P



Index


[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [Z]

packer websites
packers
     antivirus software 2nd
packet filtering
     routers 2nd
packet filters
     network performance 2nd
    static
         role in perimeter defense 2nd 3rd
packet headers
     defining
packet traces
     system enumeration assessments 2nd
packet-filtering
     ACK flags
     ACL
         deny 2nd
         extended
         extended, blocking ICMP echo requests 2nd
         extended, established keyword 2nd 3rd 4th
         extended, filtering ICMP messages 2nd
         extended, filtering ports
         extended, friendly net IP address access 2nd
         extended, FTP 2nd 3rd
         extended, PASV FTP 2nd 3rd
         extended, ports
         extended, rule order 2nd
         extended, syntax of 2nd
         implicit denies 2nd
         in/out keywords 2nd 3rd
         in/out keywords, VLAN interfaces
         IPv6 2nd
         named 2nd
         named, adding/deleting entries 2nd 3rd
         named, reflexive ACL
         numbered
         planning rule order
         reflexive 2nd
         reflexive;FTP 2nd
         reflexive;ICMP
         reflexive;named ACL 2nd
         reflexive;outbound traffic 2nd
         reflexive;PASV FTP
         reflexive;TCP flags 2nd
         reflexive;UDP
         standard, applying to interfaces
         standard, blacklisting 2nd 3rd
         standard, egress filtering 2nd
         standard, friendly net IP address access 2nd
         standard, ingress filtering 2nd 3rd 4th
         standard, syntax of
         wildcard masks 2nd 3rd 4th
    ACLs
         routers
     deny any log command
     established keyword 2nd
         DNS 2nd
     fragments 2nd 3rd
     IDS sensor deployment
     IPChains 2nd
     ports
     server firewalls 2nd
     software architecture
     source routing
     spoofing
     static packet filters
     SYN flags
packet-too-big ICMP unreachable messages 2nd 3rd
PacketCrafter (Komodia) 2nd
packets
    authentication
         AH protocol 2nd 3rd 4th
         AH protocol, ESP protocol combinations 2nd
         ESP protocol
         ESP protocol, AH protocol combinations 2nd
         ESP protocol, IPSec transport mode
         ESP protocol, IPSec tunnel mode 2nd
         ESP protocol, NAT 2nd
         ESP protocol, packet header components 2nd
         ESP protocol, packet traces 2nd
     crafted
     deep packet inspection 2nd
     Deep Packet Inspection
     deep packet inspection
         SSL
     defining
     destination addresses
     ESP protocol header components 2nd
     ESP protocol traces, example of 2nd
     fragments 2nd 3rd
         Nmap frag option
     ICV
    MTU
         network performance 2nd
     routing
         implicit permits
     Shallow Packet Inspection
     size of (network latency)
     source addresses
     source routing
     spoofing
     static filters
     VPN
     VPN tunneling
PAD (Packet Assembler/Disassembler) services
     disabling
parallel firewalls
     secure perimeter design 2nd 3rd
pass command (SSH)
     router hardening
passive interface command (routers)
password aging 2nd
password-cracking software
     Crack 2nd
     John the Ripper
     L0phtCrack 2nd
password-filtering software
passwords
     AP hardening
     assigning
     auditing
     dictionary attacks
     filtering software
     guessing tool software
     history of 2nd
     host hardening 2nd 3rd 4th
     password aging 2nd
    routers
         SNMP 2nd 3rd 4th
PASV (passive) FTP
     extended ACL 2nd 3rd
PASV FTP (
     reflexive ACL
PAT
     routers 2nd
         viewing translation tables
PAT (Port Address Translation) [See NAT]
     IPSec 2nd
patches
     change management 2nd
     constraints of 2nd
     host hardening 2nd 3rd
     notification newsletters
PBX (private branch exchange) systems
     secure perimeter design
PDM (PIX Device Manager) 2nd
     Configuration screen 2nd
     Hosts/Networks screen
     System Properties screen
     Translation Rules screen
PEAP (Protected Extensible Authentication Protocol) 2nd 3rd
     TinyPEAP
penetration tests 2nd 3rd
performance
     broadcast domains 2nd
    case studies
         ISDN network connections 2nd
         satellite-based networks 2nd
     content filters 2nd
    defining
         network bandwidth
         network latency 2nd
         network latency, bandwidth availability
         network latency, gateway processing
         network latency, packet size
         network latency, ping command
         network latency, propagation
         response time
         throughput
    DoS attacks
         ICMP flooding
         ICMP flooding, DDoS attacks 2nd 3rd 4th
