Network Services Security

• Network Security Threats
  • Generic Description of Threats
    • Impersonating a User or System
    • Eavesdropping
    • Denial of Service
    • Packet Replay
    • Packet Modification
  • Threats Associated With Common Network Access Procedures
    • Telnet
    • File Transfer Protocol
    • Trivial File Transfer Protocol
    • Mail
    • Unix-to-Unix Copy System
    • rlogin, rsh, and rcp
    • Commands Revealing User Information
      • finger
      • rexec
      • rwho, rusers, netstat, and systat
    • Distributed File Systems
      • Network File System (NFS) Threats
      • File Permissions
      • Remote File Sharing (RFS)
    • Network Information Service
• Improving Security in a Network Environment
  • Administering Standalone Versus Networked Systems
  • Improving Security of Common Network Access Procedures
    • The ``r'' Commands Versus telnet/ftp
    • Improving the Security of FTP
    • Improving the Security of TFTP
    • Improving the Security of Mail Services
    • Improving the Security of UUCP
    • Improving the Security of finger
    • Improving the Security of the ``r'' Commands
      • Administering Trusted Users and Hosts
      • Protecting Against Impersonation Using the ``r'' Commands
    • Improving the Security of NFS
      • Exporting Files
      • Protecting Against Impersonation Using NFS
      • Secure NFS
    • Improving the Security of RFS
    • Improving the Security of NIS
  • Improving Network Security By Means of Secure Gateways (or Firewalls)
    • Introduction to Firewalls
    • Firewall Components
      • Packet Filtering
      • Which Protocols to Filter
      • Examples of Packet Filtering
      • Alternatives to Packet Filtering
      • Logging and Detection of Suspicious Activity
      • Application Gateways
      • Examples of Firewalls
    • Special Considerations With Firewalls
    • The Role of Security Policy in Firewall Administration
  • Robust Authentication Procedures
    • Identification and Authentication
    • Distributed System Authentication
    • The Need: Identity Authentication
    • Properties of Distributed Athentication Systems
      • The Protocol Used to Verify the Authentication
      • The Principals
      • The Areas of the Network Where Trust is Placed
      • The Areas of the Network Where Secrets are Kept
      • The Key Generation and Distribution Models Used
      • The Composition of the Ticket/Certificate
    • Kerberos
      • The Protocol Used to Verify the Authentication
      • The Principals
      • The Areas of the Network Where Trust is Placed
      • The Areas of the Network Where Secrets are Kept
      • The Key Generation and Distribution Model Used
      • The Composition of the Ticket/Certificate
    • Secure RPC
      • The Protocol Used to Verify the Authentication
      • The Principals
      • The Areas of the Network Where Trust is Placed
      • The Areas of the Network Where Secrets are Kept
      • Key Generation and Distribution Model Used
      • The Composition of the Ticket/Certificate
    • Concerns with Kerberos and Secure RPC
      • Secure RPC
      • Kerberos
  • Using Robust Authentication Methods
    • Example Scenario
    • Scenario Implementation
      • SunOS 4.x Secure RPC
      • Solaris 2.x Secure RPC
      • Solaris 2.x Kerberos
      • Kerberos from MIT
  • Network Security and POSIX.6/POSIX.8
    • POSIX.8 - Transparent File Access
    • P1003.6 - Security Extensions
    • Issues of Using P1003.6 and P1003.8 in the Same Environment
• X.400 Message Handling Services
  • Introduction  
  • Cryptography Overview  
    • Symmetric Key Cryptography  
      • Secret Key Distribution 
    • Asymmetric Key Cryptography  
      • Digital Signatures  
      • Public Key Distribution  
    • Using Public-Key Cryptography for Secret Key Distribution 
  • X.400 Overview  
    • Functional Model  
    • Message Structure  
    • Delivery Reporting  
  • Vulnerabilities  
  • Security-relevant Data Structures  
    • Security Label  
    • Asymmetric Token  
    • Public Key Certificates  
  • X.400 Services  
    • Message Security Labelling  
    • Secure Access Management  
      • Peer Entity Authentication  
      • Security Context  
    • Origin Authentication  
      • Message Origin Authentication  
      • Report Origin Authentication  
      • Proof of Submission  
      • Proof of Delivery  
    • Data Integrity  
      • Content Integrity  
      • Message Sequence Integrity  
    • Data Confidentiality  
      • Content Confidentiality  
      • Message Flow Confidentiality  
    • Non-repudiation  
    • Security Management  
  • X.400 Security Limitations  
• X.500 Directory Services
  • Introduction to X.500
    • The Information Model
    • Model of the Directory as a Distributed Database System
  • Policy Aspects Supported by X.500 Access Control
    • Scenarios Involving a Single Authority
      • Disclosure Policy
      • Controlling Disclosure of Distinguished Names
      • Modification Policy
      • A Note on Security-Error
      • Encoding Policy in an ACL
      • Hybrid Orientations
      • A Preview of Multiple Authority Scenarios
      • Use of Authentication Service by Access Control
    • Scenarios Involving Multiple Authorities
      • Multiple Security Authorities
      • Relationship Between Security Authority and Schema Authority
    • The Hazards of Data Caching
    • Policy Aspects That Are Not Supported