Index

Symbols

802.11x, Wireless Networks

and security, Wireless Networks

A

Apache HTTP Server

cgi security, Restrict Permissions for Executable Directories

directives, Securing Apache HTTP Server

introducing, Securing Apache HTTP Server

attackers and risks, Attackers and Risks

B

basic input output system

See BIOS

BIOS

security, BIOS and Boot Loader Security

passwords, BIOS Passwords

black hat hacker

See crackers

boot loaders

GRUB

password protecting, Password Protecting GRUB

LILO

password protecting, Password Protecting LILO

security, Boot Loader Passwords

C

CIPE, Crypto IP Encapsulation (CIPE)

customizing, Customizing CIPE

installation, CIPE Installation

co-location services, Hardware Security

collecting evidence, Collecting an Evidential Image

file auditing tools, Gathering Post-Breach Information

dd, Gathering Post-Breach Information
file, Gathering Post-Breach Information
find, Gathering Post-Breach Information
grep, Gathering Post-Breach Information
md5sum, Gathering Post-Breach Information
stat, Gathering Post-Breach Information
strings, Gathering Post-Breach Information

common exploits and attacks, Common Exploits and Attacks

table, Common Exploits and Attacks

communication tools

secure, Security Enhanced Communication Tools

GPG, Security Enhanced Communication Tools
OpenSSH, Security Enhanced Communication Tools

computer emergency response team, The Computer Emergency Response Team (CERT)

controls, Security Controls

administrative, Administrative Controls

physical, Physical Controls

technical, Technical Controls

conventions

document, Document Conventions

cracker

black hat hacker, Shades of Grey

crackers

definition, Hackers and Crackers

D

dd, Collecting an Evidential Image, Gathering Post-Breach Information

Denial of Service (DoS)

distributed, Security Today

DMZ

See networks

F

file, Gathering Post-Breach Information

file auditing

tools, Gathering Post-Breach Information

find, Gathering Post-Breach Information

firewall types, Firewalls

network address translation (NAT), Firewalls

packet filter, Firewalls

proxy, Firewalls

firewalls, Firewalls

additional resources, Additional Resources

personal, Personal Firewalls

types, Firewalls

FTP

anonymous access, Anonymous Access

anonymous upload, Anonymous Upload

greeting banner, FTP Greeting Banner

introducing, Securing FTP

TCP wrappers and, Use TCP Wrappers To Control Access

user accounts, User Accounts

vsftpd, Securing FTP

warning banner, FTP Warning Banner

wu-ftpd, Securing FTP

G

grep, Gathering Post-Breach Information

grey hat hacker

See hackers

H

hacker ethic, Hackers and Crackers

hackers

black hat

See cracker

definition, Hackers and Crackers

grey hat, Shades of Grey

white hat, Shades of Grey

hardware, Hardware and Network Protection

and security, Hardware Security

laptops, Hardware Security

servers, Hardware Security

workstations, Hardware Security

I

IDS

See intrusion detection systems

incident response, Incident Response

and legal issues, Legal Issues

collecting evidence, Collecting an Evidential Image

computer emergency response team (CERT), The Computer Emergency Response Team (CERT)

creating a plan, Creating an Incident Response Plan

defining, Defining Incident Response

gathering post-breach information, Gathering Post-Breach Information

implementation, Implementing the Incident Response Plan

investigation, Investigating the Incident

post-mortem, Investigating the Incident

reporting the incident, Reporting the Incident

restoring and recovering resources, Restoring and Recovering Resources

incident response plan, Creating an Incident Response Plan

insecure services, Insecure Services

rsh, Insecure Services

telnet, Insecure Services

vsftpd, Insecure Services

wu-ftpd, Insecure Services

introduction, Introduction

other Red Hat Linux manuals, Introduction

topics, Introduction

intrusion detection systems, Intrusion Detection

and log files, Host-based IDS

defining, Defining Intrusion Detection Systems

host-based, Host-based IDS

network-based, Network-based IDS

Snort, snort

RPM Package Manager (RPM), RPM as an IDS

Tripwire, Tripwire

types, IDS Types

ip6tables, ip6tables

iptables, Netfilter and iptables

additional resources, Additional Resources

using, Using iptables

K

Kerberos

NIS, Use Kerberos Authentication

L

legal issues, Legal Issues
lpd, Identifying and Configuring Services
lsof, Verifying Which Ports Are Listening

