Secur1ty Usages     Last updated on 2009     3     10, a full moon day

Time must be understood 1st, and then do computer systems security ... ; 3 common methods exist:

1 establishing sub-tree;

2 modeling individual entry, i.e. in 2006, for each 480 Mbps pipe till 30 pipes @ 30 MHz USB DWA ... ;

3 modeling attributes of each entry;

''Y0u kn0w"  ''when"  ''y0u kn0w what y0u d0 n0t kn0w ... ;   A1s0 see: InstructionSegment; Netw0rk Des1gn Pr1nc1ples;   Pr0t0c0l and P0rt; Scripts;

*$ is wildcard * AND share character $ i.e. $HOME, $PATH, ADMIN$, C$, D$, F$, S$, IPC$, PRINT$, SYSVOL$, ... , also see: variable;   [SEC];

802.* specific;

ACAP;   ACE;   ACK;   (ACL One of the Control Lists  (Wire speed) (...));   AEC 128 CCM encryption, LSI DWA USB wire AND wireless, 32 pipes support at 30 MHz;   AES;   AH AH OR ESP;   ANS1 USA;   ARP;   ATP;   (Authentication (User account (*FS mount access)) (Password (Good password) (Shadow password)) (Permission (Directory) (File) i.e. suid, sgid in Linux) (...));

b00tp, B00t Pr0t0c0l;  

CA;   CD;   CERT USA;   Certificates, also see: usamyanmar.net's certificate;   CIPHERUNICORN-A, NEC's AES DES,interface;   Cisco specific;   C0PPA, Ch1ldren 0nl1ne Pr1vacy and Pr0tect10n Act USA;   CFS It supports local and remote;   Core Dump Size limitation;  

DACL One of the Control Lists;   DDP;   DES;   DHCP;   Difficulty levels: The most difficult system security level is Pin level security > System Menu level security is less difficult than Pin level security > System DB Key level security is less difficult than System Menu level security > Script level security is easiest and commonly available;   DNS H0st names ≠ 1P addresses;   (DNS server query limitation (Controlling recursive query) );   (DNSSEC (KEY record (A/C) (NAMTYP) (SIG) (XT)) (...) );   D0S, Den1al-0f-Serv1ce, Unit = SYN/s;   DSA;  

EFS;   (Encrypt10n (Bl0ck C1pher 1.e. DES's 64b1t bl0ck w1th 56b1t key;) (Stream C1pher) (...));  EIGRP;    Environmental variables Also see: share characters;  

FCC;   FCS Ethernet;   Filtering port number;   Firewall/VPN [Develop the unit's characteristics],   Firewall coexistence DNS server;   FTP;  

HTTP;  

1ANA P0rt 0~1023;   IDS;   1ETF;   IKE;   1MAP;   1SP;   1P;   (1P Address Ass1gnment (Manual) (Aut0 b00tp) (Dynam1c b00tp DHCP));   ipchains Controlling access;   1PC1S;   1PSec;   1RC;   IRF;   IRM;   ISMS, INFORMATION SECURITY MANAGEMENT SYSTEM,   1S0;   1V;  

(KDC (TGT)) MIT's Kerberos authentication;   Kernel configuration;   Keyword to Port Number;  

L2TP;   lmhosts security initialization;   LSA;   LSP;   LU1D;  

MAC;   mask;   M1B;   M1ME;   (M0dulat10n (AM) (FM) (PCM) (...) Als0 see: S/N 1n UN1T);  

(named running (CHROOT jail) (without ROOT privilege)) DNS server;   NAT;   NBP;   NCP;   NetB10S;   NetWare system usages;   NFS;   (N1ST (SHA N0t ava1lable 1n publ1c) (SHA-1) (SHA-*) (...) );   NNTP;   NOS;   NSA;  

0SPF;   OU;  

Peculiar mind reminder: O01I, IOl0 i o L zero, *$, "  '', ... ;   P2P;   P0P;   PPDD;   (PPTP (PPP) (...) );   Public Key Token, matrix of base16 hexadecimal and 16 characters where: If Time AND Possible value matches And Then Assembly Cache = TRUE;  

Quantum cryptography (Stable key generation (QBER));   (QoS (Application QoS OSI application level priority) (Port QoS Specific port enable OR disable; ingress OR egress) (Voice QoS) (...));

RAD1US;   Recommended website: www.ccc.go.jp;

SACL One of the Control Lists;   SAM;   Samba Server;   SCCML;   sFlow traffic Monitor by Foundry Network;   S1D;   SK1P;   SLIMIT-C wireless e-mail filter;   SMB C2MYAZZ, LANMAN authent1cat10n;   SMTP ASC11 text 0nly;   SNMP SNMP agent and 1ts management: Als0 see: M1B;   Split namespace Public OR private;   Spread spectrum;   SPX;   SSH;   SSL SSL3 1s TLS pr0t0c0l;   ssl ciphers;   SYN;   syslog utility syslog.conf file in Linux;   Systems security links: Also see: File Systems;   System time stamp;   swatch Perl script;  

