Index [ptgmedia.pearsoncmg.com]ptgmedia.pearsoncmg.com/images/020171972X/index/clarkindex.pdf · competition with traditional retailers, 6, 6t empires in, 5–6 failure of ventures
Post on 10-Aug-2020
0 Views
Preview:
Transcript
Index
255
AAccess
controlled, 55–60open, 24, 32–33, 56–58
Access control lists (ACLs)configuration of, 66hardening of, 154–155in NT, 179
Accomplice networks, 136–137ACK (acknowledgment), 91ACLs. See Access control listsActive scripting, 103ActiveX controls, 65Advanced Research Project
Agency Network(ARPANET), 45, 85
AIM/ICQ communications, 77Amazon.com
dominance of, 5DoS attacks on, 14expansion of product lines
by, 5–6growth in sales of, 5stock of, 7supply chain of, 17
AOL Instant Messenger/“I seekyou” communications, 77
Applets, security problems with,xvi, 65
Application(s)configuration of, 66–67deployment of, 66–67
development of, 8–12, 9f,68–69
in e-security blueprint, 146mission-critical, on Internet, 56
Architecture, e-security, 185–208firewalls in, 186–194hardening network infra-
structure in, 154–183IDS in, 205–208for remote access, 194–200vulnerability assessment and,
200–205ARPANET (Advanced Research
Project Agency Network),45, 85
Asset protection, vs. open access,32–33, 57–58
Attachments, e-mail, backdoorprograms in, 96, 99
Attacksstrategies for countering,
121–125strategies for surviving,
113–121Attrition.org, 201Authentication. See also Strong
authenticationin e-security blueprint, 153role of, 32, 58–60
Automated command sequences,attacks by, 101–111
Automobile market, 6t
Note: Page numbers followed by the letters f and t indicate figures andtables, respectively.
29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 255
BBack Orifice, 38, 41, 70Back Orifice 2000, 97–99
functions of, 98–99mechanism of action, 38,
98, 98tBackdoor programs, 96–100
definition of, 96detection of, 99elimination of, 99–100examples of, 97–99functions of, 97, 126mechanism of action, 96–97,
101vs. Trojan horses, 96–97
Bandwidth, network, and DDoSattacks, 132–133
Barnes and Nobledominance of, 5growth potential of, 5
Bastille Linux, 167Bastion firewall host archi-
tecture, 187–189Berkeley Internet Name
Domain (BIND), 71, 159,201
Best practicesin e-security architecture, 154in e-security blueprint,
144–145, 148–150Beyond.com, dominance of, 5Binaries, system
analysis of, after attack, 124,125, 127–128
tools for protection of,175–176
BIND (Berkeley Internet NameDomain), 71, 159, 201
Binfo.c script, 201Biometrics authentication, 60Black hats, 38Blockbuster, 6Blueprint, e-security, 143–153,
145fbusiness objectives in,
145–147, 147fdevelopment of, 144–153
Book market, 5, 6tBootP (Bootstrap Protocol), 245British Standards Institute
(BSI), 148–149Broadcasts, directed, 137Brown Orifice, 109–110BS7799 standard, 148–150BSI (British Standards
Institute), 148–149B2B. See Business-to-businessB2C (business-to-consumer).
