Book Home

Search | Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Index: P

pacct file : 10.2. The acct/pacct Process Accounting File
pack program : 6.6.1.2. Ways of improving the security of crypt
packet sniffing : 16.3.1. Link-level Security
packet-switching networks : 16.2. IPv4: The Internet Protocol Version 4
packets : (see IP packets)
paper
backups on : 24.5.1. Never Trust Anything Except Hardcopy
copies : 7.3.2. Building an Automatic Backup System
logging on : 10.7. Handwritten Logs
shredders for : 12.3.3. Other Media
throwing out : 12.3.3. Other Media
parent processes : C.2. Creating Processes
partitions : 25.2.2.4. Using partitions to protect your users
backup by : 7.1.3. Types of Backups
root : (see root directory)
pass phrases : (see passwords)
pass phrases for PGP
6.6.3.1. Encrypting files with IDEA
(see also passwords)
passive FTP
17.3.2.2. Passive vs. active FTP
17.3.2.3. FTP passive mode
passwd command
3.4. Changing Your Password
8.6.2. What Is Salt?
as SUID program : 5.5. SUID
-l option
8.4.1. Changing an Account's Password
8.8.8. Disabling an Account by Changing Its Password
-n option : 8.8.6. Password Aging and Expiration
-x option : 8.8.6. Password Aging and Expiration
-f nomemory option : 3.5. Verifying Your New Password
using as superuser : 3.5. Verifying Your New Password
passwd file
1.2. What Is an Operating System?
3.2.1. The /etc/passwd File
3.2.2. The /etc/passwd File and Network Databases
4.2.3. Impact of the /etc/passwd and /etc/group Files on Security
7.1.2. What Should You Back Up?
8.1.1. Accounts Without Passwords
8.6. The UNIX Encrypted Password System
15.1.4. How the UUCP Commands Work
24.4.1. New Accounts
C.5.1. Process #1: /etc/init
(see /etc/passwd file)
Passwd table (NIS+) : 19.5.3. NIS+ Tables
passwd+ package
8.8.2. Constraining Passwords
8.8.4. Password Generators
password coach : 8.8.4. Password Generators
password file : 19.4.4.6. NIS is confused about "+"
password modems : 14.6. Additional Security for Modems
password.adjunct file : 8.8.5. Shadow Password Files
passwords
3.2. Passwords
3.6.1. Bad Passwords: Open Doors
3.8. Summary
23.5. Tips on Using Passwords
accounts without : 8.1.1. Accounts Without Passwords
assigning to users : 8.8.1. Assigning Passwords to Users
avoiding conventional
8.8. Administrative Techniques for Conventional Passwords
8.8.9. Account Names Revisited: Using Aliases for Increased Security
bad choices for
3.6.1. Bad Passwords: Open Doors
3.6.4. Passwords on Multiple Machines
changing
3.4. Changing Your Password
3.5. Verifying Your New Password
8.4.1. Changing an Account's Password
8.8.8. Disabling an Account by Changing Its Password
checklist for : A.1.1.2. Chapter 3: Users and Passwords
constraining : 8.8.2. Constraining Passwords
conventional : 3.2.6. Conventional UNIX Passwords
cracking
8.6.1. The crypt() Algorithm
8.8.3. Cracking Your Own Passwords
8.8.3.2. The dilemma of password crackers
17.3.3. TELNET (TCP Port 23)
encrypting
8.6. The UNIX Encrypted Password System
8.6.4. Crypt16() and Other Algorithms
expiring : 8.8.6. Password Aging and Expiration
federal jurisdiction over : 26.2.2. Federal Jurisdiction
FTP and : 17.3.2. (FTP) File Transfer Protocol (TCP Ports 20 and 21)
generators of : 8.8.4. Password Generators
hit lists of : 3.6.1. Bad Passwords: Open Doors
Kerberos : 19.6.5. Kerberos Limitations
logging changes to : 10.7.2.1. Exception and activity reports
logging failed attempts at : 10.5.3. syslog Messages
for MUDs : 17.3.23. Other TCP Ports: MUDs and Internet Relay Chat (IRC)
on multiple machines
3.6.4. Passwords on Multiple Machines
3.6.5. Writing Down Passwords
over network connections : 23.3. Tips on Writing Network Programs
with network services : 17.4. Security Implications of Network Services
NIS, with Secure RPC : 19.3.2.1. Creating passwords for users
NIS+, changing : 19.5.4.1. Changing your password
one-time
3.7. One-Time Passwords
8.7. One-Time Passwords
8.7.3. Code Books
17.4. Security Implications of Network Services
with POP : 17.3.10. Post Office Protocol (POP) (TCP Ports 109 and 110)
required for Web use
18.3.2. Commands Within the <Directory> Block
18.3.3. Setting Up Web Users and Passwords
shadow
8.4.1. Changing an Account's Password
8.8.5. Shadow Password Files
