Table of Contents for
Practical UNIX and Internet Security, 3rd Edition

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Practical UNIX and Internet Security, 3rd Edition by Alan Schwartz Published by O'Reilly Media, Inc., 2003
  1. Cover
  2. Practical Unix & Internet Security, 3rd Edition
  3. A Note Regarding Supplemental Files
  4. Preface
  5. Unix “Security”?
  6. Scope of This Book
  7. Which Unix System?
  8. Conventions Used in This Book
  9. Comments and Questions
  10. Acknowledgments
  11. A Note to Would-Be Attackers
  12. I. Computer Security Basics
  13. 1. Introduction: Some Fundamental Questions
  14. What Is Computer Security?
  15. What Is an Operating System?
  16. What Is a Deployment Environment?
  17. Summary
  18. 2. Unix History and Lineage
  19. History of Unix
  20. Security and Unix
  21. Role of This Book
  22. Summary
  23. 3. Policies and Guidelines
  24. Planning Your Security Needs
  25. Risk Assessment
  26. Cost-Benefit Analysis and Best Practices
  27. Policy
  28. Compliance Audits
  29. Outsourcing Options
  30. The Problem with Security Through Obscurity
  31. Summary
  32. II. Security Building Blocks
  33. 4. Users, Passwords, and Authentication
  34. Logging in with Usernames and Passwords
  35. The Care and Feeding of Passwords
  36. How Unix Implements Passwords
  37. Network Account and Authorization Systems
  38. Pluggable Authentication Modules (PAM)
  39. Summary
  40. 5. Users, Groups, and the Superuser
  41. Users and Groups
  42. The Superuser (root)
  43. The su Command: Changing Who You Claim to Be
  44. Restrictions on the Superuser
  45. Summary
  46. 6. Filesystems and Security
  47. Understanding Filesystems
  48. File Attributes and Permissions
  49. chmod: Changing a File’s Permissions
  50. The umask
  51. SUID and SGID
  52. Device Files
  53. Changing a File’s Owner or Group
  54. Summary
  55. 7. Cryptography Basics
  56. Understanding Cryptography
  57. Symmetric Key Algorithms
  58. Public Key Algorithms
  59. Message Digest Functions
  60. Summary
  61. 8. Physical Security for Servers
  62. Planning for the Forgotten Threats
  63. Protecting Computer Hardware
  64. Preventing Theft
  65. Protecting Your Data
  66. Story: A Failed Site Inspection
  67. Summary
  68. 9. Personnel Security
  69. Background Checks
  70. On the Job
  71. Departure
  72. Other People
  73. Summary
  74. III. Network and Internet Security
  75. 10. Modems and Dialup Security
  76. Modems: Theory of Operation
  77. Modems and Security
  78. Modems and Unix
  79. Additional Security for Modems
  80. Summary
  81. 11. TCP/IP Networks
  82. Networking
  83. IP: The Internet Protocol
  84. IP Security
  85. Summary
  86. 12. Securing TCP and UDP Services
  87. Understanding Unix Internet Servers and Services
