13.1. Attacks Against Internet Services13.1.1. Command-Channel Attacks13.1.2. Data-Driven Attacks13.1.3. Third-Party Attacks13.1.4. False Authentication of Clients13.1.5. Hijacking13.1.6. Packet Sniffing13.1.7. Data Injection and Modification13.1.8. Replay13.1.9. Denial of Service13.1.10. Protecting Services13.2. Evaluating the Risks of a Service13.2.1. What Operations Does the Protocol Allow?13.2.1.1. What is it designed to do?13.2.1.2. Is the level of authentication and authorization it uses
appropriate for doing that?13.2.1.3. Does it have any other commands in it?13.2.2. What Data Does the Protocol Transfer?13.2.3. How Well Is the Protocol Implemented?13.2.3.1. Does it have any other commands in it?13.2.4. What Else Can Come in If I Allow This Service?13.3. Analyzing Other Protocols13.4. What Makes a Good Firewalled Service?13.4.1. TCP Versus Other Protocols13.4.2. One Connection per Session13.4.3. One Session per Connection13.4.4. Assigned Ports13.4.5. Protocol Security13.5. Choosing Security-Critical Programs13.5.1. My Product Is Secure Because . . .13.5.1.1. It contains no publicly available code, so it’s
secret13.5.1.2. It contains publicly available code, so it’s been well
reviewed13.5.1.3. It is built entirely from scratch, so it didn’t inherit any
bugs from any other products13.5.1.4. It is built on an old, well-tested code base13.5.1.5. It doesn’t run as root/Administrator/LocalSystem13.5.1.6. It doesn’t run under Unix, or it doesn’t run on a Microsoft
operating system13.5.1.7. There are no known attacks against it13.5.1.8. It uses public key cryptography (or some other
secure-sounding technology)13.5.2. Their Product Is Insecure Because . . .13.5.2.1. It’s been mentioned in a CERT-CC advisory or on a web site
listing vulnerabilities13.5.2.2. It’s publicly available13.5.2.3. It’s been successfully attacked13.5.3. Real Indicators of Security13.5.3.1. Security was one of the design criteria13.5.3.2. The supplier can discuss how major security problems were
avoided13.5.3.3. It is possible for you to review the code13.5.3.4. Somebody you know and trust actually has reviewed the
code13.5.3.5. There is a security notification and update
procedure13.5.3.6. The server implements a recent (but accepted) version of
the protocol13.5.3.7. The program uses standard error-logging mechanisms13.5.3.8. There is a secure software distribution mechanism13.6. Controlling Unsafe Configurations