Practical UNIX and Internet Security, 3rd Edition

Previous Chapter

Index

Next Chapter

Index

S

S/Key codebook scheme, Codebooks

S/MIME, SMTP: Simple Mail Transfer Protocol (TCP Port 25)

sa command, Process Accounting: The acct/pacct File

sabotage, Authors

saboteurs, Introduction: Some Fundamental Questions (see intruders)

safe shutdown, accounts for, Accounts That Run a Single Command

SafeTP, FTP: File Transfer Protocol (TCP Ports 20 and 21)

Safeware: System Safety and Computers. A Guide to Preventing Accidents and Losses Caused by Technology (Leveson, Nancy G.), Computer-Related Risks

salt, Unix salt–Unix salt

Saltzer, Jerome, Secure Programming Techniques

Samba, Network Filesystems, Configuring the Samba Server, Configuring the Samba Server–Improving Samba Security, Configuring the Samba Server, Samba Server Security–Improving Samba Security, Connecting to the server, User authentication–User authentication, Authorization–Authorization, Data integrity and privacy, Samba Client Security

(see also SMB)
authorization, Authorization–Authorization
client security, Samba Client Security
configuring, Configuring the Samba Server
data integrity, Data integrity and privacy
security and, Samba Server Security–Improving Samba Security
server connections, Connecting to the server
user authentication, User authentication–User authentication

sanitizing media, Sanitizing Media Before Disposal–Sanitizing Printed Media

SANS (Systems Administration and Network Security), SANS Security Alert Consensus, Systems Administration and Network Security (SANS)

SANTA (Security Administrator Network Tool for Analysis), SATAN

SASL (Simple Authentication and Security Layer), Pluggable Authentication Modules (PAM)

SATAN (Security Administrator Tool for Analyzing Networks), Network Scanning, SATAN

savacct file, Process Accounting: The acct/pacct File

saved UIDs, Saved IDs

sbrk() system call, Design Principles

SC Magazine (InfoSecurity News), Security Periodicals

scanf() system call, Things to Avoid

scanners, telephone, Telephone scanning

SCCS (Source Code Control System), Building an Automatic Backup System

Schales, Doug, Tiger

Schiller, Jeffrey, Picking a Random Seed, Picking a Random Seed

Schneier, Bruce, Common Symmetric Key Algorithms, Cryptography Books, General Computer Security

Applied Cryptography: Protocols, Algorithms, and Source Code in C, Cryptography Books
Secrets and Lies: Digital Security in a Networked World, General Computer Security

Schroeder, M. D., Secure Programming Techniques

Schwartz, Randal L. (Learning Perl), Miscellaneous References

scp program, Networking and Unix

screensavers, Screensavers, Screensavers

back doors to, Screensavers
password-protected, Screensavers

script command, logging break-ins with, Rule #2: Document

SE Linux (Security Enhanced Linux), “Secure” Versions of Unix

secrecy, Authentication, data integrity, and secrecy (see confidentiality)

secret key algorithms, Cryptographic Algorithms and Functions (see symmetric key algorithms)

secret keys, Cryptographic Algorithms and Functions, Cryptographic Algorithms and Functions, Proving your identity, Limitations of Secure RPC

Secret Service, U.S., U.S. Secret Service (USSS)

Secrets and Lies: Digital Security in a Networked World (Schneier, Bruce), General Computer Security

Secure European System for Applications in a Multivendor Environment (SESAME), SESAME

secure file, Essential Log Files

Secure Hash Algorithms (SHA), Message Digest Functions

Secure NFS, Use Secure NFS

Secure RPC, Secure RPC (AUTH_DES)–Limitations of Secure RPC, Secure RPC Authentication–Setting the window, Setting the window, Setting Up Secure RPC with NIS–Limitations of Secure RPC, Using Secure RPC, Limitations of Secure RPC, What NIS+ Does, Using NIS+, Understanding NFS

authentication, Secure RPC Authentication–Setting the window
limitations of, Limitations of Secure RPC
logging in/out with, Using Secure RPC
NFS using, Understanding NFS
NIS+ using, What NIS+ Does, Using NIS+
with NIS/NIS+, Setting Up Secure RPC with NIS–Limitations of Secure RPC
and NTP, Setting the window