  88. Controlling Access to Servers
  89. Primary Unix Network Services
  90. Managing Services Securely
  91. Putting It All Together: An Example
  92. Summary
  93. 13. Sun RPC
  94. Remote Procedure Call (RPC)
  95. Secure RPC (AUTH_DES)
  96. Summary
  97. 14. Network-Based Authentication Systems
  98. Sun’s Network Information Service (NIS)
  99. Sun’s NIS+
  100. Kerberos
  101. LDAP
  102. Other Network Authentication Systems
  103. Summary
  104. 15. Network Filesystems
  105. Understanding NFS
  106. Server-Side NFS Security
  107. Client-Side NFS Security
  108. Improving NFS Security
  109. Some Last Comments on NFS
  110. Understanding SMB
  111. Summary
  112. 16. Secure Programming Techniques
  113. One Bug Can Ruin Your Whole Day . . .
  114. Tips on Avoiding Security-Related Bugs
  115. Tips on Writing Network Programs
  116. Tips on Writing SUID/SGID Programs
  117. Using chroot( )
  118. Tips on Using Passwords
  119. Tips on Generating Random Numbers
  120. Summary
  121. IV. Secure Operations
  122. 17. Keeping Up to Date
  123. Software Management Systems
  124. Updating System Software
  125. Summary
  126. 18. Backups
  127. Why Make Backups?
  128. Backing Up System Files
  129. Software for Backups
  130. Summary
  131. 19. Defending Accounts
  132. Dangerous Accounts
  133. Monitoring File Format
  134. Restricting Logins
  135. Managing Dormant Accounts
  136. Protecting the root Account
  137. One-Time Passwords
  138. Administrative Techniques for Conventional Passwords
  139. Intrusion Detection Systems
  140. Summary
  141. 20. Integrity Management
  142. The Need for Integrity
  143. Protecting Integrity
  144. Detecting Changes After the Fact
  145. Integrity-Checking Tools
  146. Summary
  147. 21. Auditing, Logging, and Forensics
  148. Unix Log File Utilities
  149. Process Accounting: The acct/pacct File
  150. Program-Specific Log Files
  151. Designing a Site-Wide Log Policy
  152. Handwritten Logs
  153. Managing Log Files
  154. Unix Forensics
  155. Summary
  156. V. Handling Security Incidents
  157. 22. Discovering a Break-in
  158. Prelude
  159. Discovering an Intruder
  160. Cleaning Up After the Intruder
  161. Case Studies
  162. Summary
  163. 23. Protecting Against Programmed Threats
  164. Programmed Threats: Definitions
  165. Damage
  166. Authors
  167. Entry
  168. Protecting Yourself
  169. Preventing Attacks
  170. Summary
  171. 24. Denial of Service Attacks and Solutions
  172. Types of Attacks
  173. Destructive Attacks
  174. Overload Attacks
  175. Network Denial of Service Attacks
  176. Summary
  177. 25. Computer Crime
  178. Your Legal Options After a Break-in
  179. Criminal Hazards
  180. Criminal Subject Matter
  181. Summary
  182. 26. Who Do You Trust?