See E-tailBubble Boy virus, 104Buffer overflows, 107, 245Business-to-business (B2B)
benefits of, 19growth potential of, 4, 18–19supply chain of, 18–21, 20f
Business-to-consumer (B2C).See E-tail
CCA (certificate authority),
59–60Car market, 6tCategory killers, 20–21CDNow
dominance of, 5expansion of product lines
by, 6supply chain of, 17
Central Intelligence Agency(CIA), 43
CERT Coordination Center(CERT/CC)
role in attack response,117–118
sample form for, 233–234services offered by, 214on system binaries, 124on vulnerabilities, 214
Certificate authority (CA),59–60
CGI (Common GatewayInterface), 66, 110
Checkpoint SoftwareTechnologies, 53, 193
CIA (Central IntelligenceAgency), 43
Cisco Systems, 202Clean, 127Client/server software, vulner-
abilities in, 72–75, 74f, 76fClinton, Bill, 42, 118Cloak, 127Code Red virus, xiii, 40Code review, during application
development, 68–69Command sequences, auto-
mated, attacks by, 101–111Common Gateway Interface
(CGI)configuration errors in, 66functions of, 110script attacks with, 110
Common object request brokerarchitecture (CORBA), 12
Common Vulnerabilities andExposures (CVE) database,68, 73, 212
Computer Intrusion squad, 43Computer Oracle and Password
System (COPS), 174, 203Computer Security Institute, 43Confidentiality, definition of,
23, 33Configuration
analysis of, after attack,124–125
errors in, 66–67vulnerabilities in, 66–67, 86,
212Control analysis, 224–225Controlled access,
disappearance of, 55–60Cookies, 105–106COPS (Computer Oracle
and Password System),174, 203
CORBA (commonobject request brokerarchitecture), 12
Countermeasures, 121–125Crack, 127, 172
256 Index
29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 256
Cracker(s)definition of, 39vs. hackers, 36, 37–38and White House Web site, 39
Cracker groups, 39Criminal threat sources, 222,
223tCult of the Dead Cow, 38, 41,
97–98Customer(s)
confidence of, DDoS attacksand, xiv, 92
repeat, 31CVE (Common Vulnerabilities
and Exposures) database,68, 73, 212
CyberCop Scanner, 202
DDaemons, in DDoS attacks,
92–93Data Fellows, 53Data integrity, 23, 33Database Scanner, 202DCOM (distributed component
object model), 12DDoS (distributed denial-of-
service) attacks. See alsospecific types
in 2000, xiv, 14, 92and consumer confidence,
xiv, 92countermeasures during, 122definition of, 92vs. DoS, 92, 129effects of, xiv, 92firewalls and, 130–132, 140IDS for, 139–141IP spoofing in, 91–92mechanism of action, 101,
139–140next generation of, 104protection against, 130–133,
139–141recovery after, 141–142RPC vulnerabilities and, 107tools for, 92–96, 94t, 139
Decision support systems, inrisk management, 30
DeepThroat, 98tDefault settings, vulnerabilities
in, 74–75DefCon, Back Orifice at, 38Defense Department, 42, 44Dell.com, disintermediation in
supply chain of, 17Demilitarized zones (DMZs)
architecture of, 190–193,191f
attacks on, 190early use of, 48private, 191–192, 249public, 191–192restrictions on access in,
192Denial-of-service attacks. See
DoS attacksDepartment(s), independently
operating, 72Department of Defense,
42, 44Department of Justice, 42, 44,
66Deraison, Renaud, 202Digital certificates, 59–60Digital chasm, 12, 13fDigital signatures
with strong authentication,60
in VPNs, 25Directed broadcasts, 137Directory, definition of, 245Disaster recovery, team
responsible for, 115Disintermediation, 16, 17, 18Distributed component object
model (DCOM), 12Distributed denial-of-service
attacks. See DDoS attacksDistributed systems,
recentralization of, 64DMZs. See Demilitarized
zonesDNS, 71
DoS (denial-of-service) attacks,129–142. See also specifictypes
vs. DDoS, 92, 129distributed (See DDoS
attacks)early, 53effects of, 129–133firewalls and, 130with ping of death, 53
Dual-homed hosts, 186–187,188f