M

md5sum, Gathering Post-Breach Information

N

Nessus, Nessus

Netfilter, Netfilter and iptables

additional resources, Additional Resources

Netfilter 6, ip6tables

netstat, Verifying Which Ports Are Listening

network services, Available Network Services

identifying and configuring, Identifying and Configuring Services

risks, Risks To Services

buffer overflow, Risks To Services
denial-of-service, Risks To Services
script vulnerability, Risks To Services

network topologies, Secure Network Topologies

linear bus, Physical Topologies

ring, Physical Topologies

star, Physical Topologies

networks, Hardware and Network Protection

and security, Secure Network Topologies

de-militarized zones (DMZs), Network Segmentation and DMZs

hubs, Transmission Considerations

segmentation, Network Segmentation and DMZs

switches, Transmission Considerations

wireless, Wireless Networks

NFS, Securing NFS

and Sendmail, NFS and Sendmail

network design, Carefully Plan the Network

syntax errors, Beware of Syntax Errors

NIS

introducing, Securing NIS

iptables, Assign Static Ports and Use

Kerberos, Use Kerberos Authentication

NIS domain name, Use a Password-Like NIS Domain Name and Hostname

planning network, Carefully Plan the Network

securenets, Edit the /var/yp/securenets File

static ports, Assign Static Ports and Use

nmap, Verifying Which Ports Are Listening, Scanning Hosts with Nmap

command line version, Using Nmap

graphical version, Using Nmap

O

OpenSSH, Security Enhanced Communication Tools

scp, Security Enhanced Communication Tools

sftp, Security Enhanced Communication Tools

ssh, Security Enhanced Communication Tools

overview, Security Overview

P

password aging, Password Aging

password security, Password Security

aging, Password Aging

and PAM, Forcing Strong Passwords

auditing tools, Forcing Strong Passwords

Crack, Forcing Strong Passwords
John the Ripper, Forcing Strong Passwords
Slurpie, Forcing Strong Passwords

enforcement, Forcing Strong Passwords

in an organization, Creating User Passwords Within an Organization

methodology, Secure Password Creation Methodology

strong passwords, Creating Strong Passwords

passwords

within an organization, Creating User Passwords Within an Organization

pluggable authentication modules (PAM)

strong password enforcement, Forcing Strong Passwords

portmap, Identifying and Configuring Services

and iptables, Protect portmap With iptables

and TCP wrappers, Protect portmap With TCP Wrappers

ports

monitoring, Verifying Which Ports Are Listening

post-mortem, Investigating the Incident

R

RAZOR, VLAD the Scanner

reporting the incident, Reporting the Incident

restoring and recovering resources, Restoring and Recovering Resources

patching the system, Patching the System

reinstalling the system, Reinstalling the System

risks

encryption, Network Encryption

insecure services, Inherently Insecure Services

networks, Threats To Network Security

architectures, Insecure Architectures

open ports, Unused Services and Open Ports

patches and errata, Unpatched Services

servers, Threats To Server Security

inattentive administration, Inattentive Administration

wireless LAN (WLAN), Wireless Local Area Networks (WLANS)

workstations and PCs, Threats To Workstation and Home PC Security, Bad Passwords

applications, Vulnerable Client Applications

root, Allowing Root Access

allowing access, Allowing Root Access

disallowing access, Disallowing Root Access

limiting access, Limiting Root Access

and su, The su Command
and sudo, The sudo Command
with User Manager, The su Command

methods of disabling, Disallowing Root Access

changing the root shell, Disabling Root Logins
disabling SSH logins, Disabling Root SSH Logins
with PAM, Disabling Root Using PAM

root user

See root

RPM

and intrusion detection, RPM as an IDS

check GPG signature, Using the Errata Website

importing GPG key, Using the Errata Website

S

security considerations

hardware, Hardware and Network Protection

network transmission, Transmission Considerations

physical networks, Hardware and Network Protection

wireless, Wireless Networks

security overview, Security Overview

conclusion, Conclusion

controls

See controls

defining computer security, What is Computer Security?

