Index [ptgmedia.pearsoncmg.com]ptgmedia.pearsoncmg.com/images/020171972X/index/clarkindex.pdf · competition with traditional retailers, 6, 6t empires in, 5–6 failure of ventures

Index

255

AAccess

controlled, 55–60open, 24, 32–33, 56–58

Access control lists (ACLs)configuration of, 66hardening of, 154–155in NT, 179

Accomplice networks, 136–137ACK (acknowledgment), 91ACLs. See Access control listsActive scripting, 103ActiveX controls, 65Advanced Research Project

Agency Network(ARPANET), 45, 85

AIM/ICQ communications, 77Amazon.com

dominance of, 5DoS attacks on, 14expansion of product lines

by, 5–6growth in sales of, 5stock of, 7supply chain of, 17

AOL Instant Messenger/“I seekyou” communications, 77

Applets, security problems with,xvi, 65

Application(s)configuration of, 66–67deployment of, 66–67

development of, 8–12, 9f,68–69

in e-security blueprint, 146mission-critical, on Internet, 56

Architecture, e-security, 185–208firewalls in, 186–194hardening network infra-

structure in, 154–183IDS in, 205–208for remote access, 194–200vulnerability assessment and,

200–205ARPANET (Advanced Research

Project Agency Network),45, 85

Asset protection, vs. open access,32–33, 57–58

Attachments, e-mail, backdoorprograms in, 96, 99

Attacksstrategies for countering,

121–125strategies for surviving,

113–121Attrition.org, 201Authentication. See also Strong

authenticationin e-security blueprint, 153role of, 32, 58–60

Automated command sequences,attacks by, 101–111

Automobile market, 6t

Note: Page numbers followed by the letters f and t indicate figures andtables, respectively.

29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 255

BBack Orifice, 38, 41, 70Back Orifice 2000, 97–99

functions of, 98–99mechanism of action, 38,

98, 98tBackdoor programs, 96–100

definition of, 96detection of, 99elimination of, 99–100examples of, 97–99functions of, 97, 126mechanism of action, 96–97,

101vs. Trojan horses, 96–97

Bandwidth, network, and DDoSattacks, 132–133

Barnes and Nobledominance of, 5growth potential of, 5

Bastille Linux, 167Bastion firewall host archi-

tecture, 187–189Berkeley Internet Name

Domain (BIND), 71, 159,201

Best practicesin e-security architecture, 154in e-security blueprint,

144–145, 148–150Beyond.com, dominance of, 5Binaries, system

analysis of, after attack, 124,125, 127–128

tools for protection of,175–176

BIND (Berkeley Internet NameDomain), 71, 159, 201

Binfo.c script, 201Biometrics authentication, 60Black hats, 38Blockbuster, 6Blueprint, e-security, 143–153,

145fbusiness objectives in,

145–147, 147fdevelopment of, 144–153

Book market, 5, 6tBootP (Bootstrap Protocol), 245British Standards Institute

(BSI), 148–149Broadcasts, directed, 137Brown Orifice, 109–110BS7799 standard, 148–150BSI (British Standards

Institute), 148–149B2B. See Business-to-businessB2C (business-to-consumer).

See E-tailBubble Boy virus, 104Buffer overflows, 107, 245Business-to-business (B2B)

benefits of, 19growth potential of, 4, 18–19supply chain of, 18–21, 20f

Business-to-consumer (B2C).See E-tail

CCA (certificate authority),

59–60Car market, 6tCategory killers, 20–21CDNow

dominance of, 5expansion of product lines

by, 6supply chain of, 17

Central Intelligence Agency(CIA), 43

CERT Coordination Center(CERT/CC)

role in attack response,117–118

sample form for, 233–234services offered by, 214on system binaries, 124on vulnerabilities, 214

