Index S | Practical Unix & Internet Security, 3rd Edition

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

S/Key codebook scheme
S/MIME
sa command
sabotage
saboteurs [See intruders]
safe shutdown, accounts for
SafeTP
Safeware: System Safety and Computers. A Guide to Preventing Accidents and Losses Caused by Technolo
salt
Saltzer, Jerome
Samba 2nd [See also SMB]3rd
authorization
client security
configuring
data integrity
security and
server connections
user authentication
sanitizing media
SANS (Systems Administration and Network Security) 2nd
SANTA (Security Administrator Network Tool for Analysis)
SASL (Simple Authentication and Security Layer)
SATAN (Security Administrator Tool for Analyzing Networks) 2nd
savacct file
saved UIDs
sbrk() system call
SC Magazine (InfoSecurity News)
scanf() system call
scanners , telephone
SCCS (Source Code Control System)
Schales, Doug
Schiller, Jeffrey 2nd
Schneier, Bruce
Applied Cryptography: Protocols, Algorithms, and Source Code in C
Secrets and Lies: Digital Security in a Networked World
Schroeder, M. D.
Schwartz, Randal L. (Learning Perl)
scp program
screensavers
back doors to
password-protected
script command, logging break-ins with
SE Linux (Security Enhanced Linux)
secrecy [See confidentiality]
secret key algorithms [See symmetric key algorithms]
secret keys 2nd 3rd 4th
Secret Service, U.S.
Secrets and Lies: Digital Security in a Networked World (Schneier, Bruce)
Secure European System for Applications in a Multivendor Environment (SESAME)
secure file
Secure Hash Algorithms (SHA)
Secure NFS
Secure RPC
authentication
limitations of
logging in/out with
NFS using
NIS+ using 2nd
with NIS/NIS+
and NTP
Secure Shell [See SSH]
Secure Sockets Layer [See SSL]
secure terminals 2nd
Secure Tracking of Office Property (STOP)
secure Unix systems
SecureID card
securenets file
securetty file
security
breaches, responding to [See break-ins]
design principles for
history of
laws and [See legal issues]
mailing lists regarding
organizations regarding
outsourcing
policy of 2nd 3rd
published resources on
responsibility for
risks [See risks]
simplified in four steps
software for 2nd
through obscurity 2nd
types of
Unix and
Usenet groups regarding
web sites regarding
security account
Security Administrator Network Tool for Analysis (SANTA)
Security Administrator Tool for Analyzing Networks [See SATAN]
Security Alert Consensus mailing list
Security Engineering (Anderson, Ross)
Security Enhanced Linux (SE Linux)
security experts, shortage of
security holes [See also back doors; threats]
preserve program
reporting
superuser account
Security in Computing (Pfleeger, Charles P.)
security levels, kernel
security response teams [See response teams ]
security scanners
security tools
published resources on
used as programmed threats 2nd
sed scripts, Trojan horses in
Seebass, Scott (UNIX System Administration Handbook)
seeds , random number 2nd
Seger, Karl (Computer Crime: A Crimefighter's Handbook)
select() system call
self-destruct sequences
sendmail program 2nd 3rd 4th [See also email]
.forward file 2nd
aliases
back door in
configuration files, security and
disabling mail delivery to programs
DontBlameSendmail option
finding system administrator using
.forward file
options, security
run as daemon
same Internet/NIS domain
security problems with
startup file attacks
sendmail.cf file 2nd
sendmail.mc file
separation of duties principle
sequence of commands
ser2net program
serial interfaces
Serial Line Internet Protocol [See SLIP]
serial numbers , logging
serial ports, uucp user for
Server Message Block [See SMB]
server statelessness
server vulnerability attacks
server-side NFS security
servers 2nd
backing up
bringing up securely
Internet [See Internet servers]
load shedding
master/slave [See NIS]
nameserver [See DNS]
overloading with requests
physical security of [See physical security]
run as root
setting up for FTP
Xauthority
service overloading
services [See denial of service attacks network services]
services file 2nd 3rd
Services table (NIS+)
SESAME (Secure European System for Applications in a Multivendor Environment)
session hijacking
session IDs 2nd
session keys 2nd
SETATTR function (RPC)
setgid() system call 2nd [See also SGID programs]3rd
setlogmask() system call
setpgrp() system call
setrlimit() system call
setsid() system call
setuid file
setuid() system call [See also SUID programs]2nd
SG (Signal Ground)
SGID bit
clearing with chown command
on directories
on files
SGID permission
SGID programs
created by intruders
disabling (turning off)
finding all files for
security problems with
writing
sh (Bourne shell) [See also shells ]
IFS variable used by
prompt
SUID version of
SHA (Secure Hash Algorithms)
SHA-1 algorithm
shadow file 2nd 3rd 4th 5th
shadow passwords 2nd 3rd 4th
Shamir, Adi
"A Method for Obtaining Digital Signatures"
share command
shared libraries, protecting
shared systems
sharetab file
shareware, viruses in
SHARITY client
shell escapes 2nd
shell scripts, SUID
shell service
shells
changing for one-time passwords
history files
in passwd file
login, changing
protecting from attacks