  183. Can You Trust Your Computer?
  184. Can You Trust Your Suppliers?
  185. Can You Trust People?
  186. Summary
  187. VI. Appendixes
  188. A. Unix Security Checklist
  189. Preface
  190. Chapter 1: Introduction: Some Fundamental Questions
  191. Chapter 2: Unix History and Lineage
  192. Chapter 3: Policies and Guidelines
  193. Chapter 4: Users, Passwords, and Authentication
  194. Chapter 5: Users, Groups, and the Superuser
  195. Chapter 6: Filesystems and Security
  196. Chapter 7: Cryptography Basics
  197. Chapter 8: Physical Security for Servers
  198. Chapter 9: Personnel Security
  199. Chapter 10: Modems and Dialup Security
  200. Chapter 11: TCP/IP Networks
  201. Chapter 12: Securing TCP and UDP Services
  202. Chapter 13: Sun RPC
  203. Chapter 14: Network-Based Authentication Systems
  204. Chapter 15: Network Filesystems
  205. Chapter 16: Secure Programming Techniques
  206. Chapter 17: Keeping Up to Date
  207. Chapter 18: Backups
  208. Chapter 19: Defending Accounts
  209. Chapter 20: Integrity Management
  210. Chapter 21: Auditing, Logging, and Forensics
  211. Chapter 22: Discovering a Break-In
  212. Chapter 23: Protecting Against Programmed Threats
  213. Chapter 24: Denial of Service Attacks and Solutions
  214. Chapter 25: Computer Crime
  215. Chapter 26: Who Do You Trust?
  216. Appendix A: Unix Security Checklist
  217. Appendix B: Unix Processes
  218. Appendixes C, D, and E: Paper Sources, Electronic Sources, and Organizations
  219. B. Unix Processes
  220. About Processes
  221. Signals
  222. Controlling and Examining Processes
  223. Starting Up Unix and Logging In
  224. C. Paper Sources
  225. Unix Security References
  226. Other Computer References
  227. D. Electronic Resources
  228. Mailing Lists
  229. Web Sites
  230. Usenet Groups
  231. Software Resources
  232. E. Organizations
  233. Professional Organizations
  234. U.S. Government Organizations
  235. Emergency Response Organizations
  236. Index
  237. Index
  238. Index
  239. Index
  240. Index
  241. Index
  242. Index
  243. Index
  244. Index
  245. Index
  246. Index
  247. Index
  248. Index
  249. Index
  250. Index
  251. Index
  252. Index
  253. Index
  254. Index
  255. Index
  256. Index
  257. Index
  258. Index
  259. Index
  260. Index
  261. Index
  262. Index
  263. About the Authors
  264. Colophon
  265. Copyright

N

name service, Name ServiceOther naming services, Authentication and DNSAuthentication and DNS, Using NIS+
security and, Authentication and DNSAuthentication and DNS
switch (NIS, NIS+), Using NIS+
Name Service Caching Daemon (nscd), Using NIS+
named daemon, DNS under Unix
named nameserver, DNS best practices
named user, Users and Groups
named-xfer program, DNS under Unix
named.conf file, DNS under Unix, DNS best practices
nameserver, Authentication and DNS (see DNS)
nameserver attacks, DNS, DNS nameserver attacksDNS nameserver attacks
nameserver service, TCP
namespace, Name Service
National Institute of Standards and Technology (NIST), National Institute of Standards and Technology (NIST)
National Science Foundation Network, The Internet
National Security Agency (NSA), National Security Agency (NSA)
natural disasters, Protecting Computer Hardware (see environmental dangers)
NBT (NetBIOS over TCP/IP), Name service
NcFTPD server, Setting up an FTP server
ncheck command, The Solaris ncheck command, Unauthorized Device Files
needexpnhelo option, sendmail, Security concerns with SMTP banners and commands
needmailhelo option, sendmail, Security concerns with SMTP banners and commands
needvrfyhelo option, sendmail, Security concerns with SMTP banners and commands
Nemeth, Evi (UNIX System Administration Handbook), Unix Programming and System Administration
Nessus security scanner, Network Scanning
NetBIOS over TCP/IP (NBT), Name service
NetBIOS protocol, Adding authentication to TCP/IP with ident
NetBSD, Versions Covered in This Book, Versions Covered in This Book, NetBSD, FreeBSD, and OpenBSD, NetBSD, FreeBSD, and OpenBSD, Second-Generation Commercial Unix Systems, CVS
(see also BSD Unix)
CVS used by, CVS
