Linux Security Cookbook [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Linux Security Cookbook [Electronic resources] - نسخه متنی

Daniel J. Barrett, Robert G. Byrnes, Richard Silverman

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید

[SYMBOL]
[A]
[B]
[C]
[D]
[E]
[F]
[G]
[H]
[I]
[J]
[K]
[L]
[M]
[N]
[O]
[P]
[Q]
[R]
[S]
[T]
[U]
[V]
[W]
[X]

tar utility

bundling files into single file and encrypting the tarball

encrypted backups, creating with gpg

encrypting all files in directory

TCP

enabling/disabling service invocation by inetd

IPID Sequence tests and, measuring vulnerability to forged connections

pings for host discovery, use by nmap

preventing service invocation by xinetd

reassembling streams with libnids

redirection of connections with SSH tunneling

restricting access by remote hosts (inetd)

restricting access by remote hosts (xinetd)

restricting access by remote users

RST packets for blocked ports, returned by firewall

slowing or killing connections, simulation with dsniff

stream reassembly with libnids

testing for open port

testing port by trying to connect with Telnet

tunneling session through SSH

TCP-wrappers

controlling incoming access by particular hosts or domains

sshd, built-in support for

TCP/IP connections

DROP vs. REJECT

rejecting TCP packets that initiate connections

tcpd

restricting access by remote hosts

using with xinetd

using with inetd to restrict remote host access

tcpdump (packet sniffer)

-i any options, using ifconfig before

-i option (to listen on a specific interface)

-r option, reading/displaying network trace data

-w option (saving packets to file)

libcap (packet capture library)

payload display

printing information about nmap port scan

selecting specific packets with capture filter expression

snapshot length

verifying secure mail traffic

tcsh shell

terminating SSH agent on logout

TCT (The CoronerÕs Toolkit)

tee command

Telnet

access control

blocking all outgoing connections

restricting access by time of day

restricting for remote hosts (xinetd with libwrap)

disabling/enabling invocation by xinetd

Kerberos authentication with PAM

Kerberos authentication, using with

passwords captured from sessions with dsniff

security risks of

testing TCP port by trying to connect

telnetd, configuring to require strong authentication

terminals

Linux recording of for each user

preventing superuser (root) from logging in via

testing systems for security holes
[See monitoring systems for suspicious activity]

tethereal

text editors, using encryption features for email

text-based certificate format
[See PEM format]

Thawte (Certifying Authority)

threading, listing for new service in inetd.conf

tickets, Kerberos

for IMAP on the mail server

SSH client, obtaining for

ticks

time of day, restricting service access by

timestamps

recorded by system logger for each message

in Snort filenames

sorting log files by

verifying for RPM-installed files

TLS (Transport Layer Security)
[See SSL]

tracing network system calls

Transport Layer Security (TLS)
[See SSL]

Tripwire

checking Windows VFAT filesystems

configuration

database

adding files to

excluding files from

updating to ignore discrepancies

displaying policy and configuration

download site for latest version

download sites

highly secure integrity checks

integrity check

integrity checking, basic

manual integrity checks, using instead of

policy

policy and configuration, modifying

printing latest report

protecting files against attacks

read-only integrity checks

remote integrity checking

RPM-installed files, verifying

setting up

twinstall.sh script

using rsync instead of

weaknesses

Trojan horses

checking for with chkrootkit

planted in commonly-used software packages

trust, web of

trusted certificates

trusted public keys (GnuPG)

trusted-host authentication

canonical hostname, finding for client

implications of

strong trust of client host

weak authorization controls

tty item (PAM)

tunneling

TCP session through SSH

transferring your email from another ISP with SSH

twcfg.txt file

twinstall.sh script (Tripwire)

twpol.txt file

twprint program

/ 247