Index
[SYMBOL]
[A]
[B]
[C]
[D]
[E]
[F]
[G]
[H]
[I]
[J]
[K]
[L]
[M]
[N]
[O]
[P]
[Q]
[R]
[S]
[T]
[U]
[V]
[W]
[X]
[Z]
SA (security association)
establishing for IPSec
IKE SA lifetime
ISAKMP protocol
mode configuration option for VPNs
reauthentication after IKE SA expires
selection for IPSec on remote access VPN
SAA (Service Assurance Agent) 2nd
SAFE (Security Architecture for Enterprises)
Blueprint for Enterprise Networks, web site
out-of-band management, network IDS
SAFE blueprint 2nd
overview of architecture
references for further information
summary of
SAFE WLAN design
SANS Institure
templates for security policies 2nd
SANS Institute 2nd
policy, standard, and guideline, definitions of
programs and initiatives
references for further information
Security Policy Project
scalability
for cryptographic applications[scalability:cryptographic]
key exchange with PKI
network configuration, stateless firewalls and
nonscalable methods of public key distribution
scanning functions, WLANs
SCIF (Sensitive Compartmented Information Facilities), physical security manual
scope of a security policy
example policy for a VPN
score
script kiddies
scripting languages
browser plug-ins, most popular for
secret key cryptography
secret passwords, enabling for Cisco routers
Secure Agent Managers, Cisco
number installed on network
Secure Agents, Cisco
number installed on network
secure areas
Secure Hash Algorithm (SHA)
Secure Integrated Software, Cisco
Secure Policy Manager, Cisco
alarm-reporting feature
Secure Server Certification authority
Secure Server Certification Authority (VeriSign)
Secure Shell
[See SSH]
Secure Socket Layer
[See SSL]
Security Architecture for Enterprises. SeeSAFE
security cards
security guides (NSA)
security incidents
handling procedure, coverage in security policy
incident handling process
security levels (PIX Firewall interfaces) 2nd
security levels for Internet Explorer
security plan
deny all and allow all models
security policies 2nd 3rd 4th
auditing state of
connection-based 2nd
defining
key components of
development process
development team
development, best practices
IDSs based on
importance of
incident handling process
main purpose of
mixing models, problems with
personnel awareness of
reusable passwords and
sample security policy for a VPN
SANS templates for 2nd
security wheel
senior management enforcement of
Security Policy Project (SANS)
security servers
Cisco ACS
Kerberos 2nd
RADIUS 2nd
TACACS+ versus RADIUS
security training and certification
[See SANS Institute]
security wheel
senior management
responsibilities for network security
Sensitive Compartmented Information Facilities (SCIF), online information
sensor components and architecture
sensors, IDS 2nd
host sensor components and architecture
maintenance of
network sensors
communication with director
components and architecture
placement on the network
SEP (Scalable Encryption Processing)
separate service subnet (SSN) 2nd
SEQ/ACK numbers
attackers, use by
in connection hijacking[SEQ/ACK numbers
connection]
Sequence and Acknowledgment numbers
[See SEQ/ACK numbers]
sequence numbers, TCP
prediction of in connection-killing attacks
SYN (Synchronize sequence numbers) flag
server digital ID or website certificate
Service Level Agreements (SLAs), verifying with SAAs
service password-encryption command
service set identifiers
[See SSIDs]
services
router, turning off or restricting access to
selectively enabling or turning on all for host system
unnecessary, disabling or removing
list of services that can be disabled
session cookies
session table, NetScreen
sessions
TCP and UDP, managemenat by CBAC
SHA-1 (Secure Hash Algorithm)
show aaa user all command (Cisco IOS)
show access-lists command 2nd
show access-lists command
reflexive access lists
show accounting command (Cisco IOS)
show ip nat translations command
show privilege command
show rtr command
show rtr history command
signature recognition (biometrics)
signature-based IDS
pros and cons of
updating signatures
signatures, IDS
definition of
definition of malicious traffic or activity
Simple Network Management Protocol
[See SNMP] [See SNMP]
single logon (Kerberos)
Single Loss Expectancy (SLE)
single root CA
site security architecture
Site Security Handbook (RFC 2196)
site-to-site VPNs
small office/home office (SOHO)
Linksys hardware for
smart cards
token-based authentication
Smartcards
smoke, temperature, and humidity sensors in high-level security areas
Smurf attack
Smurf attacks
Sniffer Pro (WLAN packet analyzer)
sniffing on publicly accessible networks
SNMP (Simple Network Management Protocol) 2nd
access to routers via
configuration 2nd
notifications
RMON, using with
SAA, accessing with
setup (case study)
versions
SNMP server engine name, specifying
snmp-server command
SoBig virus
social constraints on netowrk IDS
social constraints, network design
social engineering
countermeasures
software
protection with hardware keys
unpatched, security threats from
software firewalls (Check Point)
source and destination IP addresses, TCP/IP connections
source and destination port numbers
Source Quench message
speech analysis
speed, network interface
split tunneling
spoof attacks
spoofing
antispoofing protection, router configuration
spoofing techniques
countermeasures
spyware
SSH
wireless network security, using for
SSH (Secure Shell)
versions
SSIDs (service set identifiers)
vulnerabilities of
SSL (Secure Socket Layer) 2nd
SSN (separate service subnet) 2nd
stages of the network life cycle 2nd
standard IP access lists
standard numbered IP access lists
additional keywords supported
standard, definition of
standards for telecommunication equipment
state information for TCP and UDP sessions, CBAC and
stateful filtering (firewalls)
stateful firewalls
stateful pattern-matching IDS systems
stateless filtering
static and dynamic translation slots
ASA and
static routing on a PIX Firewall
stations, wireless
SAFE design recommendations for
scanning for other stations or access points
statistical anomaly detection
stream ciphers
subnet mask
subnet masks
survivability and recovery, physical security planning
switches and hubs, network security design
switch security features, examples of
switches, configuring for traffic-capture functions
Sygate firewall
symmetric key algorithms 2nd
AES
DES (Data Encryption Standard)
Triple DES (3DES)
symmetric key encryption
SYN (Synchronize sequence numbers), TCP flag
SYN-flooding attacks, prevention by CBAC
SysAdmin, Audit, Network, and Security
[See SANS Institute]
SYSLOG
SYSLOG server
router configured to send more information to
router configured to send only warnings
|