Certificate authority (CA),59–60

CGI (Common GatewayInterface), 66, 110

Checkpoint SoftwareTechnologies, 53, 193

CIA (Central IntelligenceAgency), 43

Cisco Systems, 202Clean, 127Client/server software, vulner-

abilities in, 72–75, 74f, 76fClinton, Bill, 42, 118Cloak, 127Code Red virus, xiii, 40Code review, during application

development, 68–69Command sequences, auto-

mated, attacks by, 101–111Common Gateway Interface

(CGI)configuration errors in, 66functions of, 110script attacks with, 110

Common object request brokerarchitecture (CORBA), 12

Common Vulnerabilities andExposures (CVE) database,68, 73, 212

Computer Intrusion squad, 43Computer Oracle and Password

System (COPS), 174, 203Computer Security Institute, 43Confidentiality, definition of,

23, 33Configuration

analysis of, after attack,124–125

errors in, 66–67vulnerabilities in, 66–67, 86,

212Control analysis, 224–225Controlled access,

disappearance of, 55–60Cookies, 105–106COPS (Computer Oracle

and Password System),174, 203

CORBA (commonobject request brokerarchitecture), 12

Countermeasures, 121–125Crack, 127, 172

256 Index

29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 256

Cracker(s)definition of, 39vs. hackers, 36, 37–38and White House Web site, 39

Cracker groups, 39Criminal threat sources, 222,

223tCult of the Dead Cow, 38, 41,

97–98Customer(s)

confidence of, DDoS attacksand, xiv, 92

repeat, 31CVE (Common Vulnerabilities

and Exposures) database,68, 73, 212

CyberCop Scanner, 202

DDaemons, in DDoS attacks,

92–93Data Fellows, 53Data integrity, 23, 33Database Scanner, 202DCOM (distributed component

object model), 12DDoS (distributed denial-of-

service) attacks. See alsospecific types

in 2000, xiv, 14, 92and consumer confidence,

xiv, 92countermeasures during, 122definition of, 92vs. DoS, 92, 129effects of, xiv, 92firewalls and, 130–132, 140IDS for, 139–141IP spoofing in, 91–92mechanism of action, 101,

139–140next generation of, 104protection against, 130–133,

139–141recovery after, 141–142RPC vulnerabilities and, 107tools for, 92–96, 94t, 139

Decision support systems, inrisk management, 30

DeepThroat, 98tDefault settings, vulnerabilities

in, 74–75DefCon, Back Orifice at, 38Defense Department, 42, 44Dell.com, disintermediation in

supply chain of, 17Demilitarized zones (DMZs)

architecture of, 190–193,191f

attacks on, 190early use of, 48private, 191–192, 249public, 191–192restrictions on access in,

192Denial-of-service attacks. See

DoS attacksDepartment(s), independently

operating, 72Department of Defense,

42, 44Department of Justice, 42, 44,

66Deraison, Renaud, 202Digital certificates, 59–60Digital chasm, 12, 13fDigital signatures

with strong authentication,60

in VPNs, 25Directed broadcasts, 137Directory, definition of, 245Disaster recovery, team

responsible for, 115Disintermediation, 16, 17, 18Distributed component object

model (DCOM), 12Distributed denial-of-service

attacks. See DDoS attacksDistributed systems,

recentralization of, 64DMZs. See Demilitarized

zonesDNS, 71

DoS (denial-of-service) attacks,129–142. See also specifictypes

vs. DDoS, 92, 129distributed (See DDoS

attacks)early, 53effects of, 129–133firewalls and, 130with ping of death, 53

Dual-homed hosts, 186–187,188f

EE-business, 3–21

advantages of, xvi, xviiidrivers of, 8, 9fe-security as enabler of,

31–32growth potential for, 3–4nature of, 15–21supply chain of, 7, 15–21, 28

E-mail attachments, backdoorprograms in, 96, 99

E-mail worms, 103E-security

blueprint (functional model)for, 143–183

definition of, xv, 24as enabler of e-business,

31–32essential elements of, 32–33,

80functions of, xv, 24guidelines for, 78–80vs. physical security, 24, 32point solutions and, 24–27principles of, 27–28risk management in, 28–31

E-tail (electronic retail)business systems needed in, 7competition with traditional

retailers, 6, 6tempires in, 5–6failure of ventures in, 7growth potential for, 3–4supply chain in, 15–18, 16f