         ICMP flooding, smurfing attacks 2nd
         SYN flooding 2nd 3rd
     encryption
         hardware accelerators 2nd
         network layer cryptography 2nd 3rd 4th 5th
         public key cryptography
         router link encryption case study 2nd
         SSL Web server case study
         symmetric key cryptography 2nd
         transport layer cryptography 2nd 3rd
    hardware accelerators
         accelerator cards
     load balancers 2nd 3rd
         Layer 4 dispatchers 2nd
         Layer 7 dispatchers 2nd
     metrics
     OSPF
     packet filters 2nd
     proxy firewalls 2nd
     RIP 2nd
     secure perimeter design 2nd
         detailed logs 2nd
         encryption 2nd
         inline security devices
     security, importance in 2nd
     stateful firewalls 2nd
    TCP/IP
         ICMP messages 2nd
         MTU 2nd
         socket buffer sizes 2nd
         window sizes
     troubleshooting
     WAN 2nd
perimeter
    border routers
         defining
     defense in depth infrastructure, role in
         border routers
         egress filtering 2nd
         IDS 2nd
         ingress filtering 2nd
         IPS
         proxy firewalls
         stateful firewalls 2nd
         static packet filters 2nd 3rd
         VPN 2nd
     defining
    DMZ
         defining 2nd
         DNS servers 2nd
    firewalls
         defining
    HIDS
         defining 2nd
    IDS
         defining 2nd
    IPS
         defining
    NIDS
         defining 2nd
    routers
         defining
    screened subnets
         defining 2nd
         DNS servers 2nd
    software architecture
         defining
    VPN
         defining 2nd
perimeter device verification phase (network security assessments)
     access control verification
         firewall management 2nd
         traffic restrictions 2nd 3rd
     assessment stations 2nd
     firewall validation 2nd
     listener stations 2nd
perimeter scanning software
     perimeter configuration changes 2nd
perimeter security maintenance
     change management
         communicating proposed changes
         detecting/preventing unauthorized changes 2nd
         discovering systems/devices
         patches 2nd
         personnel support
         rolling back undesired changes
         testing changes
         verifying proper system operation
     incident response
         automating 2nd
         notifications 2nd
         phases of 2nd
         response guidelines 2nd
     system/network monitoring
         alerts
         Big Brother software 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th
         establishing procedures 2nd
         establishing procedures, defining hosts/procedures 2nd 3rd
         establishing procedures, monitoring local system attributes 2nd 3rd 4th 5th 6th
         establishing procedures, network/remote service accessibility 2nd 3rd 4th
         HP OpenView software 2nd
         remote monitoring security 2nd 3rd 4th 5th
perimeter security policies
     access 2nd
     changing 2nd
     control
     firewalls as 2nd
    implementing
         email handling 2nd
         incident handling 2nd
         presumption of privacy
     limited personal use policies
     unenforcable policies 2nd
         backdoors 2nd
         email 2nd 3rd
         Outlook (MS) 2nd
         sneaker net
         TCP Port 80
         VLVHLP
         writing 2nd
         writing rule sets
perimeter security, developing
    attacker type, determining
         determined insiders 2nd
         determined outsiders 2nd 3rd
         script kiddies 2nd
         worms 2nd 3rd
     business requirements, determining
         business-related services 2nd
         cost 2nd 3rd
         fault tolerance
         fault tolerance, geographic redundancy 2nd
         fault tolerance, inrtasite redundancy 2nd 3rd 4th 5th
         fault tolerance, inrtasystem redundancy
         performance 2nd
         performance, detailed logs 2nd
         performance, encryption 2nd
         performance, inline security devices
    case studies
         complex e-commerce business sites 2nd
         complex e-commerce business sites, DMZ 2nd 3rd 4th
         complex e-commerce business sites, internal networks 2nd
         complex e-commerce business sites, Internet 2nd 3rd
         complex e-commerce business sites, proxy layers 2nd 3rd
         complex e-commerce business sites, security networks 2nd 3rd 4th
         small businesses with basic Internet presence 2nd 3rd 4th 5th 6th 7th
         small e-commerce business sites 2nd 3rd 4th 5th 6th 7th 8th 9th
         telecommuters using broadband connections 2nd 3rd 4th 5th 6th
     cost, determining 2nd
    design elements
         firewalls 2nd