Secure Shell, SSH: The Secure Shell (TCP Port 22) (see SSH)

Secure Sockets Layer, Systems-based attacks (see SSL)

secure terminals, Secure Terminals: Limiting Where the Superuser Can Log In, Secure Terminals

Secure Tracking of Office Property (STOP), Tagging

secure Unix systems, “Secure” Versions of Unix

SecureID card, Token Cards

securenets file, Unintended Disclosure of Site Information with NIS

securetty file, Secure Terminals: Limiting Where the Superuser Can Log In

security, Preface–Unix “Security”?, Third-Party Security Tools, What Is Computer Security?, What Is an Operating System?, Security and Unix–The Failed P1003.1e/2c Unix Security Standard, Policies and Guidelines–Risk Management Means Common Sense, Types of Security–Types of Security, Have authority commensurate with responsibility, Defend in depth, Outsourcing Options–Final Words on Outsourcing, The Problem with Security Through Obscurity–Responsible Disclosure, Story: A Failed Site Inspection, Secure Programming Techniques, Account Names Revisited: Using Aliases for Increased Security, Discovering a Break-in, Computer Crime, Chapter 3: Policies and Guidelines, Paper Sources–Security Periodicals, Mailing Lists–SANS Security Alert Consensus, Web Sites–NIH, Usenet Groups, Software Resources–wuarchive ftpd, Organizations–Computer Emergency Response Team Coordination Center (CERT/CC)

breaches, responding to, Discovering a Break-in (see break-ins)
design principles for, Secure Programming Techniques
history of, Preface–Unix “Security”?
laws and, Computer Crime (see legal issues)
mailing lists regarding, Mailing Lists–SANS Security Alert Consensus
organizations regarding, Organizations–Computer Emergency Response Team Coordination Center (CERT/CC)
outsourcing, Outsourcing Options–Final Words on Outsourcing
policy of, What Is an Operating System?, Policies and Guidelines–Risk Management Means Common Sense, Chapter 3: Policies and Guidelines
published resources on, Paper Sources–Security Periodicals
responsibility for, Have authority commensurate with responsibility
risks, Story: A Failed Site Inspection (see risks)
simplified in four steps, Defend in depth
software for, Third-Party Security Tools, Software Resources–wuarchive ftpd
through obscurity, The Problem with Security Through Obscurity–Responsible Disclosure, Account Names Revisited: Using Aliases for Increased Security
types of, Types of Security–Types of Security
Unix and, Security and Unix–The Failed P1003.1e/2c Unix Security Standard
Usenet groups regarding, Usenet Groups
web sites regarding, Web Sites–NIH

security account, Alternative contact strategies

Security Administrator Network Tool for Analysis (SANTA), SATAN

Security Administrator Tool for Analyzing Networks, Network Scanning (see SATAN)

Security Alert Consensus mailing list, SANS Security Alert Consensus

Security Engineering (Anderson, Ross), General Computer Security

Security Enhanced Linux (SE Linux), “Secure” Versions of Unix

security experts, shortage of, Outsourcing Options

security holes, Keeping Secrets, Responsible Disclosure, The Problem with the Superuser, An example of a SUID attack: IFS and the /usr/lib/preserve hole

(see also back doors; threats)
preserve program, An example of a SUID attack: IFS and the /usr/lib/preserve hole
reporting, Responsible Disclosure
superuser account, The Problem with the Superuser

Security in Computing (Pfleeger, Charles P.), General Computer Security

security levels, kernel, BSD Kernel Security Levels

security response teams, Response Personnel? (see response teams)

security scanners, Network Scanning

security tools, Programmed Threats: Definitions, Security Scanners and Other Tools, Security Products and Services Information

published resources on, Security Products and Services Information
used as programmed threats, Programmed Threats: Definitions, Security Scanners and Other Tools

sed scripts, Trojan horses in, Trojan horses in mobile code

Seebass, Scott (UNIX System Administration Handbook), Unix Programming and System Administration

seeds, random number, Tips on Generating Random Numbers, Picking a Random Seed–A Good Random Seed Generator