Index 257

29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 257

E-trade, DDoS attacks on,xiv, 14

EAI (enterprise applicationintegration), 8

eBaydominance of, 5as new market channel, 17supply chain of, 17

Egress filtering, 134–135, 136,246

Electronic retail. See E-tailElectronics market, consumer,

6tEligible Receiver, 42Emergency response plan,

formulation of, 114–117Empires, business, 5–6Encryption

and privacy, 33in remote-access architecture,

195by routers, 157–158by VPNs, 53

Enterprise applicationintegration (EAI), 8

Enterprise risk management,30

Environmental threat sources,222

ESM, 202EvilFTP, 98tExploit, testing by, 215–216Extranets

attacks on, 48–49early use of, 48, 52on public data networks,

48

FFarmer, Dan, 202, 203FAT (file allocation table),

180FBI. See Federal Bureau of

InvestigationsFedCIRC (Federal Computer

Incident ResponseCapability), 119, 223

Federal Bureau of Investigations(FBI)

Computer Intrusion squadof, 43

field offices of, 118–119NIPC of, 42–43role in attack response, 118on top vulnerabilities,

229–231and White House hackers, 39

Federal Computer IncidentResponse Capability(FedCIRC), 119, 223

Federal government, responseto hacker threat, 42–44

File allocation table (FAT), 180File Transfer Protocol. See FTPFinger, definition of, 246Firewall(s), 186–194

ACL configuration and, 66address hiding by, 50–51concentric, 26, 26fand DDoS attacks, 130–132,

140definition of, 246and DoS attacks, 130early use of, 48, 49–51fortified, 130functions of, xv, 24, 49–51hardening of, 193–194with IDS, 140and IP spoofing, 49, 51f, 91limitations of, 27–28, 49, 51load-balanced, 131–132and NAT, 49–50, 52fand perimeter security, 151and ping of death, 130and ports, enablement of,

87–88proxy, 50–51, 132and remote access, 49, 51, 70rule base for, 88, 186statefull inspection, 186and SYN-ACK, 130types of, 186–193vulnerabilities in, 193

Firewall-1, 193, 194

Forum of Incident Responseand Security Teams(FIRST), 44

FTP (File Transfer Protocol)sites

early use of, 48with Linux, 161–165security policies for, 81server isolation for, 81with UNIX, 174

Functional model. See BlueprintFWZ, 53Fyodor, 202

GGateCrasher, 98tGirlFriend, 98tGlobal Hell, 38–39Glossary, 245–250

HHack’a’Tack, 98tHacker(s), 35–44

vs. crackers, 36, 37–38and extranets, 48–49federal response to, 42–44and intranets, 48–49Microsoft targeted by, 35,

40–41motivations of, 36–38, 223tprevalence of attacks by, 35reporting of attacks by, 35tools used by, 41–42

Hacker groups, 38–40Hacking for Girlies (HFG),

39–40Hard drives, copying, 123Hardening, of network infra-

structure, 151, 154–183firewalls in, 193–194Linux in, 159–167, 162t–163tnetwork devices in, 67NT in, 176–183UNIX in, 167–176,

168t–169tWindows in, 235–236

Hardware market, PC, 6t

258 Index

29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 258

Herbie (New Love) worm, 40,43, 102, 103

HFG (Hacking for Girlies),39–40

Hitler, Adolf, 66Host(s)

disconnection of, 122–123expansion of, 70–72multihomed firewall,

186–187, 188f, 189fHost-based intrusion detection

systems, 208Host-based vulnerability

assessment, 202–205,217–218

Hrycaj, Jordan, 202Human capital, shortages of,

75–77Human error and omission,

65–69Human threat sources, 222–223,

223t

IICMP (Internet Control

Message Protocol), 246ICMP echo requests, in Smurf

bandwidth attacks,135–136, 137, 237

IDS. See Intrusion detectionsystems

IEC (InternationalElectrotechnicalCommission), 148, 149

IETF (Internet EngineeringTask Force), 54, 195

IIS (Internet InformationServer), 69

IKE (Internet Key Exchange),54, 195

Impact analysis, 220, 226–227Incident reporting form,

233–234Incident response team (IRT),

115–117, 116fInetd, 246Inetd.conf, 246

Inference methods of testing,215–216

Information technology. See ITInfrastructure, network, hard-

ening of, 67, 151, 154–183Ingress filtering, 146, 247Initial public offerings (IPO), 7Integrity, data, 23, 33In.telnetd, 247Intermediaries, in business

practices, 16, 17, 18Intermediary networks, 137Internal host expansion, 70–72Internal threat sources, 223tInternational Electrotechnical