EE-business, 3–21
advantages of, xvi, xviiidrivers of, 8, 9fe-security as enabler of,
31–32growth potential for, 3–4nature of, 15–21supply chain of, 7, 15–21, 28
E-mail attachments, backdoorprograms in, 96, 99
E-mail worms, 103E-security
blueprint (functional model)for, 143–183
definition of, xv, 24as enabler of e-business,
31–32essential elements of, 32–33,
80functions of, xv, 24guidelines for, 78–80vs. physical security, 24, 32point solutions and, 24–27principles of, 27–28risk management in, 28–31
E-tail (electronic retail)business systems needed in, 7competition with traditional
retailers, 6, 6tempires in, 5–6failure of ventures in, 7growth potential for, 3–4supply chain in, 15–18, 16f
Index 257
29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 257
E-trade, DDoS attacks on,xiv, 14
EAI (enterprise applicationintegration), 8
eBaydominance of, 5as new market channel, 17supply chain of, 17
Egress filtering, 134–135, 136,246
Electronic retail. See E-tailElectronics market, consumer,
6tEligible Receiver, 42Emergency response plan,
formulation of, 114–117Empires, business, 5–6Encryption
and privacy, 33in remote-access architecture,
195by routers, 157–158by VPNs, 53
Enterprise applicationintegration (EAI), 8
Enterprise risk management,30
Environmental threat sources,222
ESM, 202EvilFTP, 98tExploit, testing by, 215–216Extranets
attacks on, 48–49early use of, 48, 52on public data networks,
48
FFarmer, Dan, 202, 203FAT (file allocation table),
180FBI. See Federal Bureau of
InvestigationsFedCIRC (Federal Computer
Incident ResponseCapability), 119, 223
Federal Bureau of Investigations(FBI)
Computer Intrusion squadof, 43
field offices of, 118–119NIPC of, 42–43role in attack response, 118on top vulnerabilities,
229–231and White House hackers, 39
Federal Computer IncidentResponse Capability(FedCIRC), 119, 223
Federal government, responseto hacker threat, 42–44
File allocation table (FAT), 180File Transfer Protocol. See FTPFinger, definition of, 246Firewall(s), 186–194
ACL configuration and, 66address hiding by, 50–51concentric, 26, 26fand DDoS attacks, 130–132,
140definition of, 246and DoS attacks, 130early use of, 48, 49–51fortified, 130functions of, xv, 24, 49–51hardening of, 193–194with IDS, 140and IP spoofing, 49, 51f, 91limitations of, 27–28, 49, 51load-balanced, 131–132and NAT, 49–50, 52fand perimeter security, 151and ping of death, 130and ports, enablement of,
87–88proxy, 50–51, 132and remote access, 49, 51, 70rule base for, 88, 186statefull inspection, 186and SYN-ACK, 130types of, 186–193vulnerabilities in, 193
Firewall-1, 193, 194
Forum of Incident Responseand Security Teams(FIRST), 44
FTP (File Transfer Protocol)sites
early use of, 48with Linux, 161–165security policies for, 81server isolation for, 81with UNIX, 174
Functional model. See BlueprintFWZ, 53Fyodor, 202
GGateCrasher, 98tGirlFriend, 98tGlobal Hell, 38–39Glossary, 245–250
HHack’a’Tack, 98tHacker(s), 35–44
vs. crackers, 36, 37–38and extranets, 48–49federal response to, 42–44and intranets, 48–49Microsoft targeted by, 35,
40–41motivations of, 36–38, 223tprevalence of attacks by, 35reporting of attacks by, 35tools used by, 41–42
Hacker groups, 38–40Hacking for Girlies (HFG),
39–40Hard drives, copying, 123Hardening, of network infra-
structure, 151, 154–183firewalls in, 193–194Linux in, 159–167, 162t–163tnetwork devices in, 67NT in, 176–183UNIX in, 167–176,
168t–169tWindows in, 235–236
Hardware market, PC, 6t
258 Index
29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 258
Herbie (New Love) worm, 40,43, 102, 103
HFG (Hacking for Girlies),39–40
Hitler, Adolf, 66Host(s)
disconnection of, 122–123expansion of, 70–72multihomed firewall,
186–187, 188f, 189fHost-based intrusion detection
systems, 208Host-based vulnerability