restricted
running
Trojan horses in
shells file
Shender, Alex
Shimomura, Tsutomu (Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Comput
Shockwave Rider (Brunner, John)
shoulder surfing
showmount command 2nd
showrev command
shredders, paper
shutdown command
shutdowns
logged by wtmp file
safe
accounts for
SIGHUP signal
SIGKILL signal
Signal Ground (SG)
signal- grounding attacks
signals
catching
kill command and
signatures, data [See also digital signatures]
detecting file changes with 2nd
RPM files having
SIGSTOP signal 2nd
SIGTERM signal 2nd 3rd
Simple Authentication and Security Layer (SASL)
Simple Mail Transfer Protocol [See SMTP]
Simple Network Management Protocol (SNMP)
Singh, Simon (The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography)
single-user mode
booting in
upgrading in
single-user reboot
site inspection, example of
slash (/)
as IFS separator
pathnames beginning with
slave server [See also NIS]2nd
SLIP (Serial Line Internet Protocol) 2nd
SMB (Server Message Block) 2nd
authentication
file access for
history of
name service for
protocols for
Samba implementation of [See Samba]
smb.conf file 2nd
smbclient
smbpasswd program
smoke detectors
smoke, damaging hardware
smoking, effects on hardware
SMTP (Simple Mail Transfer Protocol) 2nd
banners, security and
commands, security and
relaying
security and 2nd
TLS for encryption with 2nd
smtp service
SNA (System Network Architecture)
sniffers 2nd [See also eavesdropping]
network
packet 2nd
password 2nd 3rd
SNMP (Simple Network Management Protocol) 2nd
snoop program 2nd
Snort system
snprintf () system call
Snyder, Garth (UNIX System Administration Handbook)
So, Bryan ("An Empirical Study of the Reliability of UNIX Utilities")
social engineering attacks 2nd
socket
UDP
Unix domain
SOCKS
socks service
soft process limits
software [See also programming]
access to 2nd
backing up [See backups ]
backups
bugs in 2nd
checking new 2nd
coding standards for
consistency of
copyrighted , legal issues regarding
data corruption by
default accounts for
design principles for
development files, protecting
digital signatures distributed with
distributed through mirror sites
documentation for
filtering, for schools
hacker challenges and
integrity-checking
log files created by
malicious [See programmed threats]
management systems
monitoring
obtained from outside sources 2nd
operating systems [See specific operating systems]
patches for, logging
processes and
published resources on
quality of
race conditions
running as superuser
security bugs in
security- related 2nd
specifications, importance of
stolen (pirated) 2nd
stored via FTP
system, updating
testing 2nd
threads and
toolkit for break-ins
tools in Unix
trusting
Solaris 2nd [See also System V Unix]
ACL support for
AUTH_SYS and AUTH_UNIX
bug fixes, responsibility for
clri command
Cryptfs support for
Door construct 2nd
exporting NFS directories with
extra file permission character
Fingerprints Database
group passwords and
history of
host-based firewall for
Kerberos client and server support
Kerberos client for
loginlog file
mountd daemon
ncheck command
nonexecutable stack
package management commands
PAM support for
passwd command, -r option supported
password file, printing
portmon variable
process limit
random number generators
rpcbind program 2nd
S/Key support
Secure RPC time window
secure version of
server startup on
SGID and sticky bits for directories
SGID bit used for file locking
shadow password file
SMB support
snoop program
su log, scanning
swapping to files
TCP wrappers support
ttywatch program
ufsdump program
versions of
wtmpx log file
X security
Solstice PC-NetLink
Source Code Control System (SCCS)
source code, keeping secret 2nd [See also programming; software]
source-based software management systems
backing out of upgrades
upgrading with
space bit
spaces, in passwords
Spaf's first principle
Spafford, Gene 2nd 3rd 4th 5th 6th
spam, email 2nd 3rd
sparse files
Speciner, Mike (Network Security: Private Communications in a Public World)
spies
industrial
planting programmed threats
spoofing
IP 2nd
network connection
sprinkler systems
sprintf() system call 2nd
square brackets ([]), indicating optional syntax
sscanf () system call
ssh keys, using for passwords
ssh program 2nd 3rd
SSH protocol
client authentication with
host authentication with
tunneling X with
ssh service
.ssh/authorized_keys file
back door in
.ssh/known_hosts file
ssh_config file
sshd binary, back door in
sshd user
sshd_config file 2nd
SSL (Secure Sockets Layer)
attacks on
MD5, use of
SSL/TLS 2nd
staff [See employees ]
stale file handles
Stallings, William (Cryptography and Network Security: Principles and Practices)
Stallman, Richard 2nd 3rd
standalone firewall appliance
standards, security policy 2nd
Starnes, W. Wyatt
start bit 2nd
startup command
startup files
attacks through
modified by intruders
stat command
stateful inspection, firewalls
stateless servers (NFS) 2nd
static electricity
static links
Steele, Guy L., Jr. (C, a Reference Manual)
Sterling, Bruce (The Hacker Crackdown: Law and Disorder on the Electronic Frontier)