Commission (IEC), 148,149

International Organization forStandardization (ISO),148, 149

International organizations, forhacker prevention andresponse, 44

Internet, trends in growth of, 4Internet Control Message

Protocol. See ICMPInternet Engineering Task Force

(IETF), 54, 195Internet Explorer, cookies in, 106Internet Information Server

(IIS), 69Internet Key Exchange (IKE),

54, 195Internet Scanner, 140, 202Internet Security Association

and Key ManagementProtocol/Internet KeyExchange (ISAKMP/IKE),54

Internet Security System (ISS),140, 141, 202

Internet service providers(ISPs), role in attackresponse, 117, 138

Intranetsattacks on, 48–49early use of, 48, 52

Intrusion detection systems(IDS), 119–122

architecture for, 205–208,207f

for DDoS attacks, 139–141host-based, 208layering security counter-

measures with, 152limitations of, 205network-based, 205–208signature databases in, 205

Inventory, and supply chains,16, 17

IP addresseshiding of, 50–51NAT and, 49–50, 52fscreening of, in TCP/IP, 86spoofing of (See IP spoofing)

IP fragments, 89IP Security (IPSec), 54–55, 55fIP spoofing, 91–92

firewalls and, 49, 51f, 91ingress filtering and,

146, 247process of, 49, 50fprotection from, 49, 51f,

91–92, 134–135in SYN floods, 133–134, 238TCP/IP vulnerabilities and,

86IPChains, 166–167IPO (initial public

offerings), 7IPSec (IP Security), 54–55, 55fIrk4, 127IRT (incident response team),

115–117, 116fISAKMP/IKE, 54ISO (International

Organization forStandardization),148, 149

ISPs (Internet serviceproviders), role in attackresponse, 117, 138

ISS (Internet Security System),140, 141, 202

Index 259

29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 259

IT security policy, 147–153,147f

best practices in, 148–150corporate policies and, 148,

149fdefinition of, 147development of, 147–148documentation of, 148functional model for,

150–153, 150fIT systems, vulnerability

management in,212–214

JJava, xvi, 65, 247Java 2 Platform Enterprise

Edition (J2EE), 12JavaScript, 247

attacks in, 65, 105–106functions of, 65, 102

Jericho, 201Jerry Seinfeld (TV show), 104John the Ripper (JtR), 127Just-in-time business model,

25–26Justice Department, 42, 44, 66

KKey exchange standards, 54–55

LLaw enforcement, role in attack

response, 118–119Layers of security

IDS in, 152with Linux, 175fwith NT, 182–183, 182fwith UNIX, 175, 175f

Life-cycle security, assessmentof, 151–152

Linux, hardening of, 159–167,162t–163t

Load balancing, 131–132, 135,247–248

Load-balancing algorithm, 248Lockhart, Joe, 39

Log filesanalysis of, after attack, 124,

127, 141–142cleaning tools for, 127for firewalls, 192–193in Linux, 161–164in NT, 178–179in UNIX, 170–172

Love Bug virusdamage caused by, xiii, 40investigation of, 42–43variations of, 102

MMAC (media access control)

addresses, 131, 248Makaveli, 39Management

opportunity, 31risk (See Risk management)of threats, 30of vulnerabilities, 30,

211–218Management controls, 224, 225Market(s)

new channels for, 17, 18trends in, 5–6, 6t

Martin, Brian, 201MD5 (message digest 5), 176,

182–183, 195, 248Media access control (MAC)

addresses, 131, 248Melissa virus, xiii, 42Message digest 5 (MD5), 176,

182–183, 195, 248Microsoft. See also specific

productsattacks on, 35, 40–41security bulletins from, 214security problems with, xvi,