history of, NetBSD, FreeBSD, and OpenBSD, Second-Generation Commercial Unix Systems
netfilter program, Using a Host-Based Packet Firewall, Using a Host-Based Packet Firewall
netgroup file, NIS Netgroups
Netgroup table (NIS+), NIS+ Tables and Other Objects
netgroups file, Which Files to Back Up?, Changes to the /etc/hosts.equiv file
netgroups, NIS, NIS NetgroupsNIS is confused about “+”
NetInfo, Using Network Authorization Systems, NetInfo, Other naming services
Netmasks table (NIS+), NIS+ Tables and Other Objects
Netnews messages, authentication and, ¡April Fools! authentication and Netnews
.netrc file, Network Setup
Netscape Navigator, random number generator, Picking a Random Seed
netstat command, Monitoring Your Host with netstatLimitation of netstat and lsof, Discovering an Intruder, Monitoring commands, Tracing a Connection
netwall service, UDP
network authentication systems, Unix Wars 2: SVR4 versus OSF/1, Using Network Authorization SystemsLDAP, Using Network Authorization Systems, Using Network Authorization Systems, Using Network Authorization Systems, Using Network Authorization Systems, Using Network Authorization Systems, Using Network Authorization Systems, Viewing Accounts in the Network Database, NIS and NIS+, Kerboros DCE, NetInfo, RADIUS, LDAP, Caller-ID and Automatic Number Identification, Networking and Unix, Other naming services, Other naming services, Other naming services, Sun RPC, Remote Procedure Call (RPC), Network-Based Authentication Systems, Sun’s Network Information Service (NIS)Unintended Disclosure of Site Information with NIS, Sun’s NIS+NIS+ Limitations, KerberosKerberos Limitations, LDAPSetting up the LDAP clients, DCE, SESAME, Codebooks, Codebooks, Kerberos
(see also PAM)
DCE, Unix Wars 2: SVR4 versus OSF/1, Kerboros DCE, Other naming services, Remote Procedure Call (RPC), DCE, Codebooks
Kerberos, Using Network Authorization Systems, KerberosKerberos Limitations, Codebooks, Kerberos
LDAP, Using Network Authorization Systems, LDAP, Networking and Unix, LDAPSetting up the LDAP clients
NetInfo, Using Network Authorization Systems, NetInfo, Other naming services
NIS, Using Network Authorization Systems, Viewing Accounts in the Network Database, Sun RPC, Sun’s Network Information Service (NIS)Unintended Disclosure of Site Information with NIS
NIS+, NIS and NIS+, Other naming services, Sun’s NIS+NIS+ Limitations
RADIUS, Using Network Authorization Systems, RADIUS, Caller-ID and Automatic Number Identification
requirements for, Network-Based Authentication Systems
SESAME, SESAME
network cables, Lightning, Fiber optic cable, Destructive Attacks
cutting, as destructive attack, Destructive Attacks
fiber optic, Fiber optic cable
routing of, Lightning
network connections, Other Contingencies, Eavesdropping over local area networks (Ethernet and twisted pairs)
eavesdropping on, Eavesdropping over local area networks (Ethernet and twisted pairs)
loss of, Other Contingencies
Network Filesystem, Networking and Unix (see NFS)
network filesystems, Understanding Filesystems, Turning Off SUID and SGID in Mounted Filesystems, Network Filesystems
(see also NFS; SMB)
remote, mounted, Turning Off SUID and SGID in Mounted Filesystems
network forensics analysis tools (NFATs), Preserving the Evidence
Network Information Service, Sun’s Network Information Service (NIS) (see NIS)
Network News Transport Protocol (NNTP), NNTP: Network News Transport Protocol (TCP Port 119)
network providers, trusting, Network Providers That Network Too Well
Network Security: Private Communications in a Public World (Kaufman, Charles; Perlman, Radia; Speciner, Mike), Network Technology and Security
network servers, Understanding Unix Internet Servers and Services (see Internet servers)
