Secur1ty Usages     Last updated on 2009     10     3, a full moon day

Time must be understood 1st, and then do computer systems security ... 。 3 common methods exist:

1 establishing sub-tree。

2 modeling individual entry, i.e. in 2006, for each 480 Mbps pipe till 30 pipes @ 30 MHz USB DWA ... 。

3 modeling attributes of each entry。

 

''Y0u kn0w"  ''when''y0u kn0w what y0u d0 n0t kn0w ... 。   A1s0 see: InstructionSegmentNetw0rk Des1gn Pr1nc1ples。   Pr0t0c0l and P0rtScripts

*$ is wildcard * AND share character $ i.e. $HOME, $PATH, ADMIN$, C$, D$, F$, S$, IPC$, PRINT$, SYSVOL$, ... , also see: variable。   [SEC]

802.* specific

ACAP。   ACE。   ACK。   (ACL One of the Control Lists  (Wire speed) (...))。   AEC 128 CCM encryption, LSI DWA USB wire AND wireless, 32 pipes support at 30 MHz。   AES。   AH AH OR ESP。   ANS1 USA。   ARP。   ATP。   (Authentication (User account (*FS mount access)) (Password (Good password) (Shadow password)) (Permission (Directory) (File) i.e. suid, sgid in Linux) (...))。

b00tp, B00t Pr0t0c0l。  

CA。   CD。   CERT USA。   Certificates, also see: usamyanmar.net's certificate。   CIPHERUNICORN-A, NEC's AES DES,interface。   Cisco specific。   C0PPA, Ch1ldren 0nl1ne Pr1vacy and Pr0tect10n Act USA。   CFS It supports local and remote。   Core Dump Size limitation。  

DACL One of the Control Lists。   DDP。   DES。   DHCP。   Difficulty levels: The most difficult system security level is Pin level security > System Menu level security is less difficult than Pin level security > System DB Key level security is less difficult than System Menu level security > Script level security is easiest and commonly available。   DNS H0st names ≠ 1P addresses。   (DNS server query limitation (Controlling recursive query) )。   (DNSSEC (KEY record (A/C) (NAMTYP) (SIG) (XT)) (...) )。   D0S, Den1al-0f-Serv1ce, Unit = SYN/s。   DSA。  

EFS。   (Encrypt10n (Bl0ck C1pher 1.e. DES's 64b1t bl0ck w1th 56b1t key。) (Stream C1pher) (...))。  EIGRP。    Environmental variables Also see: share characters。  

FCC。   FCS Ethernet。   Filtering port number。   Firewall/VPN [Develop the unit's characteristics],   Firewall coexistence DNS server。   FTP。  

HTTP。  

1ANA P0rt 0~1023。   IDS。   1ETF。   IKE。   1MAP。   1SP。   1P。   (1P Address Ass1gnment (Manual) (Aut0 b00tp) (Dynam1c b00tp DHCP))。   ipchains Controlling access。   1PC1S。   1PSec。   1RC。   IRF。   IRM。   ISMS, INFORMATION SECURITY MANAGEMENT SYSTEM,   1S0。   1V。  

(KDC (TGT)) MIT's Kerberos authentication。   Kernel configuration。   Keyword to Port Number。  

L2TP   lmhosts security initialization。   LSA。   LSP。   LU1D。  

MAC。   mask。   M1B。   M1ME。   (M0dulat10n (AM) (FM) (PCM) (...) Als0 see: S/N 1n UN1T)。  

(named running (CHROOT jail) (without ROOT privilege)) DNS server。   NAT。   NBP。   NCP。   NetB10S。   NetWare system usages。   NFS。   (N1ST (SHA N0t ava1lable 1n publ1c) (SHA-1) (SHA-*) (...) )。   NNTP。   NOS。   NSA。  

0SPF。   OU。  

Peculiar mind reminder: O01I, IOl0 i o L zero, *$, '', ... 。   P2P。   P0P。   PPDD。   (PPTP (PPP) (...) )。   Public Key Token, matrix of base16 hexadecimal and 16 characters where: If Time AND Possible value matches And Then Assembly Cache = TRUE。  

Quantum cryptography (Stable key generation (QBER))。   (QoS (Application QoS OSI application level priority) (Port QoS Specific port enable OR disableingress OR egress) (Voice QoS) (...))。

RAD1US。   Recommended website: www.ccc.go.jp

SACL One of the Control Lists。   SAM。   Samba Server。   SCCML。   sFlow traffic Monitor by Foundry Network。   S1D。   SK1P。   SLIMIT-C wireless e-mail filter。   SMB C2MYAZZ, LANMAN authent1cat10n。   SMTP ASC11 text 0nly。   SNMP SNMP agent and 1ts management: Als0 see: M1B。   Split namespace Public OR private。   Spread spectrum。   SPX。   SSH。   SSL SSL3 1s TLS pr0t0c0l。   ssl ciphers。   SYN。   syslog utility syslog.conf file in Linux。   Systems security links: Also see: File Systems。   System time stamp。   swatch Perl script。  