40–41Middlemen, elimination of, 16,

17, 18Middleware, 12, 13fMission-critical applications,

early, on Internet, 56MITRE Corporation, 68

Motorola, 40Multihomed firewall host,

186–187, 188f, 189fMusic market, 5–6, 6t

NNAP (network access point), 248NASA, 40NAT (network address

translation), 49–50, 52fNational Infrastructure

Protection Center (NIPC),42–43, 223

National Security Agency(NSA), 42, 44

National Security Council(NSC), 44

Natural threat sources, 222Nessus, 139, 202Netbus 2.0 Pro (NB2)

functions of, 99mechanism of action, 97–98,

98tNetCat, 248NetRecon, 140, 202, 203Netscape Communicator,

cookies in, 106Netscreen-100, 193Netscreen Technologies, 193NetSonar, 202NetSphere, 98tNetwork access point (NAP),

248Network address translation

(NAT), 49–50, 52fNetwork Associate, 202Network bandwidth, and DDoS

attacks, 132–133Network-based intrusion detec-

tion systems, 205–208Network-based vulnerability

scanners, 203–205, 204f,215–217

Network componentsconfiguration and

deployment of, 66–67hardening of (See Hardening)

260 Index

29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 260

Network File System (NFS), 107Network interface cards (NIC)

in IDS architecture, 206in multihomed firewall hosts,

186–187Network perimeter

controlling access at, 151determination of, 79

Network Time Protocol (NTP),158

New Love (Herbie) worm, 40,43, 102, 103

New York Times Web site, 39–40NFS (Network File System), 107NIC (network interface cards),

186–187, 206Nimda virus, xiii, 40NIPC (National Infrastructure

Protection Center), 42–43,223

Nmap, 126, 127, 159, 201–202Nonrepudiation, 33NSA (National Security

Agency), 42, 44NSC (National Security

Council), 44NT File System (NTFS), 180NT systems

configuration files in, 125fixes for, 41hardening of, 176–183local administrator mode in,

122, 123security problems with,

40–41system binaries of, 124

NTBugTraq Web site, 41, 236NTFS (NT File System), 180NTP (Network Time Protocol),

158Null session, 248

OObject Management Group, 12Objectives, business, in

e-security blueprint,145–147, 147f

Offset field, 89Open access

vs. asset protection, 32–33,57–58

impact of, 56–57necessity of, 24

Open Group, 47OpenSSH, 166n, 174–175,

248–249Operating system(s)

hacker identification of, 159hardening of, 159–183kernel of, 249security problems with, 41

Operational controls, 224–225Opportunity management, 31Out-of-band administrative

management, 196, 197fOutlook

JavaScript attacks on, 105worm attacks on, 40, 41, 104

Outlook ExpressJavaScript attacks on, 105Preview Pane of, 103, 104

PPacket sniffers. See SniffersPASSFILT, 181–182Passwords

administration of, 67default settings for, 75in Linux, 164in NT, 180–181for remote access, 196–198in TCP/IP systems, 86tools for cracking, 127in UNIX, 172–173user practices in, 67

Patches, software, 29, 68, 69Perimeter, network

controlling access at, 151determination of, 79

Personnelfor incident response team,

115–117, 116fshortages, 75–77

Phase Zero, 98t

Piggybacking, definition of, 40

Ping, 249Ping of death, 89–90

early use of, 53effects of, 90, 130mechanism of action, 89–90,

90fprotection against, 90, 130

Point security solutionsfunctions of, 24limitations of, 26–27, 58

Point-to-point connections,security for, 152–153

Point-to-Point TunnelingProtocol (PPTP), xvi

Policy, securitybest practices in, 144–145,

148–150documentation of, 80–82flexibility in, 77functions of, 144implementation of, 80–82IT, 147–153, 147fmanagement of, 30

Port(s)predefined purposes for, 87scanning of (See Scanning)vulnerabilities of, 29, 87–89