assessment, 202–205,217–218
Hrycaj, Jordan, 202Human capital, shortages of,
75–77Human error and omission,
65–69Human threat sources, 222–223,
223t
IICMP (Internet Control
Message Protocol), 246ICMP echo requests, in Smurf
bandwidth attacks,135–136, 137, 237
IDS. See Intrusion detectionsystems
IEC (InternationalElectrotechnicalCommission), 148, 149
IETF (Internet EngineeringTask Force), 54, 195
IIS (Internet InformationServer), 69
IKE (Internet Key Exchange),54, 195
Impact analysis, 220, 226–227Incident reporting form,
233–234Incident response team (IRT),
115–117, 116fInetd, 246Inetd.conf, 246
Inference methods of testing,215–216
Information technology. See ITInfrastructure, network, hard-
ening of, 67, 151, 154–183Ingress filtering, 146, 247Initial public offerings (IPO), 7Integrity, data, 23, 33In.telnetd, 247Intermediaries, in business
practices, 16, 17, 18Intermediary networks, 137Internal host expansion, 70–72Internal threat sources, 223tInternational Electrotechnical
Commission (IEC), 148,149
International Organization forStandardization (ISO),148, 149
International organizations, forhacker prevention andresponse, 44
Internet, trends in growth of, 4Internet Control Message
Protocol. See ICMPInternet Engineering Task Force
(IETF), 54, 195Internet Explorer, cookies in, 106Internet Information Server
(IIS), 69Internet Key Exchange (IKE),
54, 195Internet Scanner, 140, 202Internet Security Association
and Key ManagementProtocol/Internet KeyExchange (ISAKMP/IKE),54
Internet Security System (ISS),140, 141, 202
Internet service providers(ISPs), role in attackresponse, 117, 138
Intranetsattacks on, 48–49early use of, 48, 52
Intrusion detection systems(IDS), 119–122
architecture for, 205–208,207f
for DDoS attacks, 139–141host-based, 208layering security counter-
measures with, 152limitations of, 205network-based, 205–208signature databases in, 205
Inventory, and supply chains,16, 17
IP addresseshiding of, 50–51NAT and, 49–50, 52fscreening of, in TCP/IP, 86spoofing of (See IP spoofing)
IP fragments, 89IP Security (IPSec), 54–55, 55fIP spoofing, 91–92
firewalls and, 49, 51f, 91ingress filtering and,
146, 247process of, 49, 50fprotection from, 49, 51f,
91–92, 134–135in SYN floods, 133–134, 238TCP/IP vulnerabilities and,
86IPChains, 166–167IPO (initial public
offerings), 7IPSec (IP Security), 54–55, 55fIrk4, 127IRT (incident response team),
115–117, 116fISAKMP/IKE, 54ISO (International
Organization forStandardization),148, 149
ISPs (Internet serviceproviders), role in attackresponse, 117, 138
ISS (Internet Security System),140, 141, 202
Index 259
29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 259
IT security policy, 147–153,147f
best practices in, 148–150corporate policies and, 148,
149fdefinition of, 147development of, 147–148documentation of, 148functional model for,
150–153, 150fIT systems, vulnerability
management in,212–214
JJava, xvi, 65, 247Java 2 Platform Enterprise
Edition (J2EE), 12JavaScript, 247
attacks in, 65, 105–106functions of, 65, 102
Jericho, 201Jerry Seinfeld (TV show), 104John the Ripper (JtR), 127Just-in-time business model,
25–26Justice Department, 42, 44, 66
KKey exchange standards, 54–55
LLaw enforcement, role in attack
response, 118–119Layers of security
IDS in, 152with Linux, 175fwith NT, 182–183, 182fwith UNIX, 175, 175f
Life-cycle security, assessmentof, 151–152
Linux, hardening of, 159–167,162t–163t
Load balancing, 131–132, 135,247–248
Load-balancing algorithm, 248Lockhart, Joe, 39
Log filesanalysis of, after attack, 124,
127, 141–142cleaning tools for, 127for firewalls, 192–193in Linux, 161–164in NT, 178–179in UNIX, 170–172
Love Bug virusdamage caused by, xiii, 40investigation of, 42–43variations of, 102
MMAC (media access control)