TCP;   TCP Wrapper Samba Linux; inetd; xinetd;   TCP/IP;   TCP/IP protocol stack embedded IC chips;   TDS, encryption System certificates;   TLS;   TTL;  

UDP;   umask configuration;   updates is Edit | Preferences... | Startup.     333+ of Preferences... exist, i.e. temp is one of the Preferences...'s options;   UPS;   URL;  

VPN;  

WEP (64 bit) (128 bit);   wh01s rs.1ntern1c.net;   W1reless T0p0l0gy;  

Zone transfer restriction DNS server;  

Note for security novice: Automata theory is recommended to read because relation between handshakes and communication between computer machines sometimes are abstract to common people;   Once abstract can be overviewed, twist-and-turn in cryptanalysis and cryptography becomes a little easier ... ;

802.* specific: in 2006, 802.1x product specific are EAP-FAST, EAP-TLS, EAP-TTLS, LEAP, PEAP, and etc.

Cisco specific: 2006 line security ohm · meter products are Clean Access, ACS, ASA, CSA, IPS, Pix, and etc.; 2006 wireless security dB · meter products are Controller specific, IOS AP, Light Weight AP, UCS, and etc.

Firewall specific services oriented security rules:

[Remark: 1st to understand Internet vs. Proxy Server Settings, otherwise following contents may not be understandable; For Internet/Intranet security, also see: IANA 2007 standard Keyword to Port Number]

If ICMP type = source quench, and then ;

If ICMP type = echo request interface = Ext, and then ;

If ICMP type = echo reply interface = Ext, and then ;

If ICMP type = destination unreachable interface = Ext, and then ;

If ICMP type = service unavailable interface = Ext, and then ;

If ICMP type = TTL exceeded interface = Ext, and then ;

If ICMP type = parameter problem interface = Ext, and then ;

If ICMP type = echo request interface = Int, and then ; 

If ICMP type = redirect interface = Ext, and then ; 

If ICMP type = echo reply interface = Int, and then ; 

If ICMP type = destination unreachable interface = Ext, and then ;

If ICMP type = service unavailable interface = Ext, and then ;

If ICMP type = TTL exceeded interface = Ext, and then ;

If ICMP type = * interface = * interface = *, and then ;

If ICMP type = * OP = source route, and then ;

If ICMP type = * interface = Ext source IP = internal, and then ;

If ICMP type = * interface = Int destination IP = internal, and then ;

If ICMP type = * interface = Ext destination IP = protected servers, and then ;

If ICMP type = * interface = Ext destination port = RIP, and then ;

If ICMP type = * interface = Ext destination port = OSPF, and then ;

If ICMP type = * interface = * interface = * destination port = 0 ~ 20 Type = UDP, and then ;

If ICMP type = * interface = * interface = * destination port = 6000 Type = UDP, and then ;

If ICMP type = * interface = * interface = * destination port = 6001 Type = UDP, and then ;

If ICMP type = * interface = * interface = * destination port = 6002 Type = UDP, and then ;

If ICMP type = * interface = * interface = * destination port = 6003 Type = UDP, and then ;

If ICMP type = * interface = * interface = * destination port = 161 Type = UDP, and then ;

If ICMP type = * interface = * interface = * destination port = 162 Type = UDP, and then ;

If ICMP type = * interface = * interface = * destination port = 0 ~ 20 Type = TCP, and then ;

If ICMP type = * interface = * interface = * destination port = 6000 Type = TCP, and then ;

If ICMP type = * interface = * interface = * destination port = 6001 Type = TCP, and then ;

If ICMP type = * interface = * interface = * destination port = 6002 Type = TCP, and then ;

If ICMP type = * interface = * interface = * destination port = 6003 Type = TCP, and then ;

If ICMP type = * interface = * interface = * destination port = 161 Type = TCP, and then ;

If ICMP type = * interface = * interface = * destination port = 162 Type = TCP, and then ;

If ICMP type = * interface = Ext interface = * destination port = 23 Type = TCP, and then ;

If ICMP type = * interface = Ext interface = * destination port = 8080 Type = TCP, and then ;

If ICMP type = * interface = Ext interface = * destination port > 1023 ACK = C Type = TCP, and then ;

If ICMP type = * interface = Ext interface = * destination port = 20 ACK = C Type = TCP, and then ;

If ICMP type = * interface = Ext interface = * destination port = 21 ACK = C Type = TCP, and then ;

If ICMP type = * interface = Ext interface = * destination port = 25 (destination IP ≠ SMTP server) Type = TCP, and then ;

If ICMP type = * interface = Ext interface = * destination port = 80 (destination IP ≠ Web server) Type = TCP, and then ;

If ICMP type = * interface = Ext interface = * source port = 80 destination port > 1023 ACK = S Type = TCP, and then ;

If ICMP type = * interface = Int interface = * source port > 1023 destination port = 80 Type = TCP, and then ;

If ICMP type = * interface = * interface = * source IP = NNTP server destination IP NNTP server Type = TCP, and then ;

If ICMP type = * interface = * interface = * source IP = NNTP server destination port = 119 Type = TCP, and then ;

If ICMP type = * interface = * interface = * source IP SMTP server destination port = 25 Type = TCP, and then ;

	Up