Portal of Doom, 98tPPTP (Point-to-Point

Tunneling Protocol), xviPresidential Decision Directive

63, 42, 118Privacy

definition of, 23, 33role of, 33, 58–60

Probability, of security event,220, 225–226

Probing tools, 126Product availability inquiry

application, developmentof, 10, 11f

Proxy firewallsaddress hiding by, 50–51and DDoS attacks, 132

Public data networks, 48

Index 261

29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 261

RR services. See RPCsRAM (random-access

memory), 131RDS (Remote Data Services), 69Recovery

after DDoS attack, 141–142team responsible for, 115

Reeezak, xiii–xivReichheld, Frederick F., 31Remote access

administration of, 194–196,197f

architecture for, 194–200challenges caused by, 49, 51,

70firewalls and, 49, 51, 70

Remote-access points, 70Remote Data Services (RDS), 69Remote procedure calls. See

RPCsReno, Janet, 66Replacement utilities, 127Response plan, emergency,

formulation of, 114–117Responsibility, universal, for

e-security, 78Risk

acceptable, 78, 228definition of, 220determination of, 227–228,

227tRisk management, 28–31,

219–228assessment in, 219–220, 228functions of, 30, 219–220process of, 220–228vulnerabilities in, 29

Root access, 97, 249Rootkits, 127Routers

ACL configuration and, 66hardening of, 154–158,

155t–157tRPCs (remote procedure calls)

attacks through, 107–109functions of, 107, 161n

in Linux, 161vulnerabilities of, 107–108,

161Rule base

definition of, 249for firewalls, 88, 186in host system, 203–204

Running services, vulnerabilitiesin, 73–74

SSANS Institute, 214, 229–231SATAN (Security Administrator

Tool for AnalyzingNetworks), 202

Scanning, portby hackers, 29, 88–89, 126host-based, 202–205,

217–218network-based, 203–205,

204f, 215–217in vulnerability assessment,

202–205, 215–218Screened host firewall

architecture, 187–189Screened subnet. See

Demilitarized zonesScript, definition of, 102Script attacks, 101–111

with Brown Orifice, 109–110functions of, 101next generation of, 103–106protection against, 102–103,

110–111through RPC services,

107–109variations on, 102–103

Script Kiddies, 39Scripting, active, 103SCSI (small computer system

interface), 123Secret Service, U.S., 119Secure hash algorithm (SHA-1),

195Secure Shell (SSH), 53

in Linux, 165, 166in UNIX, 174–175

Secure Socket Layer (SSL)protocol, 153

Security Administrator Tool forAnalyzing Networks(SATAN), 202

Security control analysis,224–225

SecurityFocus.com, 208SEI (Software Engineering

Institute), 117Sendmail, 172–173, 249Sendmail restricted shell

(smrsh), 172–173Service-oriented businesses,

supply chains of, 17–18SHA-1 (secure hash algorithm),

195Shadow, 172Shell, 250Signatures, digital

with strong authentication, 60in VPNs, 25

Simple Key Management for IP(SKIP), 53, 55

Simple Network ManagementProtocol. See SNMP

Simple Watcher program, 171Single sign-on (SSO) authenti-

cation, 60, 199–200, 199fSKIP (Simple Key Management

for IP), 53, 55Small computer system

interface (SCSI), 123Smart cards, 198Smrsh (Sendmail restricted

shell), 172–173Smurf bandwidth attack,

135–138effects of, 135–136, 237mechanism of action, 96,

135–136, 237protection from, 136–138

Sniffersdefinition of, 53, 125, 250functions of, 125, 250mechanism of action, 53VPNs and, 54

262 Index

29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 262

SNMP (Simple NetworkManagement Protocol)

router management with, 158vulnerabilities in, 74–75, 87

Softwareclient/server, vulnerabilities

in, 72–75, 74f, 76fmarket for, 5, 6tpatches for, 29, 68, 69

Software Engineering Institute(SEI), 117

SSH (Secure Shell), 53in Linux, 165, 166in UNIX, 174–175

SSL (Secure Socket Layer)protocol, 153

SSO (single sign-on) authenti-cation, 60, 199–200, 199f

Stacheldraht, 94t, 96, 238–239Stock market

e-business stock in, 7–8online trading in, xiv, 14

Strong authenticationbiometrics and, 60components of, 59digital certificates and, 59–60limitations of, 59with open access, 58, 59for remote access, 195–196role of, 58–60single sign-on and, 60in VPNs, 25, 53–54