         firewalls, access control 2nd
         firewalls, basic filtering 2nd
         firewalls, inline 2nd
         firewalls, ISP controlled routers 2nd
         firewalls, parallel 2nd 3rd
         firewalls, VPN interaction 2nd 3rd 4th 5th 6th
         routers 2nd 3rd 4th
         routers, access control 2nd
         routers, basic filtering 2nd
         routers, ISP controlled 2nd
         VPN, firewall interaction 2nd 3rd 4th 5th 6th
     network composition, determining
     potential threats, determining
    resource protection
         bridges 2nd 3rd
         copiers
         IP-based telephony systems
         modems 2nd
         PBX systems
         printers
         routers 2nd 3rd
         servers 2nd
         switches 2nd 3rd
         voice mail systems
         workstations 2nd
perimeters
     absorbent
         failover 2nd
         honeypots
         honeypots, DTK 2nd
         honeypots, Honeynet project website
         rate limiting 2nd 3rd
perimeters, configuring
     firewall tunnels 2nd 3rd
permissions (file)
     race conditions 2nd
personal firewalls 2nd 3rd
     BackOfficer Friendly (NFR)
     compromised hosts
     configuring 2nd
     internal network defense, role in 2nd 3rd
     IPSec packet-filtering 2nd
     Norton 2nd 3rd
     PF 2nd 3rd 4th
     workstations
         websites
     ZoneAlarm Pro 2nd
PF firewalls 2nd 3rd 4th
PGP (Pretty Good Privacy) 2nd
phase 1 negotiations (IKE) 2nd 3rd
     authentication exchanges
     example of 2nd 3rd
phase 2 negotiations (IKE)
     example of
phone systems
     secure perimeter design
PhoneSweep (SandStorm Enterprises)
     wardialing 2nd
ping
     application layer addresses, obtaining
ping command
     network latency
ping floods
     border routers
ping utility
pinger utility
pings
     reconnaissance by
PIX (Cisco)
     VPDN configuration example 2nd 3rd 4th
PIX stateful firewalls (Cisco)
     fixup command 2nd 3rd 4th
     FWSM 2nd
     inbound/outobund traffic connections 2nd
     PDM 2nd
         Configuration screen 2nd
         Hosts/Networks screen
         System Properties screen
         Translation Rules screen
     show conn command 2nd
pkg program
     software, removing
PKI (Public Key Infrastructure)
PKI (Public Key Infrastructures)
plain text
     defining
planning
     ACL rule order
planning perimeter security
    attacker type, determining
         determined insiders 2nd
         determined outsiders 2nd 3rd
         script kiddies 2nd
         worms 2nd 3rd
     business requirements, determining
         business-related services 2nd
         cost 2nd 3rd
         fault tolerance
         fault tolerance, geogaphic redundancy 2nd
         fault tolerance, intrasite redundancy 2nd 3rd 4th 5th
         fault tolerance, intrasystem redundancy
         performance 2nd
         performance, detailed logs 2nd
         performance, encryption 2nd
         performance, inline security devices
    case studies
         complex e-commerce business sites 2nd
         complex e-commerce business sites, DMZ 2nd 3rd 4th
         complex e-commerce business sites, internal networks 2nd
         complex e-commerce business sites, Internet 2nd 3rd
         complex e-commerce business sites, proxy layers 2nd 3rd
         complex e-commerce business sites, security networks 2nd 3rd 4th
         small businesses with basic Internet presence 2nd 3rd 4th 5th 6th 7th
         small e-commerce business sites 2nd 3rd 4th 5th 6th 7th 8th 9th
         telecommuters using broadband connections 2nd 3rd 4th 5th 6th
     cost, determining 2nd
    design elements
         firewalls 2nd
         firewalls, access control 2nd
         firewalls, basic filtering 2nd
         firewalls, inline 2nd
         firewalls, ISP controlled routers 2nd
         firewalls, parallel 2nd 3rd
         firewalls, VPN interaction 2nd 3rd 4th 5th 6th
         routers 2nd 3rd 4th
         routers, access control 2nd
         routers, basic filtering 2nd
         routers, ISP controlled 2nd
         VPN, firewall interaction 2nd 3rd 4th 5th 6th
     network composition, determining
     potential threats, determining
    resource protection
         bridges 2nd 3rd
         copiers
         IP-based telephony systems
         modems 2nd
         PBX systems
         printers
         routers 2nd 3rd
         servers 2nd
         switches 2nd 3rd
         voice mail systems
         workstations 2nd
planning phase (network security assessments)
     scope, determining
         assessment logistics
         assessment technique risk levels
         documentation
     test resources, assembling
     written authorization
plug-ins (Nessus) 2nd
