Team LiB
Previous Section Next Section

Index


[SYMBOL] [A] [B] [C] [D] [E] [F] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X]

AcceptMutex directive
access control
     attacks against
     authentication and network access, combined
     authentication methods
         basic
         Digest
         factors (authentication types 1-;3)
         flawed, real-life example of
         form-based
         two-factor authentication
     basic plaintext authentication
         groups
         htpasswd utility
     certificate-based authentication
     combining authentication modules
     DBM file authentication
         dbmmanage problems
         htdigest for password database
     Digest authentication
         mod_auth_digest module required
     network
         environment variables
     notes on
     overview
     proxy
         central and reverse proxies
         reverse proxies
     request methods, limiting
     SSO
         web-only
accountability security goal
AddHandler directive 2nd
AddType directive
Advanced Encryption Standard (AES)
AES (Advanced Encryption Standard)
AgentLog directive (deprecated)
Alan Ralsky DoS retribution
Allow directive
AllowEncodedSlashes directive
AllowOverride directive
     access file usage control
antivirus, Clam AntiVirus program
Apache
     backdoors
    chroot (jail) [See chroot]
     chroot(2) patch
     clients, limiting
     configuration and hardening
         AllowOverride directive
         binary file permissions
         CGI scripts, enabling
         email address, turning off
         information leaks, preventing
         logging
         Options directive
         root sole write access
         secure defaults
         server configuration limits
         server identity, changing
         server user accounts
     connection timeout
     -DBIG_SECURITY_HOLE compile option
     documentation
     installation
         binary or source
         documentation
         folder locations
         module selection
         modules, default activation list
         patch download
         procedures for
         source code download
         static binary or dynamic modules
         system-hardening matrix for planning
         testing of
    jail [See chroot]
     mod_parmguard module
     module repository
     MPMs
     options, adding and removing
     PHP integration functions
     Slapper Worm
     SSL
         broken SSL clients
         certificates, signing
         configuring
         directives
         keys, generating
         mod_ssl, installing
         non-SSL content
         reliable startup
         server private key
         session issues
     SSO
apache-protect brute-force DoS tool
application logs
apxs third-party module interface tool
architectures [See network architectures]
Argus network monitoring tool
assessment
     security phase
asymmetric (public-key) encryption 2nd 3rd 4th [See also public-key cryptography]
attack surface 2nd
attack vector
attacks [See also DoS attacks; injection attacks; intrustion detection; mod_security firewall module; web application security]
     command execution and file disclosure
     content management systems problems
     database
     database-specific patterns
     detecting common
     XSS
         attack warning patterns
audit log 2nd
AuthAuthoritative directive
AuthDBMAuthoritative directive
AuthDigestDomain directive
authentication methods
     Basic 2nd
     Digest 2nd
     form-based
availability security goal

Team LiB
Previous Section Next Section