Previous Section  < Day Day Up >   

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

Sam Spade  2nd 
sameip; rule option 
SANS  2nd  3rd 
SANS Institute 
Sans TCP/IP Guide 
Sarbannes-Oxley 
scan.rules 
scanner-fixed-threshold option (flow-portscan preprocessor) 
scanner-fixed-window option (flow-portscan preprocessor) 
scanner-sliding-scale-factor option (flow-portscan preprocessor) 
scanner-sliding-threshold option (flow-portscan preprocessor) 
scanner-sliding-window option (flow-portscan preprocessor) 
scanning machines on your network 
schema table 
scoreboard-memcap-scanner option (flow-portscan preprocessor) 
scoreboard-memcap-talker option (flow-portscan preprocessor) 
scoreboard-rows-scanner option (flow-portscan preprocessor) 
scoreboard-rows-talker option (flow-portscan preprocessor) 
Scoreboards component (flow-portscan preprocessor) 
scrambling networks 
script kiddies 
sdrop rule action 
secure certificates 
SecurityFocus 
SecurityFocus IDS Page 
self-inflicted denial-of-service 
self-test mode, starting Snort in 
sensor table 
sensors
    administration problems 
    configuring interfaces 
    managing Snort  [See IDS management]
    placement 
        creating connection points 
        prioritizing systems and networks to watch 
    placing 
    securing 
        applying patches and updates 
        choosing operating system 
        monitoring system logs 
        robust authentication 
seq: rule option 
Server statistics tracker component (flow-portscan preprocessor) 
server-ignore-limit option (flow-portscan preprocessor) 
server-learning-time option (flow-portscan preprocessor) 
server-memcap option (flow-portscan preprocessor) 
server-rows option (flow-portscan preprocessor) 
server-scanner-limit option (flow-portscan preprocessor) 
server-watchnet option (flow-portscan preprocessor) 
serveronly option (stream4_reassemble preprocessor) 
ServerSignature setting 
service scans, detecting 
services, disabling 
session interception 
    IPS identification 
    Snort running as interceptor 
session: rule option 
set_gid: option (snort.conf) 
set_uid: option (snort.conf) 
Sguil 
sguil 
sguil server database
    sending log information to (barnyard.conf) 
shaft 
shellcode in the packet payload, detecting 
shellcode.rules 
SHELLCODE_PORTS variable (snort.conf) 
show_year option (snort.conf) 
sid: rule option 
sig_class table 
sig_id parameter 
sig_reference table 
signature table 
signature-based IDS versus antivirus software 
signatures 
    attempted-recon 
    automatic updates 
    disabling high-noise 
    faulty 
    of known exploits 
    Snort and 
    updating 
skiphosts option (snortsam.conf) 
skipinterval option (snortsam.conf) 
smart cards 
SMTP (Simple Mail Transfer Protocol) 
SMTP email service, detecting attacks to 
smtp.rules 
SMTP_SERVERS variable (snort.conf) 
sniff trace, directing to logfile 
SniffDet 
sniffer 
sniffer mode for Snort 
sniffer-mode output 
sniffing
    turning off promiscuous mode 
SNMP traffic, detecting 
snmp.rules 
SNMP_SERVERS variable (snort.conf) 
SNMPwalk 
Snort
    as NIDS solution 
    database schema 
    deploying  [See deploying Snort]
    installing  [See installing Snort]
    overview 
    reasons to use 
    using more effectively 
Snort Inline Patch 
Snort newsgroup 
Snort's homepage 
snort-sigs mailing list  2nd 
snort.conf file  2nd 
    command-line options 
    default settings for 
    default variables 
    designating multiple ports 
    designating single port 
    editing in SnortCenter 
    editing with SnortCenter 
    initial configuration 
        type of alert wanted 
    network and configuration variables 
    preprocessors  [See preprocessor configuration]
    RULE_PATH variable 
    sections 
    Snort decoder and detection engine 
    specifying a single address 
    specifying multiple addresses 
    variables to define servers running services that have specific rules 
SnortCenter  2nd  3rd  4th 
    adding new rules 
    adding sensors to console 
    Admin drop-down menu 
    automatic updates 
    browsing console 
    editing custom rules 
    installing agent 
    installing console 
        prerequisites 
    logging in and surveying layout 
    management console 
        features 
    managing false positive and false negative alerts 
    managing tasks 
    Output Plugins selection 
    Resources link 
        creating a new rule 
    Sensor Configuration menu 
        Edit tool 
        Output Plugin Selection 
        Preprocessor Selection drop-down menu 
        Rule Category Overview link 
        Rule Policy Templates section 
        Rules Selection drop-down menu 
        Variable Selection drop-down menu 
    Sensor Console button 
    trickiest part 
    updating rules and signatures 
snortdb-extra.gz file 
SnortReport  2nd 
SnortSAM  2nd  3rd 
    downloading 
    installing 
    output plug-in 
    patching Snort to enable support for 
    starting 
snortsam.conf file options 
    accept 
    daemon 
    defaultkey 
    dontblock 
    include 
    ipchains 
    iptables 
    logfile 
    loglevel 
    pix 
    port 
    rollbackhosts 
    rollbacksleeptime 
    rollbackthreshold 
    skiphosts 
    skipinterval 
SnortSnarf  2nd 
Snot  2nd 
SoBig worm 
software download resources 
software version-mapping 
Solaris 9 installation guide 
Source IP field (rule headers) 
Source Port field (rule headers) 
source routing 
Sourcefire  2nd 
    Management Console 
SPAN port (Cisco) 
SPAN ports 
spanning multiple ports into single monitor port 
SQL Server database servers, detecting attacks to 
SQL Server, disabling rule set 
SQL Slammer worm 
sql.rules 
SQL_SERVERS variable (snort.conf) 
src-ignore-net option (flow-portscan preprocessor) 
SSH (Secure Shell) 
SSL Accelerator 
SSL proxies  2nd 
sslproxy 
Stacheldraht rules 
stacks (TCP/IP) 
Staniford, Stuart 
stateless; rule option 
stats_interval option (flow preprocessor) 
stealth interface 
Steele, Michael E. 
Stick  2nd 
stopping Snort 
stream4 preprocessor  2nd 
stream4_reassemble preprocessor 
    configuring 
stress-testing IDS machines 
subversion 
Sullo 
suppression rules  2nd 
    syntax 
switches
    Cisco 
    configured to span several ports 
    enterprise-class 
    listing 
SYN (synchronize sequence numbers) packet 
SYN FIN scan attempt 
synchronize sequence numbers (SYN) packet 
syslog server, sending alerts to 
system configuration errors 

Previous Section  < Day Day Up >