poisoning attacks [See spoofing attacks]
police command (NBAR)
policy enforcement
     switch-type NIPS
polymorphic malware
    detecting
         antivirus software
port command (FTP)
     stateful firewalls
PORT command (proxy firewalls) 2nd 3rd
port forwarding (SSH)
port scanners
    Nmap
         network security assessments 2nd
         version scans 2nd
ports
     filtering
     isolated (PVLAN)
     listing 2nd
     packet-filtering
     promiscuous (PVLAN)
    router console
         hardening 2nd
    server-side
         TCP
         UDP
    spanning
         IDS sensor placement
    TCP Port 80
         unenforceable security policies
PortSentry network connection monitoring utility 2nd
PPTP (Point-to-Point Tunneling Protocol) 2nd
     Cisco PIX VPDN configuration example 2nd 3rd 4th
     versus L2TP 2nd
pre-shared key authentication
pre-shared keys
     IPSec authentication
preparation phase (incident response)
presentation components [See multitier applications;user interface components]
presumption of privacy (security policies)
print and file services [See resource-sharing services]
printers
     secure perimeter design
privacy (security policies)
private addresses 2nd
     ingress filtering
private IP addresses
     ingress filtering 2nd 3rd
private keys (asymmetric key encryption algorithms)
private VLANs 2nd
     isolated ports
     promiscuous ports
private-only networks
    access lists
         examples of 2nd 3rd 4th 5th
proc command (routers)
     CPU usage 2nd
promiscuous ports (PVLAN)
propagation (network latency)
proprietary VPN implementations
protocol scrubbing
protocol-aware logging
     proxy firewalls
         RingZero Trojan exploit 2nd
protocols
     AH
         ESP protcol combinations 2nd
         ICV
         packet header information 2nd 3rd
    ARP
         link layer troubleshooting 2nd 3rd
    CDP
         disabling
    CORBA
         interapplication communication
    DCOM
         interapplication communication 2nd
     dynamic routing 2nd
         route authentication 2nd
         update blocking 2nd 3rd
     EAP-TLS 2nd 3rd
     ESP
         AH protcol combinations 2nd
         IPSec transport mode 2nd 3rd
         NAT 2nd
         packet header components 2nd
         packet traces, example of 2nd
    FTP
         extended ACL 2nd 3rd
         port command, stateful firewalls
         reflexive ACL 2nd
         router hardening
         tracking state 2nd
    GRE
         software architecture, firewalls
    HTTP
         interapplication communication
         tracking state 2nd
    ICMP
         packet-too-big unreachable messages 2nd
         router hardening
         router hardening, directed broadcasts
         router hardening, redirects
         router hardening, unreachables 2nd 3rd
         TCP/IP network performance 2nd
         tracking state 2nd
    IIOP
         interapplication communication
     IKE
         authentication, digital certificates
         authentication, pre-shared keys
         phase 1 negotiations 2nd 3rd
         phase 1 negotiations, authentication exchanges
         phase 1 negotiations, example of 2nd 3rd
         phase 2 negotiations
         phase 2 negotiations, example of
    IP
         blocking address ranges
         blocking spoofed addresses
         friendly net access 2nd 3rd 4th
         role in TCP/IP
         software architectures, firewalls
         TTL, network log analysis
         versions of 2nd
     IPSec
         AH protocol
         AH protocol, ESP protocol combinations 2nd
         AH protocol, ICV
         AH protocol, packet header information 2nd 3rd
         authentication, pre-shared keys
         configuration examples, Cisco routers 2nd 3rd 4th 5th 6th 7th 8th 9th
         configuration examples, Windows XP 2nd 3rd 4th 5th 6th 7th 8th
         ESP protocol
         ESP protocol, AH protocol combinations 2nd
         ESP protocol, IPSec transport mode
         ESP protocol, IPSec tunnel mode 2nd
         ESP protocol, NAT 2nd
         ESP protocol, packet header components 2nd
         ESP protocol, packet traces, example of 2nd
         IKE protocol
         IKE protocol, digital certificate authentication
         IKE protocol, phase 1 negotiations 2nd 3rd 4th 5th 6th 7th
         IKE protocol, phase 2 negotiations 2nd
         IKE protocol, pre-shared key authentication
         SA 2nd 3rd
         SAD 2nd
         SPD
         transport mode
         transport mode, ESP protocol
         tunnel mode, ESP protocol 2nd
         tunneling mode
         versus L2TP 2nd
         wireless network security
     L2TP
         versus IPSec 2nd
         versus PPTP 2nd