Seger, Karl (Computer Crime: A Crimefighter’s Handbook), Computer Crime and Law

select() system call, The inetd Program

self-destruct sequences, Hardware Bugs

sendmail program, Networking and Unix, Adding authentication to TCP/IP with ident, Startup examples, SMTP: Simple Mail Transfer Protocol (TCP Port 25)–Overall security of Berkeley sendmail versus other MTAs, Configuration files, Configuration files, Configuration files, Security concerns with SMTP banners and commands, Delivery to programs, Overall security of Berkeley sendmail versus other MTAs–Overall security of Berkeley sendmail versus other MTAs, NIS Domains, Alternative contact strategies, Changes to startup files, Back Doors and Trap Doors, .forward, .procmailrc, .forward, .procmailrc, /etc/mail/aliases, aliases.dir, aliases.pag, and aliases.db, /etc/mail/aliases, aliases.dir, aliases.pag, and aliases.db

(see also email)
.forward file, Configuration files, .forward, .procmailrc
aliases, /etc/mail/aliases, aliases.dir, aliases.pag, and aliases.db
back door in, Back Doors and Trap Doors
configuration files, security and, Configuration files
disabling mail delivery to programs, Delivery to programs
DontBlameSendmail option, Configuration files
finding system administrator using, Alternative contact strategies
.forward file, Changes to startup files
options, security, Security concerns with SMTP banners and commands
run as daemon, Startup examples
same Internet/NIS domain, NIS Domains
security problems with, Overall security of Berkeley sendmail versus other MTAs–Overall security of Berkeley sendmail versus other MTAs
startup file attacks, .forward, .procmailrc

sendmail.cf file, Configuration files, Security concerns with SMTP banners and commands

sendmail.mc file, Security concerns with SMTP banners and commands

separation of duties principle, Least Privilege and Separation of Duties

sequence of commands, Design Principles

ser2net program, Monitoring the Intruder

serial interfaces, Serial Interfaces

Serial Line Internet Protocol, Modems and Unix (see SLIP)

serial numbers, logging, Informational material

serial ports, uucp user for, Users and Groups

Server Message Block, Network Filesystems (see SMB)

server statelessness, Understanding NFS

server vulnerability attacks, IP Security

server-side NFS security, Server-Side NFS Security–The showmount Command

servers, What Is a Deployment Environment?, Physical Security for Servers, Clients and Servers, Authentication and DNS, Understanding Unix Internet Servers and Services, Setting up an FTP server–Setting up anonymous FTP with the standard Unix FTP server, Using Xauthority magic cookies, Summary, Summary, NIS Fundamentals, Things to Do, Small Network of Workstations and a Server, Service Overloading–Service Overloading

backing up, Small Network of Workstations and a Server
bringing up securely, Summary
Internet, Understanding Unix Internet Servers and Services (see Internet servers)
load shedding, Things to Do
master/slave, NIS Fundamentals (see NIS)
nameserver, Authentication and DNS (see DNS)
overloading with requests, Service Overloading–Service Overloading
physical security of, Physical Security for Servers (see physical security)
run as root, Summary
setting up for FTP, Setting up an FTP server–Setting up anonymous FTP with the standard Unix FTP server
Xauthority, Using Xauthority magic cookies

service overloading, Service Overloading–Service Overloading

services, Entering your password (see denial of service attacks network services)

services file, TCP, The /etc/services File, The inetd Program

Services table (NIS+), NIS+ Tables and Other Objects

SESAME (Secure European System for Applications in a Multivendor Environment), SESAME

session hijacking, Telnet (TCP Port 23)

session IDs, Other IDs, Process groups and sessions

session keys, Cryptographic Algorithms and Functions, Proving your identity

SETATTR function (RPC), The NFS Protocol

setgid() system call, Other IDs, SUID and SGID, Tips on Writing SUID/SGID Programs