TCP。   TCP Wrapper Samba Linux。 inetd。 xinetd。   TCP/IP。   TCP/IP protocol stack embedded IC chips。   TDS, encryption System certificates   TLS。   TTL。  

UDP。   umask configuration。   updates is Edit | Preferences... | Startup.     333+ of Preferences... exist, i.e. temp is one of the Preferences...'s options。   UPS。   URL。  

VPN。  

WEP (64 bit) (128 bit)。   wh01s rs.1ntern1c.net。   W1reless T0p0l0gy。  

Zone transfer restriction DNS server。  

Note for security novice: Automata theory is recommended to read because relation between handshakes and communication between computer machines sometimes are abstract to common people。   Once abstract can be overviewed, twist-and-turn in cryptanalysis and cryptography becomes a little easier ... 。

802.* specific: in 2006, 802.1x product specific are EAP-FAST, EAP-TLS, EAP-TTLS, LEAP, PEAP, and etc.

Cisco specific: 2006 line security ohm · meter products are Clean Access, ACS, ASA, CSA, IPS, Pix, and etc.。 2006 wireless security dB · meter products are Controller specific, IOS AP, Light Weight AP, UCS, and etc.

Firewall specific services oriented security rules:

[Remark: 1st to understand Internet vs. Proxy Server Settings, otherwise following contents may not be understandable。 For Internet/Intranet security, also see: IANA 2007 standard Keyword to Port Number]

If ICMP type = source quench, and then

If ICMP type = echo request interface = Ext, and then

If ICMP type = echo reply interface = Ext, and then

If ICMP type = destination unreachable interface = Ext, and then

If ICMP type = service unavailable interface = Ext, and then

If ICMP type = TTL exceeded interface = Ext, and then

If ICMP type = parameter problem interface = Ext, and then

If ICMP type = echo request interface = Int, and then 。 

If ICMP type = redirect interface = Ext, and then 。 

If ICMP type = echo reply interface = Int, and then 。 

If ICMP type = destination unreachable interface = Ext, and then

If ICMP type = service unavailable interface = Ext, and then

If ICMP type = TTL exceeded interface = Ext, and then

If ICMP type = * interface = * interface = *, and then

If ICMP type = * OP = source route, and then

If ICMP type = * interface = Ext source IP = internal, and then

If ICMP type = * interface = Int destination IP = internal, and then

If ICMP type = * interface = Ext destination IP = protected servers, and then

If ICMP type = * interface = Ext destination port = RIP, and then

If ICMP type = * interface = Ext destination port = OSPF, and then

If ICMP type = * interface = * interface = * destination port = 0 ~ 20 Type = UDP, and then

If ICMP type = * interface = * interface = * destination port = 6000 Type = UDP, and then

If ICMP type = * interface = * interface = * destination port = 6001 Type = UDP, and then

If ICMP type = * interface = * interface = * destination port = 6002 Type = UDP, and then

If ICMP type = * interface = * interface = * destination port = 6003 Type = UDP, and then

If ICMP type = * interface = * interface = * destination port = 161 Type = UDP, and then

If ICMP type = * interface = * interface = * destination port = 162 Type = UDP, and then

If ICMP type = * interface = * interface = * destination port = 0 ~ 20 Type = TCP, and then

If ICMP type = * interface = * interface = * destination port = 6000 Type = TCP, and then

If ICMP type = * interface = * interface = * destination port = 6001 Type = TCP, and then

If ICMP type = * interface = * interface = * destination port = 6002 Type = TCP, and then

If ICMP type = * interface = * interface = * destination port = 6003 Type = TCP, and then

If ICMP type = * interface = * interface = * destination port = 161 Type = TCP, and then

If ICMP type = * interface = * interface = * destination port = 162 Type = TCP, and then

If ICMP type = * interface = Ext interface = * destination port = 23 Type = TCP, and then

If ICMP type = * interface = Ext interface = * destination port = 8080 Type = TCP, and then

If ICMP type = * interface = Ext interface = * destination port > 1023 ACK = C Type = TCP, and then

If ICMP type = * interface = Ext interface = * destination port = 20 ACK = C Type = TCP, and then

If ICMP type = * interface = Ext interface = * destination port = 21 ACK = C Type = TCP, and then

If ICMP type = * interface = Ext interface = * destination port = 25 (destination IP ≠ SMTP server) Type = TCP, and then

If ICMP type = * interface = Ext interface = * destination port = 80 (destination IP ≠ Web server) Type = TCP, and then

If ICMP type = * interface = Ext interface = * source port = 80 destination port > 1023 ACK = S Type = TCP, and then

If ICMP type = * interface = Int interface = * source port > 1023 destination port = 80 Type = TCP, and then

If ICMP type = * interface = * interface = * source IP = NNTP server destination IP NNTP server Type = TCP, and then

If ICMP type = * interface = * interface = * source IP = NNTP server destination port = 119 Type = TCP, and then

If ICMP type = * interface = * interface = * source IP SMTP server destination port = 25 Type = TCP, and then

Up