sniffing
1.4.3. Add-On Functionality Breeds Problems
3. Users and Passwords
8.7. One-Time Passwords
system clock and : 17.3.14. Network Time Protocol (NTP) (UDP Port 123)
token cards with : 8.7.2. Token Cards
unique, number of : 3.6.3. Good Passwords: Locked Doors
usernames as : 8.8.3.1. Joetest: a simple password cracker
UUCP accounts : 15.3.2. Establishing UUCP Passwords
verifying new : 3.5. Verifying Your New Password
wizard's (sendmail) : 17.3.4.1. sendmail and security
writing down : 3.6.5. Writing Down Passwords
patches, logging : 10.7.2.2. Informational material
patents : 26.4.4. Patent Concerns
and cryptography : 6.7.1. Cryptography and the U.S. Patent System
PATH variable
8.1.4.1. Restricted shells under System V UNIX
8.1.4.6. Potential problems with rsh
23.4. Tips on Writing SUID/SGID Programs
attacks via : 11.5.1.1. PATH attacks
pathnames : 23.2. Tips on Avoiding Security-related Bugs
paths : 5.1.3. Current Directory and Paths
trusted : 8.5.3.1. Trusted path
pax program : 7.4.2. Simple Archives
PCERT (Purdue University) : F.3.4.30. Purdue University
PCs
viruses on : 11.1.5. Viruses
web server on : 18.2. Running a Secure Server
PDP-11 processors
1.3. History of UNIX
8.6.1. The crypt() Algorithm
Penn State response team : F.3.4.29. Pennsylvania State University
per-machine logs : 10.7.2. Per-Machine Logs
per-site logs : 10.7.1. Per-Site Logs
performance
compromised
25.2.1. Process-Overload Problems
25.2.1.2. System overload attacks
reviews : 13.2.3. Performance Reviews and Monitoring
with Secure RPC : 19.3.4. Limitations of Secure RPC
using FFS : 25.2.2.6. Reserved space
perimeter, security : 12.1.1. The Physical Security Plan
perl command
-T option
18.2.3.4. Tainting with Perl
23.4. Tips on Writing SUID/SGID Programs
Perl programming language
5.5.3. SUID Shell Scripts
11.1.4. Trojan Horses
11.5.1.2. IFS attacks
random seed generator : 23.9. A Good Random Seed Generator
script for reading lastlog file : 10.1.1. lastlog File
Swatch program
10.6. Swatch: A Log File Tool
10.6.2. The Swatch Configuration File
E.4.9. Swatch
tainting facility : 18.2.3.4. Tainting with Perl
permissions
1.1. What Is Computer Security?
5.1.6. Understanding File Permissions
5.2.4. Using Octal File Permissions
11.1.5. Viruses
11.6.1. File Protections
11.6.1.3. World-readable backup devices
access control lists (ACLs)
5.2.5. Access Control Lists
5.2.5.2. HP-UX access control lists
changing
5.2.1. chmod: Changing a File's Permissions
5.2.4. Using Octal File Permissions
directory : 5.4. Using Directory Permissions
/etc/utmp file : 10.1.2. utmp and wtmp Files
intruder's modifications to : 24.4.1.2. Changes in file and directory protections
modem devices : 14.5.2. Setting Up the UNIX Device
modem files : 14.5.1. Hooking Up a Modem to Your Computer
of NIS+ objects : 19.5.5. NIS+ Limitations
octal
5.2.3. Calculating Octal File Permissions
5.2.4. Using Octal File Permissions
of .rhosts file : 17.3.18.4. The ~/.rhosts file
SUID programs
5.5. SUID
5.5.7. SGID Bit on Files (System V UNIX Only): Mandatory Record Locking
symbolic links and : 5.1.7. File Permissions in Detail
umasks
5.3. The umask
5.3.2. Common umask Values
UUCP : 15.4.1.4. Special permissions
Permissions file
15.5. Security in BNU UUCP
15.5.1. Permissions File
15.5.3. uucheck: Checking Your Permissions File
checking with uucheck : 15.5.3. uucheck: Checking Your Permissions File
personnel : (see employees)
PGP (Pretty Good Privacy)
6.6.3. PGP: Pretty Good Privacy
6.6.3.6. PGP detached signatures
-eat and -seat options : 6.6.3.3. Encrypting a message
encrypting message with : 6.6.3.3. Encrypting a message
encrypting Web documents : 18.4.1. Eavesdropping Over the Wire
-ka option : 6.6.3.2. Creating your PGP public key
-kg option : 6.6.3.2. Creating your PGP public key
-kvc option : 6.6.3.6. PGP detached signatures
-kxaf option : 6.6.3.2. Creating your PGP public key
-o option : 6.6.3.6. PGP detached signatures
-sat option : 6.6.3.4. Adding a digital signature to an announcement
-sb option : 6.6.3.6. PGP detached signatures
software signature : E.4. Software Resources
ph (phonebook) server : 17.3.8.3. Replacing finger
phantom mail : 17.3.4.2. Using sendmail to receive email
physical security
12. Physical Security
12.4.2. "Nothing to Lose?"