network services, Networking and Unix, Networking and Unix, Networking and Unix, TCPUDP, TCP, TCP, TCP, TCP, TCP, TCP, TCP, TCP, TCP, UDP, UDP, UDP, UDP, Improving AuthenticationAdding authentication to TCP/IP with ident, The /etc/services FilePorts cannot be trusted, The inetd ProgramThe inetd Program, Primary Unix Network Services, Primary Unix Network Services, echo and chargen (TCP and UDP Ports 7 and 19), echo and chargen (TCP and UDP Ports 7 and 19), systat (TCP Port 11), SSH: The Secure Shell (TCP Port 22)Client authentication with SSH, Telnet (TCP Port 23), SMTP: Simple Mail Transfer Protocol (TCP Port 25), TACACS and TACACS+ (UDP Port 49), Domain Name System (DNS) (TCP and UDP Port 53), Domain Name System (DNS) (TCP and UDP Port 53), Domain Name System (DNS) (TCP and UDP Port 53), BOOTP: Bootstrap Protocol, and DHCP: Dynamic Host Configuration Protocol (UDP Ports 67 and 68), BOOTP: Bootstrap Protocol, and DHCP: Dynamic Host Configuration Protocol (UDP Ports 67 and 68), TFTP: Trivial File Transfer Protocol (UDP Port 69), finger (TCP Port 79)Disabling finger, POP, POPS: Post Office Protocol, and IMAP, IMAPS: Internet Message Access Protocol (TCP Ports 109, 110, 143, 993, 995), Sun RPC’s portmapper (UDP and TCP Ports 111), Identification Protocol (TCP Port 113), NNTP: Network News Transport Protocol (TCP Port 119), NTP: Network Time Protocol (UDP Port 123)An NTP example, SNMP: Simple Network Management Protocol (UDP Ports 161 and 162), rexec (TCP Port 512), rlogin and rsh (TCP Ports 513 and 514)/etc/hosts.lpd file, rlogin and rsh (TCP Ports 513 and 514)/etc/hosts.lpd file, The X Window System (TCP Ports 6000-6063)Tunneling X with SSH, RPC rpc.rexd (TCP Port 512), Managing Services SecurelyMonitoring Your Network with tcpdump, Network-Based Authentication Systems, Tips on Writing Network ProgramsThings to Avoid, Logging Network Services, New network services, Back Doors and Trap Doors
auth Identification Protocol, TCP, Identification Protocol (TCP Port 113)
authentication for, Improving AuthenticationAdding authentication to TCP/IP with ident
back doors in, Back Doors and Trap Doors
BOOTP protocol, BOOTP: Bootstrap Protocol, and DHCP: Dynamic Host Configuration Protocol (UDP Ports 67 and 68)
chargen service, TCP, UDP, echo and chargen (TCP and UDP Ports 7 and 19)
created by intruders, New network services
DHCP protocol, BOOTP: Bootstrap Protocol, and DHCP: Dynamic Host Configuration Protocol (UDP Ports 67 and 68)
disabling, Primary Unix Network Services
DNS, Domain Name System (DNS) (TCP and UDP Port 53) (see DNS)
echo service, TCP, UDP, echo and chargen (TCP and UDP Ports 7 and 19)
in /etc/services file, The /etc/services FilePorts cannot be trusted
finger program, TCP, finger (TCP Port 79)Disabling finger
FTP, TCP (see FTP)
HTTP, TCP (see HTTP)
inetd program handling, The inetd ProgramThe inetd Program
list of, Networking and Unix, TCPUDP
logging, Logging Network Services
monitoring, Managing Services SecurelyMonitoring Your Network with tcpdump
NNTP, NNTP: Network News Transport Protocol (TCP Port 119) (see NNTP)
NTP, UDP, NTP: Network Time Protocol (UDP Port 123)An NTP example
POP, POP, POPS: Post Office Protocol, and IMAP, IMAPS: Internet Message Access Protocol (TCP Ports 109, 110, 143, 993, 995) (see POP)
programming, Tips on Writing Network ProgramsThings to Avoid
rexec, rexec (TCP Port 512)
rlogin, rlogin and rsh (TCP Ports 513 and 514)/etc/hosts.lpd file
rpc.rexd, RPC rpc.rexd (TCP Port 512)
RPC’s portmapper, UDP, Sun RPC’s portmapper (UDP and TCP Ports 111)
rsh, TCP, rlogin and rsh (TCP Ports 513 and 514)/etc/hosts.lpd file
securing, Network-Based Authentication Systems
security risks of, Primary Unix Network Services
SMTP, SMTP: Simple Mail Transfer Protocol (TCP Port 25) (see SMTP)
SNMP, SNMP: Simple Network Management Protocol (UDP Ports 161 and 162) (see SNMP)
SSH, Networking and Unix, TCP, SSH: The Secure Shell (TCP Port 22)Client authentication with SSH
systat service, systat (TCP Port 11)
TACACS and TACACS+, TACACS and TACACS+ (UDP Port 49)
TCP protocol, Domain Name System (DNS) (TCP and UDP Port 53)
Telnet, Networking and Unix, TCP, Telnet (TCP Port 23)
TFTP, TFTP: Trivial File Transfer Protocol (UDP Port 69) (see TFTP)
UDP protocol, Domain Name System (DNS) (TCP and UDP Port 53)
X Window System, The X Window System (TCP Ports 6000-6063)Tunneling X with SSH
Network Time Protocol, NTP: Network Time Protocol (UDP Port 123) (see NTP)
network weaving, Who’s on the Internet?