Denial of Service (DoS), Security Today

evolution of computer security, How did Computer Security Come about?

viruses, Security Today

sendmail, Identifying and Configuring Services

and NFS, NFS and Sendmail

introducing, Securing Sendmail

limiting DoS, Limiting Denial of Service Attack

server security

Apache HTTP Server, Securing Apache HTTP Server

cgi security, Restrict Permissions for Executable Directories
directives, Securing Apache HTTP Server

FTP, Securing FTP

anonymous access, Anonymous Access
anonymous upload, Anonymous Upload
greeting banner, FTP Greeting Banner
TCP wrappers and, Use TCP Wrappers To Control Access
user accounts, User Accounts
vsftpd, Securing FTP
warning banner, FTP Warning Banner
wu-ftpd, Securing FTP

NFS, Securing NFS

network design, Carefully Plan the Network
syntax errors, Beware of Syntax Errors

NIS, Securing NIS

iptables, Assign Static Ports and Use
Kerberos, Use Kerberos Authentication
NIS domain name, Use a Password-Like NIS Domain Name and Hostname
planning network, Carefully Plan the Network
securenets, Edit the /var/yp/securenets File
static ports, Assign Static Ports and Use

overview of, Server Security

portmap, Securing Portmap

ports

monitoring, Verifying Which Ports Are Listening

Sendmail, Securing Sendmail

and NFS, NFS and Sendmail
limiting DoS, Limiting Denial of Service Attack

TCP wrappers, Enhancing Security With TCP Wrappers

attack wrarnings, TCP Wrappers and Attack Warnings
banners, TCP Wrappers and Connection Banners
logging, TCP Wrappers and Enhanced Logging

xinetd, Enhancing Security With xinetd

managing resources with, Controlling Server Resources
preventing DoS with, Controlling Server Resources
SENSOR trap, Setting a Trap

services, Verifying Which Ports Are Listening

Services Configuration Tool, Identifying and Configuring Services

Snort, snort

sshd, Identifying and Configuring Services

stat, Gathering Post-Breach Information

strings, Gathering Post-Breach Information

su

and root, The su Command

sudo

and root, The sudo Command

T

TCP wrappers

and FTP, Use TCP Wrappers To Control Access

and portmap, Protect portmap With TCP Wrappers

attack wrarnings, TCP Wrappers and Attack Warnings

banners, TCP Wrappers and Connection Banners

logging, TCP Wrappers and Enhanced Logging

Tripwire, Tripwire

U

updates

official security errata, Security Updates

via Red Hat Errata website, Using the Errata Website

via Red Hat Network, Using Red Hat Network

V

Virtual Private Networks, Virtual Private Networks

See CIPE

viruses

trojans, Security Today

VLAD the Scanner, VLAD the Scanner

VPN, Virtual Private Networks

vulnerabilities

assessing with Nessus, Nessus

assessing with Nmap, Scanning Hosts with Nmap

assessing with VLAD the Scanner, VLAD the Scanner

assessing with Whisker, Whisker

assessment, Vulnerability Assessment

defining, Defining Assessment and Testing
establishing a methodology, Establishing a Methodology
testing, Defining Assessment and Testing

W

Whisker, Whisker

white hat hacker

See hackers

Wi-Fi networks

See 802.11x

wireless security, Wireless Networks

802.11x, Wireless Networks

workstation security, Workstation Security

BIOS, BIOS and Boot Loader Security

boot loaders

passwords, Boot Loader Passwords

evaluating, Evaluating Workstation Security

administrative control, Evaluating Workstation Security
BIOS, Evaluating Workstation Security
boot loaders, Evaluating Workstation Security
communications, Evaluating Workstation Security
passwords, Evaluating Workstation Security
personal firewalls, Evaluating Workstation Security

X

xinetd, Identifying and Configuring Services

managing resources with, Controlling Server Resources

preventing DoS with, Controlling Server Resources

SENSOR trap, Setting a Trap