|
S/Key one-time passwords, 670
S30network.sh script, 214
S69inet.sh script, 214–215
SANS Security Policy Resource page, 45
SANS Top 20 list of vulnerabilities, 98
SAs (security associations), 520, 580
SATAN (Security Administrator's Tool for Analyzing Networks), 28
SBS (Small Business Server), 1106
Scanner attacks, 28
Scheduled events, 514
Scheduler (cron), 174, 205–206, 625–626, 638, 708–710
SCP (Secure Copy), 669
Screened subnets, 97–98
SDP (Session Description Protocol), 324–325
Secure channel to OWA folders, 1144
Secure Computing, 979
Secure Copy (SCP), 669
Secure Domain Login (SDL), 600
Secure mail networks, 540
Secure services publishing, 1135–1140
Secure Shell (SSH) configuration
access, enabling, 666–667
authorized keys, 668
daemon, 668–669
host keys, 667
security of, 47–48
server options, 669
versions, 667
Secure Socket Layer (SSL)
bridging, 947–955
HTTPS, enabling for Voyager, 672–674
listening port, 1142
publishing SSL sites, 1078–1079
secure FTP connections using SSL, 1099–1100
security of, 47–48
self-signed certificate, creating, 671–672
Secure Virtual Network (SVN) foundation, 458, 480–482, 724
SecureClient Policy Server, 618, 722
Secured networks, 715, 732
SecuRemote
client software, installing, 596–598
client software, using, 598–599
DNS internal servers, 513
grace periods, 520
virtual private networks (VPNs), 593–596
SecureNAT (S-NAT) connections, 1015–1018
SecureUpdate tool, 521–524
Security
areas of concern, 7–8
concepts, 8–10
configuration in IPSO, 676
controls, 533
hardware for, 49–51
history, 4–8
improving, 45–47
monitoring for, 49–50
needs, evaluating, 38–40
network, 12–13
objectives, 41–45
ratings, 40–41
solutions, categorizing, 15
see also Attacks; Threats
Security Administrator's Tool for Analyzing Networks (SATAN), 28
Security Architecture for IP. see IPsec (IP Security Protocol)
Security associations (SAs), 520, 580
Security breaches, internal, 31–32, 50
Security levels in Adaptive Security Algorithm (ASA), 246
Security policies
Check Point software, 530
clusters, installing in, 739–740
creating, 531–540
default and initial policies, 537–538
deployment, 534–535, 537
design of, 33–37, 533
enforcement, 535, 537
files, .PF, 552–553
firewall architecture, 533
firewall object, defining, 540–544
guidelines, 534–535
implementing, 537–547
installing, 550–552
internal security breaches, 31–32
involvement of others, 532–533
language, general, 531
Management High Availability, 551
modifications, 535, 537
options, 549–551
perimeter network, 532, 536
procedures, 534, 536–537
reasons for, 530
responsibility for, 32–33
sample, 535–537
standards, 535–536
users database, 551
see also Policies; Rule base; Rules
Security servers for clusters, 720
Self-signed certificate, creating, 671–672
SendIP packet forger, 182–185
Sentinel tool, 30
SEP. see Configuration of VPN, single-entry-point (SEP)
Serial number, 376
Server, ISA, installation of
Active Directory, 849–850
"add-in" services, 851
cache mode, 835–836
description, 834–835
files and permissions, 848–849
firewall mode, 835
H.323 Gatekeeper, 851
integrated mode, 836
license and CD key, 849
Local Address Table (LAT), 851
Management Console, 933
Message Screener tool, 851
network IDs, internal, 851
planning, 848
program files location, 850
steps of installation, 852–860
see also Internet Security and Acceleration (ISA) Server 2000 (Microsoft)
Server checks, interval between, 521
Server Control (ISACTRL), 1008–1009