addresses, 131, 248Makaveli, 39Management
opportunity, 31risk (See Risk management)of threats, 30of vulnerabilities, 30,
211–218Management controls, 224, 225Market(s)
new channels for, 17, 18trends in, 5–6, 6t
Martin, Brian, 201MD5 (message digest 5), 176,
182–183, 195, 248Media access control (MAC)
addresses, 131, 248Melissa virus, xiii, 42Message digest 5 (MD5), 176,
182–183, 195, 248Microsoft. See also specific
productsattacks on, 35, 40–41security bulletins from, 214security problems with, xvi,
40–41Middlemen, elimination of, 16,
17, 18Middleware, 12, 13fMission-critical applications,
early, on Internet, 56MITRE Corporation, 68
Motorola, 40Multihomed firewall host,
186–187, 188f, 189fMusic market, 5–6, 6t
NNAP (network access point), 248NASA, 40NAT (network address
translation), 49–50, 52fNational Infrastructure
Protection Center (NIPC),42–43, 223
National Security Agency(NSA), 42, 44
National Security Council(NSC), 44
Natural threat sources, 222Nessus, 139, 202Netbus 2.0 Pro (NB2)
functions of, 99mechanism of action, 97–98,
98tNetCat, 248NetRecon, 140, 202, 203Netscape Communicator,
cookies in, 106Netscreen-100, 193Netscreen Technologies, 193NetSonar, 202NetSphere, 98tNetwork access point (NAP),
248Network address translation
(NAT), 49–50, 52fNetwork Associate, 202Network bandwidth, and DDoS
attacks, 132–133Network-based intrusion detec-
tion systems, 205–208Network-based vulnerability
scanners, 203–205, 204f,215–217
Network componentsconfiguration and
deployment of, 66–67hardening of (See Hardening)
260 Index
29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 260
Network File System (NFS), 107Network interface cards (NIC)
in IDS architecture, 206in multihomed firewall hosts,
186–187Network perimeter
controlling access at, 151determination of, 79
Network Time Protocol (NTP),158
New Love (Herbie) worm, 40,43, 102, 103
New York Times Web site, 39–40NFS (Network File System), 107NIC (network interface cards),
186–187, 206Nimda virus, xiii, 40NIPC (National Infrastructure
Protection Center), 42–43,223
Nmap, 126, 127, 159, 201–202Nonrepudiation, 33NSA (National Security
Agency), 42, 44NSC (National Security
Council), 44NT File System (NTFS), 180NT systems
configuration files in, 125fixes for, 41hardening of, 176–183local administrator mode in,
122, 123security problems with,
40–41system binaries of, 124
NTBugTraq Web site, 41, 236NTFS (NT File System), 180NTP (Network Time Protocol),
158Null session, 248
OObject Management Group, 12Objectives, business, in
e-security blueprint,145–147, 147f
Offset field, 89Open access
vs. asset protection, 32–33,57–58
impact of, 56–57necessity of, 24
Open Group, 47OpenSSH, 166n, 174–175,
248–249Operating system(s)
hacker identification of, 159hardening of, 159–183kernel of, 249security problems with, 41
Operational controls, 224–225Opportunity management, 31Out-of-band administrative
management, 196, 197fOutlook
JavaScript attacks on, 105worm attacks on, 40, 41, 104
Outlook ExpressJavaScript attacks on, 105Preview Pane of, 103, 104
PPacket sniffers. See SniffersPASSFILT, 181–182Passwords
administration of, 67default settings for, 75in Linux, 164in NT, 180–181for remote access, 196–198in TCP/IP systems, 86tools for cracking, 127in UNIX, 172–173user practices in, 67
Patches, software, 29, 68, 69Perimeter, network
controlling access at, 151determination of, 79
Personnelfor incident response team,
115–117, 116fshortages, 75–77
Phase Zero, 98t
Piggybacking, definition of, 40
Ping, 249Ping of death, 89–90
early use of, 53effects of, 90, 130mechanism of action, 89–90,
90fprotection against, 90, 130
Point security solutionsfunctions of, 24limitations of, 26–27, 58
Point-to-point connections,security for, 152–153
Point-to-Point TunnelingProtocol (PPTP), xvi