SubSeven, 98tSun Microsystems. See also

specific productssecurity problems with, xvi

Supply chainsB2B, 18–21e-tail, 15–18risk management and, 28virtual vs. physical, 7, 18

Swatch, 171–172Symantec, 140, 202, 236SYN (synchronize packet)

flood attacks on, 90–91,133–135, 238

land attacks on, 91

SYN-ACK (synchronizedacknowledgment packet),91, 130, 238

SYSKEY, 183System binaries

analysis of, after attack, 124,125, 127–128

tools for protection of,175–176

System boundaries, in riskassessment, 220–221

System Scanner, 141, 202

TTCP/IP

configuration of, 86development of, 85–86implementation weaknesses

in, 89–91security problems with, xvi,

85–92TCP wrappers

definition of, 165in Linux, 165–166in UNIX, 173, 174–175

Teardrop attack, 95Technical security controls,

224TELNET

definition of, 250ingress filtering with, 146with Linux, 165

Terrorist threat sources, 223tTFN (Tribe Flood Network),

93–94, 94t, 239–240TFN2K (Tribe Flood Network

2000), 94t, 95, 240TFTP (Trivial File Transfer

Protocol/service), 250Threats

analysis of, 220, 221–226definition of, 221–222management of, 30sources of, 221–223

Tokens, 198ToolTalk RPC service,

vulnerability in, 108

TooShort, 39Tower Records, 6Toy market, 5, 6, 6tToys-R-Us, 6Traditional retailers,

competition withe-tailers, 6, 6t

Transaction data, 18Tribe Flood Network (TFN),

93–94, 94t, 239–240Tribe Flood Network 2000

(TFN2K), 94t, 95, 240Trin00 (Trinoo), 93, 94t, 95f,

241–243Tripwire, 175–176, 182–183Trivial File Transfer

Protocol/service(TFTP), 250

Trojan horsesvs. backdoor programs,

96–97definition of, 29, 96functions of, 125and system binaries, 124,

125, 127–128Trust, in e-security, 32Trusted Systems Services, 183Two-factor authentication.

See Strong authentication

UUDP (User Datagram protocol),

250UDP flooding, 93, 95f, 138–139,

241–243UNIX

configuration files in,124–125

copying hard drive in, 123hardening of, 167–176,

168t–169tsingle-user mode in, 122,

123system binaries of, 124top vulnerabilities in, 231

User Datagram protocol(UDP), 250

Index 263

29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 263

VValue chains. See Supply chainsVBS (Visual Basic Script), 40,

41, 102Venema, Wietsa, 202Video market, 5, 6, 6tVirtual private networks. See

VPNsVirtual supply chains, vs.

physical supply chains, 7Viruses. See specific virusesVisual Basic Script (VBS), 40,

41, 102VPNs (virtual private networks)

authentication in, 25, 53–54early, 53, 55–56functions of, 24limitations of, 27mechanisms of, 24–25, 53–54standards for, 54–55success of, 54

Vulnerabilitiesassessment of, 200–205,

215–218, 223–224examples of, 29, 213tin IT systems, 212–214management of, 30,

211–218SANS/FBI list of, 229–231types of, 211–212

WWashington Field Office

Infrastructure Protectionand Computer IntrusionSquad (WFO IPCIS),119

Web sites, early, 48White House Web site, 38–39Whois, 138Windows Scripting Host

(WSH), 103, 110

Windows systemshardening of, 235–236top vulnerabilities in, 230

WinNT, 179–180Worms, computer. See also

specific wormscost of, xiiidamage caused by, xiiidefinition of, xiii, 103emergence of, xiii–xivnext generation of,

103–104spread of, 40

WSH (Windows ScriptingHost), 103, 110

YYahoo, DoS attacks on, 14

ZZap2, 127

264 Index

29028 04 pp. 255-268 r1ah.ps 7/15/02 2:18 PM Page 264