Server publishing rules, 1027–1029
description, 1027–1029
Exchange services, 1132–1136
FTP servers on alternate ports, 1051–1057
FTP servers on internal networks, 1049–1051
FTP servers on ISA Server, 1057–1064
HTTP and HTTPS (SSL) servers, 1068–1071
INMAP4 server, 1135
NNTP server, 1134
POP3 server, 1133–1134
publishing pcAnywhere, 1071–1074
SMTP server, 1132–1133
Terminal Server, 1045–1048
Terminal Services Advanced Client (TSAC), 1041–1049
Terminal Services on alternate ports, 1035–1038
Terminal Services on internal networks, 1034–1035, 1039–1040
Terminal Services on ISA Server, 1038–1040
Server Service, 823
Servers
authentication servers, remote, 721
DHCP, 343–347
DNS internal servers, 513
Dynamic Host Configuration Protocol (DHCP), 343–347
enterprise root certificate, 942–944
fault tolerance, 831–834
logical server group, 501–502
N2H2, 328, 336–337
name server, 691
Oracle, 328
protecting, 46
RADIUS server objects, 510–511
SecuRemote DNS internal servers, 513
security servers, 720
SSH options, 669
stand-alone root certificate, 935–942
TACACS servers, 511
TFTP, 347
Websense, 335–336
see also Exchange (Microsoft) servers; Internet Security and Acceleration (ISA) Server 2000 (Microsoft)
Servers and Arrays object, 894–903
Service Level Agreement (SLA) parameters, 514
Service networks, multiple, 246
Service object groups, 299–301
Services objects, 504–505
session command (PIX firewalls), 266
Session Description Protocol (SDP), 324–325
Session Initiation Protocol (SIP), 331–333
SHA-1 hash function, 582
Shared secrets, 579, 587–588
Shortcuts, 267
show commands (PIX firewalls), 259, 266, 375–377, 383, 410–415
shun command (PIX firewalls), 266
Shunning, 1267
Shutting down IPSO, 682–683
Signatures
digital, 581
disabling, 1266–1267
PIX IDS, 1262–1264
Simple Mail Transfer Protocol (SMTP)
configuration in IPSO, 675
configuring on ISA Server, 1109–1111
connection failure, 720
PIX firewalls, 320–321
publishing on ISA Server, 1108–1109
resource objects, 510
server publishing rules, 1111–1112, 1132–1133
service, disabling, 1151
services, restarting, 1153–1154
virtual server, 1151–1153
Single-entry-point (SEP) VPN configurations. see Configuration of VPN, single-entry-point (SEP)
Single gateways versus clusters, 719
SIP (Session Initiation Protocol), 331–333
Site-to-site VPNs, 582
Skinny Client Control Protocol (SSCP), 331
SLA (Service Level Agreement) parameters, 514
Slackware Linux, 1211
Small Business Server (SBS), 1106
SmartDashboard, 638–640
SmartFilter tool (Secure Computing), 979
SMARTnet maintenance contracts, 407–408
SmartView Status GUI, 744, 779–782
SMR. see Stub multicast routing (SMR)
SMS (Microsoft System Management Server), 999
SMTP. see Simple Mail Transfer Protocol (SMTP)
SMTP in ISA Server
Message Screener, 1114–1117, 1150, 1154
server publishing rule, configuring, 1111–1114
service, configuring, 1109–1111
service, publishing, 1108–1109
Smurf attacks, 26–27
Sneaker Net, 579
Snort
alerts, 1192–1193
attacks on, 1205–1206
bleeding-edge versions, 1225
configure script portion, 1220
description, 1184–1186
detection engine, 1191
false alerts, 1205
features, 1188–1189
name, origin of, 1185
network architecture, 1199–1202
network uses, 1194–1195
NIDS, 1199
packet sniffer, 1189, 1195–1199
pitfalls, 1204–1205
preprocessor, 1190
price, 1210
requirements, 1186–1188
securing, 1206–1209
snort.conf file, 1219–1220
switched networks, 1202–1203
upgrading, 1205
see also Intrusion detection systems (IDS); Snort installation