Policy, securitybest practices in, 144–145,
148–150documentation of, 80–82flexibility in, 77functions of, 144implementation of, 80–82IT, 147–153, 147fmanagement of, 30
Port(s)predefined purposes for, 87scanning of (See Scanning)vulnerabilities of, 29, 87–89
Portal of Doom, 98tPPTP (Point-to-Point
Tunneling Protocol), xviPresidential Decision Directive
63, 42, 118Privacy
definition of, 23, 33role of, 33, 58–60
Probability, of security event,220, 225–226
Probing tools, 126Product availability inquiry
application, developmentof, 10, 11f
Proxy firewallsaddress hiding by, 50–51and DDoS attacks, 132
Public data networks, 48
Index 261
29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 261
RR services. See RPCsRAM (random-access
memory), 131RDS (Remote Data Services), 69Recovery
after DDoS attack, 141–142team responsible for, 115
Reeezak, xiii–xivReichheld, Frederick F., 31Remote access
administration of, 194–196,197f
architecture for, 194–200challenges caused by, 49, 51,
70firewalls and, 49, 51, 70
Remote-access points, 70Remote Data Services (RDS), 69Remote procedure calls. See
RPCsReno, Janet, 66Replacement utilities, 127Response plan, emergency,
formulation of, 114–117Responsibility, universal, for
e-security, 78Risk
acceptable, 78, 228definition of, 220determination of, 227–228,
227tRisk management, 28–31,
219–228assessment in, 219–220, 228functions of, 30, 219–220process of, 220–228vulnerabilities in, 29
Root access, 97, 249Rootkits, 127Routers
ACL configuration and, 66hardening of, 154–158,
155t–157tRPCs (remote procedure calls)
attacks through, 107–109functions of, 107, 161n
in Linux, 161vulnerabilities of, 107–108,
161Rule base
definition of, 249for firewalls, 88, 186in host system, 203–204
Running services, vulnerabilitiesin, 73–74
SSANS Institute, 214, 229–231SATAN (Security Administrator
Tool for AnalyzingNetworks), 202
Scanning, portby hackers, 29, 88–89, 126host-based, 202–205,
217–218network-based, 203–205,
204f, 215–217in vulnerability assessment,
202–205, 215–218Screened host firewall
architecture, 187–189Screened subnet. See
Demilitarized zonesScript, definition of, 102Script attacks, 101–111
with Brown Orifice, 109–110functions of, 101next generation of, 103–106protection against, 102–103,
110–111through RPC services,
107–109variations on, 102–103
Script Kiddies, 39Scripting, active, 103SCSI (small computer system
interface), 123Secret Service, U.S., 119Secure hash algorithm (SHA-1),
195Secure Shell (SSH), 53
in Linux, 165, 166in UNIX, 174–175
Secure Socket Layer (SSL)protocol, 153
Security Administrator Tool forAnalyzing Networks(SATAN), 202
Security control analysis,224–225
SecurityFocus.com, 208SEI (Software Engineering
Institute), 117Sendmail, 172–173, 249Sendmail restricted shell
(smrsh), 172–173Service-oriented businesses,
supply chains of, 17–18SHA-1 (secure hash algorithm),
195Shadow, 172Shell, 250Signatures, digital
with strong authentication, 60in VPNs, 25
Simple Key Management for IP(SKIP), 53, 55
Simple Network ManagementProtocol. See SNMP
Simple Watcher program, 171Single sign-on (SSO) authenti-
cation, 60, 199–200, 199fSKIP (Simple Key Management
for IP), 53, 55Small computer system
interface (SCSI), 123Smart cards, 198Smrsh (Sendmail restricted
shell), 172–173Smurf bandwidth attack,
135–138effects of, 135–136, 237mechanism of action, 96,
135–136, 237protection from, 136–138
Sniffersdefinition of, 53, 125, 250functions of, 125, 250mechanism of action, 53VPNs and, 54
262 Index
29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 262
SNMP (Simple NetworkManagement Protocol)
router management with, 158vulnerabilities in, 74–75, 87
Softwareclient/server, vulnerabilities
in, 72–75, 74f, 76fmarket for, 5, 6tpatches for, 29, 68, 69