sticky bit permission
sticky bits
clearing with chown command
on directories
Stoll, Cliff (The Cuckoo's Egg)
STOP (Secure Tracking of Office Property)
stop bit 2nd
storage, local
strcat() system call
strcpy () system call 2nd
streadd() system call
stream algorithms
strecpy() system call
Stripp, Alan (Code Breakers: The Inside Story of Bletchley Park)
strncat () system call
strncpy () system call
strtrns() system call
students, programmed threats authored by
stunnel
su command 2nd
becoming superuser with 2nd
log of failed attempts
logging by
logging to sulog file
restrictions on
running commands from scripts
running with exec command
security precautions for
sudo program as alternative to
using while superuser
utmp and wtmp files and
su file
subnetting
substitution ciphers
sudo program 2nd
sudoers file
SUID bit 2nd
SUID permission
SUID programs 2nd
back door via
chroot() system call and
created by intruders
disabling (turning off)
finding all files for
security problems with 2nd
shell scripts
writing
sulog file 2nd 3rd 4th
sum command
Sun NIS [See NIS]
Sun NIS+ [See NIS+]
Sun RPC [See RPC]
SUN-DES-1 authentication
SunOS
history of
SGID and sticky bits for directories
trusted hosts and
unlink command
versions of
SunRay systems
sunrpc service 2nd
Superincreasing Knapsack Problem
superuser 2nd
abilities of
becoming with su command 2nd 3rd
becoming with SUID csh
bugs giving access to
capabilities of
changing file group
changing file owner
changing file permissions
changing file times
changing system clock
changing user passwords 2nd
compartmentalization as alternative to
fingering
kermit program and
logging attempts to become [See sulog file]
MAC systems not having
modem devices owned by
nameserver owned by
NFS ownership
NFS protocol and
NTP running as
password for
forgetting
as point of attack
Posix P1003.1e/2c restrictions for
privileges removed by secure Unix
programs running as
prompt for
protecting account for
restricting abilities of
restrictions on 2nd
Samba daemons run as
security checklist for
security implications of
security precautions for 2nd
security problems with
sendmail running as
servers run as
stealing
SUID scripts run as
Trojan horse compromising
UID for
username for
using passwd command
using privileges with sudo command
wheel group and 2nd
suppliers [See vendors ]
surge suppressors
SVR4 Unix [See also System V Unix]
chroot() system call and
expiring accounts
group passwords and
history of
password aging
preventing users from changing passwords
process accounting with
restricting root account to console
shadow password file
wtmp file, viewing
swap partition
swap space, running out of
swapping
Swatch program 2nd
sweeping telephone lines
symbolic links [See also links]
avoiding in restricted filesystems
permissions and
read-only partitions and
SYMLINK function (RPC)
symmetric key algorithms
attacks on
block algorithms
common types of
cryptographic strength of
key length and 2nd
security problems with
stream algorithms
verifying with peer review
SYN bit
SYN flood attacks 2nd
sync account
sync command
sync() system call
synchronization of passwords
sysadmsh program
sysctl command
syslog facility 2nd 3rd
alternatives to
argument length checked by
buffer overruns in
configuration file
false log entries
files used by
library for
list of facilities in
messages generated by
in networked environment
priorities for
programming with
where to log
syslog file 2nd
syslog service
syslog.conf file 2nd
syslogd file
systat service
system [See also specific operating systems]
auditing activity on
backing up critical files
configuration files
CPU overload attacks
database files
safe shutdown 2nd
startup files
trust in
system administrator [See also superuser]
adm account for
blocking system accounts from
changing password for
cooperating with intruders
errors by
listed in wheel group
mail aliases for
published resources for
remote, contacting regarding break-in
sanitizing backup tapes
setting umask
sudo program used by multiple administrators
trusting
system calls [See also specific system calls]
checking arguments to
checking return codes from
failures of
format used in book
system clock
changing
for random seeds
Secure RPC timestamp
sudden time changes in
synchronizing
system files
initialization files
read-only access to
world-writable
system libraries, protecting
system manuals [See manuals]
System Network Architecture (SNA)
system software, updating
system users
System V Unix 2nd [See also Linux; Solaris; SVR4 Unix]
chroot() system call and
default umask value
device file permissions
exporting NFS directories
FIFO file type
history of
inittab program
loginlog file
logins recorded in lastlog
modems and
password files
password generators
permission options for
process accounting with
ps command
published resources for
random number generators
Release 4 [See SVR4 Unix]
server startup on
SGID bit on files
su command and
sulog file settings
terminal security on
utmp and wtmp log files
wtmpx log file
system() system call 2nd 3rd
Systems Administration and Network Security [See SANS]
systems-based crytpographic attacks