network-based IDS (NIDS), Intrusion Detection Systems
networks, Add-on Functionality Breeds Problems, What the Superuser Can Do, Network cables, Network connectors, TCP/IP Networks, Networking, Networking, Networking, The Internet, The Internet, The Internet, Networking and Unix, IP: The Internet Protocol, IP networks, IP networks, IP Security, Network ScanningNetwork Scanning, Small Network of Workstations and a ServerRetention schedule, Trusted path, Using syslog in a networked environment, Logging across the network, Network Setup, Preserving the Evidence, Network Denial of Service AttacksPing of Death and Other Malformed Traffic Attacks, Service OverloadingService Overloading, Service Overloading, Message FloodingMessage Flooding, Signal Grounding and Jamming, Signal Grounding and Jamming, Clogging (SYN Flood Attacks), Ping of Death and Other Malformed Traffic Attacks, Criminal HazardsCriminal Hazards, Chapter 11: TCP/IP NetworksChapter 12: Securing TCP and UDP Services, Chapter 14: Network-Based Authentication Systems, Network Technology and Security
ARPANET, The Internet
backing up, Small Network of Workstations and a ServerRetention schedule
cables for, Network cables
clogging (SYN flood attacks), Clogging (SYN Flood Attacks)
compromised, risks of being prosecuted for, Criminal HazardsCriminal Hazards
configuration files, Network Setup
connectors for, Network connectors
denial of service attacks on, Network Denial of Service AttacksPing of Death and Other Malformed Traffic Attacks
disabling physically, Signal Grounding and Jamming
forensics analysis tools (NFATs) for, Preserving the Evidence
Internet, The Internet
IP, IP networks, IP networks
(see also TCP/IP networks)
LANs, Networking (see LANs)
logging across, Logging across the network
MANs, Networking (see MANs)
message flooding attacks on, Message FloodingMessage Flooding
NFSNET, The Internet
packet-switching, IP: The Internet Protocol
partitioning, Service Overloading
ping of death attacks on, Ping of Death and Other Malformed Traffic Attacks
published resources on, Network Technology and Security
scanning, Network ScanningNetwork Scanning
security and, Add-on Functionality Breeds Problems
security checklist for, Chapter 11: TCP/IP NetworksChapter 12: Securing TCP and UDP Services, Chapter 14: Network-Based Authentication Systems
service overloading attacks on, Service OverloadingService Overloading
sniffers, IP Security
spoofed connection, Trusted path
superuser control of, What the Superuser Can Do
syslog facility and, Using syslog in a networked environment
TCP/IP, TCP/IP Networks (see TCP/IP networks)
WANs, Networking (see WANs)
wireless, jamming, Signal Grounding and Jamming
Networks table (NIS+), NIS+ Tables and Other Objects
Neumann, Peter G., Multics: The Unix Prototype, Computer-Related Risks
Computer Related Risks, Computer-Related Risks
Neuromancer (Gibson, William), Understanding the Computer Security “Culture”
The New Kornshell Command and Programmang Language (Bolsky, Morris I. and Korn, David G.), Unix Programming and System Administration
newgrp command, The /etc/group file
newkey command, Creating passwords for users, When a user’s passwords don’t match
news, NNTP: Network News Transport Protocol (TCP Port 119) (see Usenet)
news user, Users and Groups
newsyslog program, Rotating Logs with newsyslogRotating Logs with newsyslog
newsyslog.conf file, Rotating Logs with newsyslog
.nexrc file, .exrc, .nexrc
NFATs (network forensics analysis tools), Preserving the Evidence
