forward secrecy (PFS), 324

Permanent virtual circuits, 282

Personal identification number (PIN), 147, 148

Personal Information Exchange Syntax, 182

Personnel controls, 42–44, See also Acceptable use policy

PGP (Pretty Good Privacy), 129, 176, 181

Physical countermeasures, 45–46, 49

Physical layer, 57–64

PING, 84, 86, 214, 342, 355

PING of Death, 85, 229

PKCS, 181–183

PKIX working group, 179

Plaintext, 119

Plaintext attacks, 342–343

Point-to-Point Protocol (PPP), 64, 72, 291–292

Point-to-Point Tunneling Protocol (PPTP), 291–294

access client (PAC), 293–294

considerations as VPN solution, 295, 298–299

encryption and vulnerabilities, 294–296

GRE header, 292–293

Microsoft association, 296

network server (PNS), 293, 297

operation example, 297–298

overhead, 296

split tunneling, 298

virtual adapter, 298

Policy, See Security policy

POP3

encryption via SSL/TLS, 344

password vulnerability, 155

Port address translation (PAT), 94, 328

Port Authentication Protocol (PAP), 345–346

Port mirroring, 68, 260

PPP, 64, 72, 291–292

PPTP, See Point-to-Point Tunneling Protocol

Precedence bits, 75

Pretty Good Privacy (PGP), 129, 176, 181

Privacy laws, 12–13

Private IP addresses, 90–92, 205, See also Network address translation

Private key, 121

Private Key Information Syntax Standard, 182

Private lines, 279–280

Privileges, 150

creep, 150

PKI and management, 172

public key infrastructure, 169

Protocol anomaly detection, 259

Protocol field, 80

Protocols, 72, See specific protocols

Proxy servers, 195–199

Prudent man rule, 10–12

Pseudo-header, 108, 328

Pseudo-random number, 182, 322

PSH bit, 105, 214

Public key algorithms, 130–134

Public key cryptography, 121–123

Public Key Cryptography Standards (PKCS), 181–183

Public key infrastructure (PKI), 167–187

applications and benefits, 168–170

authentication process, 184, 185

capabilities, 171–172

certificate management, 183–185

certification authority, 168, 170–171

cost, 187

disaster planning, 187

encrypting file systems, 170

facility requirements, 186

implementation, 183–187

in-house vs. vendor solutions, 186–187

key exchange concepts, 316–320, See also Internet Key Exchange

key management, 184–185

legally binding digital documents, 168–169

outsourcing, 186–187

personnel requirements, 186–187

policy and privilege management, 186–187

privilege management, 169

protocols and standards, 177

IPSec, 181, See also Internet Key Exchange; IPSec

LDAP, 180

OSCP, 180

PKCS, 181–183

secure MIME (S/MIME), 181

transport layer security, 183, See also Secure Session Layer

X.509, 177–180

timestamping services, 169–170

trust models, 172–177

Publicity, 41

Public relations, 376