access control : 12.2.3. Physical Access
of backups
7.1.6. Security for Backups
7.1.6.3. Data security for backups
checklist for : A.1.1.11. Chapter 12: Physical Security
modems
14.5.4. Physical Protection of Modems
14.6. Additional Security for Modems
read-only filesystems : 9.1.2. Read-only Filesystems
signal grounding : 25.3.3. Signal Grounding
PIDs (process IDs)
C.1.3.1. Process identification numbers (PID)
C.1.3.4. Process groups and sessions
Pieprzyk, Josef : 6.5.4.3. HAVAL
PingWare program : 17.6.3. PingWare
pipe (in Swatch program) : 10.6.2. The Swatch Configuration File
pipes
18.2.3.2. Testing is not enough!
18.2.3.3. Sending mail
pipes (for smoking) : 12.2.1.2. Smoke
piracy of software
26.4.2.1. Software piracy and the SPA
(see also software)
pirated software : (see software)
plaintext attacks : 6.2.3. Cryptographic Strength
.plan file : 17.3.8.1. The .plan and .project files
platforms : (see operating systems)
play accounts : (see open accounts)
playback attacks : 19.6.1.2. Using the ticket granting ticket
plus sign (+)
in hosts.equiv file : 17.3.18.5. Searching for .rhosts files
in NIS
19.4. Sun's Network Information Service (NIS)
19.4.4.6. NIS is confused about "+"
Point-to-Point Protocol (PPP) : 14.5. Modems and UNIX
policy, security
1.2. What Is an Operating System?
2. Policies and Guidelines
2.5.3. Final Words: Risk Management Means Common Sense
A.1.1.1. Chapter 2: Policies and Guidelines
cost-benefit analysis
2.3. Cost-Benefit Analysis
2.3.4. Convincing Management
risk assessment
2.2. Risk Assessment
2.2.2. Review Your Risks
2.5.3. Final Words: Risk Management Means Common Sense
role of
2.4.1. The Role of Policy
2.4.4. Some Key Ideas in Developing a Workable Policy
2.4.4.7. Defend in depth
politics : 11.3. Authors
polyalphabetic ciphers : 6.3. The Enigma Encryption System
polygraph tests : 13.1. Background Checks
POP (Post Office Protocol) : 17.3.10. Post Office Protocol (POP) (TCP Ports 109 and 110)
popen function
18.2.3.2. Testing is not enough!
23.2. Tips on Avoiding Security-related Bugs
pornography : 26.4.5. Pornography and Indecent Material
port numbers
23.3. Tips on Writing Network Programs
G. Table of IP Services
portable computers : 12.2.6.3. Portables
portable I/O library : 1.3. History of UNIX
portmap service
19.2.1. Sun's portmap/rpcbind
19.4.4.4. Spoofing RPC
E.4.6. portmap
portmapper program
17.3.11. Sun RPC's portmapper (UDP and TCP Ports 111)
19.2.1. Sun's portmap/rpcbind
19.4.5. Unintended Disclosure of Site Information with NIS
ports
16.2.4.2. TCP
17.1.1. The /etc/services File
G. Table of IP Services
trusted : (see trusted, ports)
positivity : 2.4.4.2. Be positive
POSIX
1.3. History of UNIX
1.4.2. Software Quality
C.1.3.4. Process groups and sessions
chown command and : 5.7. chown: Changing a File's Owner
Post Office Protocol : (see POP)
postmaster, contacting : 24.2.4.2. How to contact the system administrator of a computer you don't know
PostScript files : 11.1.5. Viruses
power outages, logging : 10.7.1.1. Exception and activity reports
power surges
12.2. Protecting Computer Hardware
12.2.1.8. Electrical noise
(see also lightning)
PPP (Point-to-Point Protocol)
14.5. Modems and UNIX
16.2. IPv4: The Internet Protocol Version 4
preserve program : 5.5.3.2. Another SUID example: IFS and the /usr/lib/preserve hole
Pretty Good Privacy : (see PGP)
prevention, cost of
2.3. Cost-Benefit Analysis
2.3.4. Convincing Management
primary group : 4.1.3. Groups and Group Identifiers (GIDs)
principals, NIS+ : 19.5.1. What NIS+ Does
print through process : 12.3.2.1. Verify your backups
printers
buffers : 12.3.4.1. Printer buffers
/etc/hosts.lpd file : 17.3.18.6. /etc/hosts.lpd file
logging to : 10.5.2.1. Logging to a printer
output from : 12.3.4.2. Printer output
ports for : 12.3.1.4. Auxiliary ports on terminals
priority of processes : C.1.3.3. Process priority and niceness
privacy
2.1. Planning Your Security Needs