Software Engineering Institute(SEI), 117
SSH (Secure Shell), 53in Linux, 165, 166in UNIX, 174–175
SSL (Secure Socket Layer)protocol, 153
SSO (single sign-on) authenti-cation, 60, 199–200, 199f
Stacheldraht, 94t, 96, 238–239Stock market
e-business stock in, 7–8online trading in, xiv, 14
Strong authenticationbiometrics and, 60components of, 59digital certificates and, 59–60limitations of, 59with open access, 58, 59for remote access, 195–196role of, 58–60single sign-on and, 60in VPNs, 25, 53–54
SubSeven, 98tSun Microsystems. See also
specific productssecurity problems with, xvi
Supply chainsB2B, 18–21e-tail, 15–18risk management and, 28virtual vs. physical, 7, 18
Swatch, 171–172Symantec, 140, 202, 236SYN (synchronize packet)
flood attacks on, 90–91,133–135, 238
land attacks on, 91
SYN-ACK (synchronizedacknowledgment packet),91, 130, 238
SYSKEY, 183System binaries
analysis of, after attack, 124,125, 127–128
tools for protection of,175–176
System boundaries, in riskassessment, 220–221
System Scanner, 141, 202
TTCP/IP
configuration of, 86development of, 85–86implementation weaknesses
in, 89–91security problems with, xvi,
85–92TCP wrappers
definition of, 165in Linux, 165–166in UNIX, 173, 174–175
Teardrop attack, 95Technical security controls,
224TELNET
definition of, 250ingress filtering with, 146with Linux, 165
Terrorist threat sources, 223tTFN (Tribe Flood Network),
93–94, 94t, 239–240TFN2K (Tribe Flood Network
2000), 94t, 95, 240TFTP (Trivial File Transfer
Protocol/service), 250Threats
analysis of, 220, 221–226definition of, 221–222management of, 30sources of, 221–223
Tokens, 198ToolTalk RPC service,
vulnerability in, 108
TooShort, 39Tower Records, 6Toy market, 5, 6, 6tToys-R-Us, 6Traditional retailers,
competition withe-tailers, 6, 6t
Transaction data, 18Tribe Flood Network (TFN),
93–94, 94t, 239–240Tribe Flood Network 2000
(TFN2K), 94t, 95, 240Trin00 (Trinoo), 93, 94t, 95f,
241–243Tripwire, 175–176, 182–183Trivial File Transfer
Protocol/service(TFTP), 250
Trojan horsesvs. backdoor programs,
96–97definition of, 29, 96functions of, 125and system binaries, 124,
125, 127–128Trust, in e-security, 32Trusted Systems Services, 183Two-factor authentication.
See Strong authentication
UUDP (User Datagram protocol),
250UDP flooding, 93, 95f, 138–139,
241–243UNIX
configuration files in,124–125
copying hard drive in, 123hardening of, 167–176,
168t–169tsingle-user mode in, 122,
123system binaries of, 124top vulnerabilities in, 231
User Datagram protocol(UDP), 250
Index 263
29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 263
VValue chains. See Supply chainsVBS (Visual Basic Script), 40,
41, 102Venema, Wietsa, 202Video market, 5, 6, 6tVirtual private networks. See
VPNsVirtual supply chains, vs.
physical supply chains, 7Viruses. See specific virusesVisual Basic Script (VBS), 40,
41, 102VPNs (virtual private networks)
authentication in, 25, 53–54early, 53, 55–56functions of, 24limitations of, 27mechanisms of, 24–25, 53–54standards for, 54–55success of, 54
Vulnerabilitiesassessment of, 200–205,
215–218, 223–224examples of, 29, 213tin IT systems, 212–214management of, 30,
211–218SANS/FBI list of, 229–231types of, 211–212
WWashington Field Office
Infrastructure Protectionand Computer IntrusionSquad (WFO IPCIS),119
Web sites, early, 48White House Web site, 38–39Whois, 138Windows Scripting Host
(WSH), 103, 110
Windows systemshardening of, 235–236top vulnerabilities in, 230
WinNT, 179–180Worms, computer. See also
specific wormscost of, xiiidamage caused by, xiiidefinition of, xiii, 103emergence of, xiii–xivnext generation of,
103–104spread of, 40
WSH (Windows ScriptingHost), 103, 110
YYahoo, DoS attacks on, 14
ZZap2, 127
264 Index
29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 264
top related