         Windows XP client software configuration example 2nd 3rd
     LEAP 2nd
         dictionary attacks 2nd
    multimedia
         tracking state
     NAT, breaking via
    NTP
         router configuration/authentication 2nd 3rd
    OSPF
         network performance
    PASSV FTP
         reflexive ACL
    PASV FTP
         extended ACL 2nd 3rd
     PEAP 2nd 3rd
         TinyPEAP
     PPTP 2nd
         Cisco PIX VPDN configuration example 2nd 3rd 4th
         versus L2TP 2nd
     proxy firewall compatibility 2nd
    RIP
         network performance 2nd
    SNMP
         Big Brother system/network monitoring software
         exploits on
         monitoring local system attributes 2nd
         router hardening 2nd 3rd 4th 5th 6th 7th 8th 9th
         versions of
     SNMPv2p
     SNMPv3
         remote monitoring security 2nd
    SOAP
         bypassing firewalls
         interapplication communication 2nd
     SOCKS 2nd 3rd
     SOCKSv4
     SOCKSv5
    SSH
         public key authentication
         router attacks
    TCP
         CLOSE-WAIT state
         CLOSED state
         CLOSING state
         ESTABLISHED state
         filtering ports
         FIN-WAIT-1 state
         FIN-WAIT-2 state
         LAST-ACK state
         LISTEN state
         role in TCP/IP
         server-side ports
         state tables
         SYN-RCVD state
         SYN-SENT state
         TIME-WAIT state 2nd
         tracking state 2nd 3rd 4th 5th
    TCP/IP
         IP, function of
         IP, versions of 2nd
         network performance, MTU 2nd
         network performance, socket buffer sizes 2nd
         network performance, window sizes
         RFC 1323 extensions 2nd
         TCP, function of
    TFTP
         router configuration 2nd
         router hardening 2nd
    TLS
         network performance 2nd 3rd
    UDP
         filtering ports
         reflexive ACL
         server-side ports
         tracking state 2nd
     WPA 2nd
         dictionary attacks 2nd
proxies
    anonymizing
         JAP
         proxy chaining
    remote
         network security assessments
         network security assessments, access controls 2nd
         network security assessments, authentication 2nd 3rd
         network security assessments, client restrictions 2nd
         network security assessments, encryption
     reverse 2nd
         Citrix Metaframe
     Web
         logging
         Web browsing
proxy caches [See also proxy servers]
     freshness
proxy chaining
     Onion routing
     SocksChain
proxy firewalls
     advantages of 2nd
     configuring
     disadvantages of 2nd 3rd
     FTP 2nd
     FTP, bypassing via
     functions of
     FWTK 2nd
     Gauntlet 2nd
     generic proxies 2nd
     high-risk services
     internal protected networks
     market availability 2nd 3rd
     network discovery 2nd
     network performance 2nd
     network structures, hiding 2nd
    nontransparent
         request handling
     performance of
     perimeter defense, role in
     PORT command 2nd 3rd
     protocol compatibility 2nd
     protocol support
     protocol-aware logs
         RingZero Trojan exploit 2nd
     RETR command
     SOCKS protocol
     SOCKSv4 protocol
     SOCKSv5 protocol
     Squid
    transparent
         request handling, example of 2nd
     URL
     versus stateful firewalls
     VPN
proxy layers
     complex e-commerce site case studies 2nd 3rd
proxy servers [See also proxy caches]
     client awareness
     functions of
     initiators
     listeners
     SSL
         perimeter defenses
         uses of
proxy-ARP
     disabling 2nd
Ptacek, Thomas
     Insertion, Evasion and Denial of Service[COLON] Eluding Network Intrusion Detection [ITAL]
public key authentication
     SSH protocol
public key cryptography
     network performance
Public Key Infrastructures (PKI)
public keys (asymmetric key encryption algorithms)
Public Servers security zone, creating
public Web servers
    adversarial reviews
         determining attacker access 2nd 3rd
     adversarial reviews, determining impact of misconfigurations/vulnerabilities 2nd
    HP Virtual Vault
         adversarial reviews, determining attacker access 2nd 3rd
         adversarial reviews, determining impact of misconfigurations/vulnerabilities 2nd
         mkacct command
purchasing software
     demos
     evaulation checklists 2nd
     unsecurable software,handling 2nd
     user information, gathering 2nd
PUT attacks 2nd
PVLANs 2nd
     isolated ports
     promiscuous ports



Inside Network Perimeter Security
Inside Network Perimeter Security (2nd Edition)
ISBN: 0672327376
EAN: 2147483647
Year: 2005
Pages: 230

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net