2.5.2. Confidential Information
9. Integrity Management
12.3. Protecting Data
12.3.6. Key Switches
(see also encryption; integrity)
Electronic Communications Privacy Act (ECPA) : 26.2.3. Federal Computer Crime Laws
Secure RPC : 19.3.4. Limitations of Secure RPC
private-key cryptography
6.4. Common Cryptographic Algorithms
6.4.1. Summary of Private Key Systems
privilege testing (modem) : 14.5.3.3. Privilege testing
privileges, file : (see permissions)
privileges, SUID : (see SUID/SGID programs)
processes
C.1. About Processes
C.5.3. Running the User's Shell
accounting
10.2. The acct/pacct Process Accounting File
10.2.3. messages Log File
group IDs
4.3.3. Other IDs
C.1.3.4. Process groups and sessions
overload attacks
25.2.1. Process-Overload Problems
25.2.1.2. System overload attacks
priority of : C.1.3.3. Process priority and niceness
scheduler : C.1.3.3. Process priority and niceness
procmail system : 11.5.2.5. .forward, .procmailrc
.procmailrc file : 11.5.2.5. .forward, .procmailrc
.profile file
8.1.4.1. Restricted shells under System V UNIX
8.1.4.6. Potential problems with rsh
11.5.2.1. .login, .profile, /etc/profile
24.4.1.6. Changes to startup files
programmed threats
11. Protecting Against Programmed Threats
11.6.2. Shared Libraries
authors of : 11.3. Authors
checklist for : A.1.1.10. Chapter 11: Protecting Against Programmed Threats
protection from : 11.5. Protecting Yourself
references on : D.1.4. Computer Viruses and Programmed Threats
programming : 23. Writing Secure SUID and Network Programs
references for : D.1.11. UNIX Programming and System Administration
programs
CGI : (see CGI, scripts)
integrity of : (see integrity, data)
for network services : 23.3. Tips on Writing Network Programs
rabbit
11.1. Programmed Threats: Definitions
11.1.7. Bacteria and Rabbits
running simultaneously : 23.2. Tips on Avoiding Security-related Bugs
secure : 23. Writing Secure SUID and Network Programs
worms : 11.1.6. Worms
Project Athena : (see Kerberos system)
.project file : 17.3.8.1. The .plan and .project files
proprietary ownership notices : 26.2.6. Other Tips
prosecution, criminal
26.2. Criminal Prosecution
26.2.7. A Final Note on Criminal Actions
protocols
16.2.4. Packets and Protocols
(see also under specific protocol)
IP : (see IP protocols)
Protocols table (NIS+) : 19.5.3. NIS+ Tables
proxies, checklist for : A.1.1.21. Chapter 22: Wrappers and Proxies
pruning the wtmp file : 10.1.3.1. Pruning the wtmp file
ps command
6.6.2. des: The Data Encryption Standard
10.1.2. utmp and wtmp Files
19.3.2.3. Making sure Secure RPC programs are running on every workstation
24.2.1. Catching One in the Act
C.1.2. The ps Command
C.1.2.2. Listing processes with Berkeley-derived versions of UNIX
with kill command : 24.2.5. Getting Rid of the Intruder
to stop process overload
25.2.1.1. Too many processes
25.2.1.2. System overload attacks
pseudo-devices : 5.6. Device Files
pseudorandom functions : 23.6. Tips on Generating Random Numbers
PUBDIR= command : 15.5.2. Permissions Commands
public-key cryptography
6.4. Common Cryptographic Algorithms
6.4.2. Summary of Public Key Systems
6.4.6. RSA and Public Key Cryptography
6.4.6.3. Strength of RSA
6.5.3. Digital Signatures
18.3. Controlling Access to Files on Your Server
18.6. Dependence on Third Parties
breaking : 19.3.4. Limitations of Secure RPC
PGP : 6.6.3.2. Creating your PGP public key
proving identity with : 19.3.1.1. Proving your identity
publicity hounds : 11.3. Authors
publicizing security holes : 2.5.1. Going Public
publickey file : 19.3.2.1. Creating passwords for users
Purdue University (PCERT) : F.3.4.30. Purdue University
Purify : 23.2. Tips on Avoiding Security-related Bugs
pwck command : 8.2. Monitoring File Format


Search | Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Copyright © 1999 O'Reilly & Associates, Inc. All Rights Reserved.

This HTML Help has been published using the chm2web software.