|
Packet filtering, 189–193, See also Firewalls
defining traffic for router/firewall configuration, 212
illegitimate source addresses, 205–206
limitations, 223–224
router and firewall capabilities, 204–206
rule ordering, 191, 218–219, 236
writing and applying, 236–242
Packet fragmentation, 76–79
Packet over Sonet (POS), 304
Packet-switched VPNs, 280–283
Palm scans, 161–162, 163
PAP, 345–346
Password-Based Cryptography Standard, 182
Passwords, 147, 155–160
changing, 158–159
guidelines for creating, 157
hashing, 156
keys, 120
logging, 153
one-time, 159–160
RADIUS, 164–165
recovery capability, 36
sample standards, 53, 55
single sign-on, 169
software tools, 156–157
user training, 44
vulnerabilities, 157–158
Patches, 137–138, 244
Path vector routing protocols, 97
Peer-to-peer file sharing programs, 217
Penetration testing, See Network penetration testing
Perfect forward secrecy (PFS), 324
Permanent virtual circuits, 282
Personal identification number (PIN), 147, 148
Personal Information Exchange Syntax, 182
Personnel controls, 42–44, See also Acceptable use policy
PGP (Pretty Good Privacy), 129, 176, 181
Physical countermeasures, 45–46, 49
Physical layer, 57–64
PING, 84, 86, 214, 342, 355
PING of Death, 85, 229
PKCS, 181–183
PKIX working group, 179
Plaintext, 119
Plaintext attacks, 342–343
Point-to-Point Protocol (PPP), 64, 72, 291–292
Point-to-Point Tunneling Protocol (PPTP), 291–294
access client (PAC), 293–294
considerations as VPN solution, 295, 298–299
encryption and vulnerabilities, 294–296
GRE header, 292–293
Microsoft association, 296
network server (PNS), 293, 297
operation example, 297–298
overhead, 296
split tunneling, 298
virtual adapter, 298
Policy, See Security policy
POP3
encryption via SSL/TLS, 344
password vulnerability, 155
Port address translation (PAT), 94, 328
Port Authentication Protocol (PAP), 345–346
Port mirroring, 68, 260
PPP, 64, 72, 291–292
PPTP, See Point-to-Point Tunneling Protocol
Precedence bits, 75
Pretty Good Privacy (PGP), 129, 176, 181
Privacy laws, 12–13
Private IP addresses, 90–92, 205, See also Network address translation
Private key, 121
Private Key Information Syntax Standard, 182
Private lines, 279–280
Privileges, 150
creep, 150
PKI and management, 172
public key infrastructure, 169
Protocol anomaly detection, 259
Protocol field, 80
Protocols, 72, See specific protocols
Proxy servers, 195–199
Prudent man rule, 10–12
Pseudo-header, 108, 328
Pseudo-random number, 182, 322
PSH bit, 105, 214
Public key algorithms, 130–134
Public key cryptography, 121–123
Public Key Cryptography Standards (PKCS), 181–183
Public key infrastructure (PKI), 167–187
applications and benefits, 168–170
authentication process, 184, 185
capabilities, 171–172
certificate management, 183–185
certification authority, 168, 170–171
cost, 187
disaster planning, 187
encrypting file systems, 170
facility requirements, 186
implementation, 183–187
in-house vs. vendor solutions, 186–187
key exchange concepts, 316–320, See also Internet Key Exchange
key management, 184–185
legally binding digital documents, 168–169
outsourcing, 186–187
personnel requirements, 186–187
policy and privilege management, 186–187
privilege management, 169
protocols and standards, 177
IPSec, 181, See also Internet Key Exchange; IPSec
LDAP, 180
OSCP, 180
PKCS, 181–183
secure MIME (S/MIME), 181
transport layer security, 183, See also Secure Session Layer
X.509, 177–180
timestamping services, 169–170
trust models, 172–177
Publicity, 41
Public relations, 376
|