Snort installation
inline mode, 1244–1259
from RPM, 1221–1223
from source, 1218–1219
on Windows OS, 1223–1225
see also Snort
Social engineering, 6, 20–21
Socket pooling
description, 1029–1030
disabling for Exchange services, 1129–1133
disabling for IIS services, 1032–1033
disabling for SMTP and NNTP services, 1031–1032
disabling for Web and FTP services, 1031–1032
Sockets, 248–249, 251
SOCKS Proxy Service, 872
Software, upgrading
PIX 500 series firewalls, 261–262
Software and system exploits, 17–18
Software licensing. see Licensing
Solaris, firewall on
description, 232
design, 233–234
IP Filter firewall package, 234–235
Network Address Translation (NAT), 235
SunScreen Lite firewall package, 234
theory, 232
see also VPN-1/FireWall-1 NG on Solaris
Solaris, secure gateway on, 231
Solaris, secure router on
conditions, 213
configuring, 215–218
description, 212
minimal, functional installation, 219
minimal cleartext communication, 220
minimal dynamic information, 220
minimal services, 219–220
minimal users, 220
reasons for, 212–213
S30network.sh script, 214
S69inet.sh script, 214–215
security optimization, 218
unconfiguring, 220–221
Solaris IPv6 hosts
configuration, automatic, 229–230
configuration, manual, 230–231
Solaris operating system. see Solaris, firewall on; Solaris, secure gateway on; Solaris, secure router on; Solaris IPv6 hosts; VPN-1/FireWall-1 NG on Solaris
Source-routing attacks, 17
Speed setting in IPSO, 657
Speed versus throughput, 942
Spoofing, 16–17, 173
spool directory, 622
SQL*Net, 328
SSCP (Skinny Client Control Protocol), 331
SSH. see Secure Shell (SSH) configuration
SSL. see Secure Socket Layer (SSL)
Stand-alone root certificate server, 935–942
Standards and Technology, National Institute of (NIST), 6
Starter networks, 539
State, in Adaptive Security Algorithm (ASA), 244–245
state directory, 622
State synchronization
description, 560–562
gateway configuration, 566
required for resilience, 735
stateful inspection, 715–716
Stateful inspection for clusters, 715
Stateful Inspection panel (FireWall-1), 521
States, process, 410–411
Static Network Address Translation (NAT), 253, 292–293
Static routes
configuring, 699–700
in PIX firewalls, 269–270
unicast routing, 353–355
Stealth rule, 545, 772–773
Stealth scanners, 16
Stickiness for clusters, 716
StoneBeat FullCluster (Stonesoft), 574, 799
Structured attacks, 5
Stub multicast routing (SMR)
access control, 361–362
configuration, 358–361
description, 357–358
su command (IPSO), 666
Subnets, screened, 97–98
SuperScout for ISA Server (SurfControl), 980
Support, executive, 531
Support options, 407–408
Supported features, 375
Supported number of DHCP clients, 343
SurfControl, 980
SuSE Linux, 1210
SVN (Secure Virtual Network) foundation, 458, 480–482, 724
Switch jamming, 29
Switched networks, 1202–1203
Switches or hubs for clusters, 719
Symmetric encryption, 579–580
SYN flood attacks, 17, 23–25, 519–520, 543–544
SYN Floodguard, 349–350
sync; sync; reboot commands (UNIX), 682
Sync interface, 732
Sync networks, 715
Synchronization
firewall, 560–562, 566
state, 560–562, 566, 715–716, 735
SYNDefender, 519–520, 543
SYNGateway, 519, 543
System and software exploits, 17–18
System configuration, IPSO, 674–675
System failure notification, 665–666
System logging, IPSO
audit logs, 707
local system logs, 706
management, 705
message numbers and descriptions, 382
remote system logs, 706–707
see also Logs
System Status tool, 525–526
|