NFS (Network Filesystem), File Permissions, Finding All of the SUID and SGID Files, Networking and Unix, Sun RPC, Sun RPC, Network Filesystems, Understanding NFSNFS Version 3, Understanding NFS, NFS History, NFS History, NFS History, NFS History, File Handles, The MOUNT ProtocolThe MOUNT Protocol, The NFS ProtocolNFS and root, NFS Version 3NFS Version 3, NFS Version 3, Server-Side NFS SecurityThe showmount Command, Limiting Client Access: /etc/exports and /etc/dfs/dfstabExporting NFS directories under System V: share and dfstab, Exporting NFS directories under System V: share and dfstab, The showmount Command, Client-Side NFS Security, Improving NFS SecurityUse Secure NFS, Limit Exported and Mounted FilesystemsThe example explained, Limit Exported and Mounted FilesystemsThe example explained, Export Read-Only, Use Root Ownership, Use Root Ownership, Remove Group-Write Permission for Files and Directories, Do Not Export Server Executables, Do Not Export Home Directories, Use fsirand, Set the portmon Variable, Use showmount -e, Use Secure NFS, Well-Known Bugs, For Real Security, Don’t Use NFS, Setting up the chroot( ) environment, Changes to the /etc/hosts.equiv file, Issues with NFS, Group-writable files, Group-writable files, Chapter 15: Network Filesystems
(see also RPC)
bugs in, Well-Known Bugs
client access, limiting, Limiting Client Access: /etc/exports and /etc/dfs/dfstabExporting NFS directories under System V: share and dfstab
client-side security, Client-Side NFS Security
exported filesystems, limiting, Limit Exported and Mounted FilesystemsThe example explained
exporting filesystems read-only, Export Read-Only
exporting home directories, Do Not Export Home Directories
exporting sensitive files with, Issues with NFS
exporting server executables, Do Not Export Server Executables
file handles, File Handles
file permissions, File Permissions
find command on, Finding All of the SUID and SGID Files
fsirand program and, Use fsirand
group write permission for files, Remove Group-Write Permission for Files and Directories
history of, NFS History
intruders compromising, Changes to the /etc/hosts.equiv file
listing clients who have mounted directories, The showmount Command
listing export lists, Use showmount -e
-local option, Group-writable files
MOUNT protocol and, The MOUNT ProtocolThe MOUNT Protocol
mounted filesystems, limiting, Limit Exported and Mounted FilesystemsThe example explained
NFS protocol and, The NFS ProtocolNFS and root
portmon variable and, Set the portmon Variable
protection mode for files, Use Root Ownership
reasons not to use, For Real Security, Don’t Use NFS
restricted filesystems mounted within, Setting up the chroot( ) environment
Secure NFS, Use Secure NFS
security checklist for, Chapter 15: Network Filesystems
security of, Understanding NFS, Improving NFS SecurityUse Secure NFS
server-side security, Server-Side NFS SecurityThe showmount Command
superuser ownership of files, Use Root Ownership
TCP links and, NFS Version 3
Version 3, NFS History, NFS Version 3NFS Version 3
Version 4, NFS History
versions of, NFS History
WebNFS, Exporting NFS directories under System V: share and dfstab
-xdev option, Group-writable files
NFS protocol, The NFS ProtocolNFS and root, How NFS creates a reliable filesystem from a best-effort protocol, Hard, soft, and spongy mounts, Connectionless and stateless, Connectionless and stateless, NFS and root
connectionless servers and, Connectionless and stateless
mounting filesystems with, Hard, soft, and spongy mounts
reliability of, How NFS creates a reliable filesystem from a best-effort protocol
stateless servers and, Connectionless and stateless
superuser and, NFS and root
NFS service, TCP, UDP
nice command, CPU overload attacks
nice number of processes, Process priority and nicenessProcess priority and niceness
NIDS (network-based IDS), Intrusion Detection Systems
nidump command, NetInfo
NIH web site, NIH
NIS (Network Information Service), Changing your password, Using Network Authorization Systems, Viewing Accounts in the Network Database, UDP, Other naming services, Sun RPC, Proving your identity, Setting Up Secure RPC with NISLimitations of Secure RPC, Sun’s Network Information Service (NIS)Unintended Disclosure of Site Information with NIS, NIS Fundamentals, NIS Fundamentals, NIS Fundamentals, Including or excluding specific accounts, Importing accounts without really importing accounts, NIS Domains, NIS NetgroupsNIS is confused about “+”, Using netgroups to limit the importing of accounts, Limitations of NIS, Spoofing NIS, NIS is confused about “+”, Unintended Disclosure of Site Information with NIS, Using NIS+, Changes to the /etc/hosts.equiv file, Other files