(see also SGID programs)

setlogmask() system call, Unix syslog

setpgrp() system call, Process groups and sessions

setrlimit() system call, Things to Avoid

setsid() system call, Process groups and sessions

setuid file, Real and Effective UIDs with the su Command

setuid() system call, SUID and SGID, Tips on Writing SUID/SGID Programs

(see also SUID programs)

SG (Signal Ground), The RS-232 Serial Protocol

SGID bit, Sticky Bits, SGID and Sticky Bits on Directories, SGID Bit on Files (System V-Derived Unix Only): Mandatory Record Locking, Use chown with caution

clearing with chown command, Use chown with caution
on directories, SGID and Sticky Bits on Directories
on files, SGID Bit on Files (System V-Derived Unix Only): Mandatory Record Locking

SGID permission, chmod: Changing a File’s Permissions

SGID programs, SUID and SGID–Turning Off SUID and SGID in Mounted Filesystems, Problems with SUID, Finding All of the SUID and SGID Files–The Solaris ncheck command, Turning Off SUID and SGID in Mounted Filesystems, Tips on Writing SUID/SGID Programs–Tips on Writing SUID/SGID Programs, New SUID and SGID files

created by intruders, New SUID and SGID files
disabling (turning off), Turning Off SUID and SGID in Mounted Filesystems
finding all files for, Finding All of the SUID and SGID Files–The Solaris ncheck command
security problems with, Problems with SUID
writing, Tips on Writing SUID/SGID Programs–Tips on Writing SUID/SGID Programs

sh (Bourne shell), Conventions Used in This Book, Problems with SUID, An example of a SUID attack: IFS and the /usr/lib/preserve hole, Shell Features

(see also shells)
IFS variable used by, An example of a SUID attack: IFS and the /usr/lib/preserve hole
prompt, Conventions Used in This Book
SUID version of, Problems with SUID

SHA (Secure Hash Algorithms), Message Digest Functions

SHA-1 algorithm, A Good Random Seed Generator

shadow file, The shadow password and master password files, The /etc/passwd File, Which Files to Back Up?, Accounts Without Passwords, Shadow Password Files

shadow passwords, The /etc/passwd File, The shadow password and master password files, Disabling an Account by Changing the Account’s Password, Shadow Password Files

Shamir, Adi, Public Key Algorithms, Cryptography Papers and Other Publications

“A Method for Obtaining Digital Signatures”, Cryptography Papers and Other Publications

share command, Exporting NFS directories under System V: share and dfstab

shared libraries, protecting, Shared Libraries

shared systems, What Is a Deployment Environment?

sharetab file, Exporting NFS directories under System V: share and dfstab

shareware, viruses in, Viruses on the Distribution Disk

SHARITY client, Data integrity and privacy

shell escapes, Accounts That Run a Single Command, Potential problems with restricted shells

shell scripts, SUID, SUID Scripts–An example of a SUID attack: IFS and the /usr/lib/preserve hole

shell service, TCP

shells, The /etc/passwd File, Restricted shells–Potential problems with restricted shells, Changing the Account’s Login Shell, Integrating One-Time Passwords with Unix, Shell History, Trojan horses in mobile code, Shell Features, Creating Processes, Running the User’s Shell

changing for one-time passwords, Integrating One-Time Passwords with Unix
history files, Shell History
in passwd file, The /etc/passwd File
login, changing, Changing the Account’s Login Shell
protecting from attacks, Shell Features
restricted, Restricted shells–Potential problems with restricted shells
running, Running the User’s Shell
Trojan horses in, Trojan horses in mobile code

shells file, Changing the Account’s Login Shell

Shender, Alex, The Virtual Filesystem Interface

Shimomura, Tsutomu (Takedown: The Pursuit and Capture of Kevin Mitnick, America’s Most Wanted Computer Outlaw -- By the Man Who Did it), Understanding the Computer Security “Culture”

Shockwave Rider (Brunner, John), Understanding the Computer Security “Culture”

shoulder surfing, Authenticating with Passwords

showmount command, The showmount Command, Use showmount -e

showrev command, Package-Based Systems

shredders, paper, Sanitizing Printed Media

shutdown command, Accounts That Run a Single Command

shutdowns, Accounts That Run a Single Command, last program, Safely halting the system