Team LiB
Previous Section Next Section

Index


[SYMBOL] [A] [B] [C] [D] [E] [F] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X]

safe mode, PHP
Sam Spade information-gathering tool
SAPI input hooks
Satisfy
ScriptAlias directive
     enabling script execution
scripting, XSS security flaw
     attack warning patterns
     consequences
     detecting attacks
     resources for
search engines
SEC (Simple Event Correlator)
SecFilterForceByteRange directive
SecFilterInheritance directive
SecFilterScanPOST directive
SecFilterSelective directive
secret-key encryption
SecUploadInMemoryLimit directive
Secure FTP (SFTP)
Secure Hash Algorithm 1 (SHA-1)
Secure Sockets Layer [See SSL]
security
     Apache backdoors
     authentication, flawed, real-life example of
     CIA triad
     common phases example
    cryptography [See cryptography]
     defensible networks (Bejtlich)
     file descriptor leakage vulnerability 2nd
     hardening, system-hardening matrix
     HTTP communication security
     hybrid model
     models, negative versus positive
    PHP
         interpreter issues
         module, making secure
         resources
         safe mode 2nd
         sessions
    principles
         essential
         goals for
     process steps
     protection reverse proxies
    risk
         calculating
         factors
         isolating in a network
         multiple levels of
         public service as root
     scanners
         Nessus
         Nikto
     shared server resources
     symbolic links
     term definitions
     threat modeling
         methodology
         mitigation practices
         resources
         typical attacks
     vocabulary, common
segmentation fault
server header field, changing
server-side includes (SSIs)
ServerLimit directive
servers
     changing identity
         default content, removing
         server header field
     clusters
         fault-tolerant with Wackamole
         management node
         node failure
         reverse proxy
     crashing, log request causing
     Digest authentication of
    firewalls [See firewalls]
     high availability
     host security
         advanced hardening
         information and event monitoring
         minimal services
         network access
         SFTP
         updating software
         user access
     HTTP Keep-Alive
    load balancing
         DNSRR
         manual
     netstat port-listing tool
     performance reverse proxy
     proxy, access control
     software updating
     symbolic links
     synchronizing clocks on (ntpdate utility)
     tuning steps (Lim)
     user accounts, setting up
ServerSignature directive
ServerTokens directive
SetEnvIf directive
SetHandler directive
SFTP (Secure FTP)
SHA-1 secure hash algorithm
SHA-256 secure hash algorithm
SHA-384 secure hash algorithm
SHA-512 secure hash algorithm
sharing servers
     configuration data, distributing
         .htaccess
         configuration errors
     dynamic requests, securing
         CGI limits, setting
         FastCGI
         handlers, types, and filters, assigning
         PHP as module
         script execution
         ScriptAlias directive
         SSIs
        suEXEC [See suEXEC execution wrapper]
     problems
         domain names, sharing
         dynamic-content
         file permissions
         information leaks
         resources, sharing
         untrusted parties
     users, large number of
         dangerous binaries
         web shells
Simple Event Correlator (SEC)
Simple Network Management Protocol (SNMP)
simplicity security principle
single sign-on [See SSO]
SiteDigger information-gathering tool
Slapper Worm
Slashdot effect
SNMP (Simple Network Management Protocol)
Spread Toolkit (distributed logging)
SQL injection attacks
     database feature problems
     detecting attacks
     example
     query statements
     resources for
     UNION construct
SSIs (server-side includes)
SSL (Secure Sockets Layer) 2nd
     Apache, and
         broken SSL clients
         certificates, signing
         configuring
         directives
         keys, generating
         mod_ssl, installing
         non-SSL content
         reliable startup
         server private key
         session issues
     CA, setting up
         distribution, preparing for
         issuing client certificates
         issuing server certificates
         keys, generating
         process
         revoking certificates
         using client certificates
     certificate chain
     communication summary
    OpenSSL [See OpenSSL]
     performance
         HTTP Keep-Alive
         OpenSSL benchmark script
     port, connection
     security of
         MITM attacks
         nontechnical issues
     testing
SSLDigger information-gathering tool
SSLDump protocol analyzer
SSLRequireSSL directive
SSLVerifyClient require directive
SSLVerifyDepth 1 directive
SSO (single sign-on)
     Apache
     web-only
StartServers directive
strace system call tracer
Stunnel network-level tool
suEXEC execution wrapper
     CGI script limits, setting
     error messages
     hybrid security model
     mass virtual hosting
     outside virtual hosts
suid modules, third-party
Swatch monitoring program
symbolic links
symmetric (private-key) encryption 2nd
synchronizing clocks on servers (ntpdate utility)
system-hardening matrix

Team LiB
Previous Section Next Section