accounts, Including or excluding specific accounts, Importing accounts without really importing accounts, Using netgroups to limit the importing of accounts
importing, Importing accounts without really importing accounts, Using netgroups to limit the importing of accounts
including and excluding, Including or excluding specific accounts
changing passwords, Changing your password
clients, NIS Fundamentals
domains, NIS Domains
intruders compromising, Changes to the /etc/hosts.equiv file
limitations of, Limitations of NIS
maps, NIS Fundamentals
name service switch, Using NIS+
netgroups, NIS NetgroupsNIS is confused about “+”
plus sign (+) in files, NIS Fundamentals, NIS is confused about “+”
protecting database and commands, Other files
secret keys and, Proving your identity
Secure RPC with, Setting Up Secure RPC with NISLimitations of Secure RPC
spoofing, Spoofing NIS
UDP, UDP
unintended information disclosure with, Unintended Disclosure of Site Information with NIS
Yellow Pages, Other naming services
NIS+, Changing your password, NIS and NIS+, Other naming services, Proving your identity, Setting Up Secure RPC with NISLimitations of Secure RPC, Sun’s NIS+NIS+ Limitations, Using NIS+, Using NIS+, Changing your password, NIS+ Limitations, NIS+ Limitations, NIS+ Limitations, NIS+ Limitations, Other files
access control for objects, Using NIS+, NIS+ Limitations
changing passwords, Changing your password
limitations of, NIS+ Limitations
name service switch, Using NIS+
passwords, Changing your password
protecting database and commands, Other files
running in NIS compatibility mode, NIS+ Limitations
secret keys and, Proving your identity
Secure RPC with, Setting Up Secure RPC with NISLimitations of Secure RPC
security levels of, NIS+ Limitations
nisaddcred command, Proving your identity
niscat command, NIS and NIS+
nischown command, Using NIS+
nispasswd command, Changing your password, Using NIS+, Changing your password, Assigning Passwords to Users
NIST (National Institute of Standards and Technology), National Institute of Standards and Technology (NIST)
NIST CSRC web site, NIST CSRC
nmap network-mapping tools, Network Scanning, Security Scanners and Other Tools, nmap
NNTP (Network News Transport Protocol), TCP, NNTP: Network News Transport Protocol (TCP Port 119)
nobody user, Users and Groups, Creating passwords for users
nobody variable, NFS and root
noexpn option, sendmail, Security concerns with SMTP banners and commands
nonce, Things to Avoid
nosuid, Back Doors and Trap Doors
noverb option, sendmail, Security concerns with SMTP banners and commands
novrfy (sendmail), Security concerns with SMTP banners and commands
npasswd package, Constraining Passwords
NPROC variable, Recovering from too many processes
NSA (National Security Agency), Key Length with Symmetric Key Algorithms, National Security Agency (NSA)
nscd (Name Service Caching Daemon), Using NIS+
nsswitch.conf file, Using NIS+
nss_ldap, nss_ldap, Configuring Authentication with nss_ldapSetting up the LDAP clients
ntalk service, UDP
NTFS filesystem, The Virtual Filesystem Interface
NTP (Network Time Protocol), UDP, NTP: Network Time Protocol (UDP Port 123)An NTP example, Setting the window
ntpd daemon, Networking and Unix, NTP: Network Time Protocol (UDP Port 123)
ntpdate command, Networking and Unix, NTP: Network Time Protocol (UDP Port 123)
null device, Device Files
null modem adapter, The RS-232 Serial Protocol
null modem cable, The RS-232 Serial Protocol
NULL request, The MOUNT Protocol
“The Number Field Sieve” (Lenstra, A. K.; Lenstra, H. W., Jr.; Manasse, M. S.; Pollard, J. M.), Cryptography Papers and Other Publications