Book Home

Building Internet FirewallsSearch this book

Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Index: D

daemons, tools for: B.5. Daemons
data: 1.1.1. Your Data
DNS: 20.1.3. DNS Data
mismatched: 20.1.4.3. Mismatched data between the hostname and IP address DNS trees
protecting: C.2.3. Integrity Protection
from sniffers: 13.1.6. Packet Sniffing
theft of: 1.2.1.3. Information theft
1.2.2.4. Spies (industrial and otherwise)
transferring: 2.4. File Transfer, File Sharing, and Printing
4.1. What Does a Packet Look Like?
8. Packet Filtering
allowing/disallowing: 8.1.1. Basic Packet Filtering
evaluating protocols for: 13.2.2. What Data Does the Protocol Transfer?
via TCP: 4.3.1. TCP
data-driven attacks: 13.1.2. Data-Driven Attacks
protecting against: 13.1.10. Protecting Services
database protocols, connecting to web servers with: 23.1.1.3. Using the database's protocols to connect to a perimeter web server
database servers, locating: 23.1.1. Locating Database Servers
daytime service: 22.7. Mostly Harmless Protocols
DCC (Direct Client Connections): 19.1. Internet Relay Chat (IRC)
DCOM (Distributed Component Object Model): 14.2. Distributed Component Object Model (DCOM)
dcomcnfg program: 14.2. Distributed Component Object Model (DCOM)
debugging operating system: 10.9.2. Fix All Known System Bugs
dedicated proxy servers: 9.3.2. Generic Versus Dedicated Proxies
Deep Crack: 21.2. Passwords
default deny stance: 3.5.1. Default Deny Stance: That Which Is Not Expressly Permitted Is Prohibited
8.2.3. Default Permit Versus Default Deny
default permit stance: 3.5.2. Default Permit Stance: That Which Is Not Expressly Prohibited Is Permitted
8.2.3. Default Permit Versus Default Deny
defense in depth: 3.2. Defense in Depth
24.1.4.2. Defense in depth
24.2.4.2. Defense in depth
Demilitarized Zone (DMZ): 5.1. Some Firewall Definitions
denial of service attacks: 1.2.1.2. Denial of service
2.3.1. Electronic Mail
13.1.9. Denial of Service
HTTP and: 15.1. HTTP Server Security
ICMP and: 22.4. ICMP and Network Diagnostics
JavaScript and: 15.4.1. JavaScript
protecting against: 13.1.10. Protecting Services
DependOnGroup registry key: 12.4.1.1. Registry keys
DependOnService registry key: 12.4.1.1. Registry keys
DES (Data Encryption Standard) algorithm: C.5.1. Encryption Algorithms
designing rewalls: 1.6.1. Buying Versus Building
destination unreachable codes (see ICMP)
Dfs (Distributed File System): 17.4.2. Distributed File System (Dfs)
DHCP (Dynamic Host Configuration Protocol): 22.3.2. Dynamic Host Configuration Protocol (DHCP)
diagramming the system: 27.5.2. Labeling and Diagramming Your System
dictionary attacks: 21.3.1. One-Time Password Software
Diffie-Helman algorithm: C.5.4. Key Exchange
digital signature: C.3.1. Digital Signatures
in ActiveX: 15.4.4. ActiveX
in OpenPGP: 16.1.4. S/MIME and OpenPGP
in S/MIME: 16.1.4. S/MIME and OpenPGP
algorithms: C.5.2. Digital Signature Algorithms
Direct Client Connections (DCC): 19.1. Internet Relay Chat (IRC)
Directory Replication (Windows NT): 22.6.3. Windows NT Directory Replication
disabling
routing (see routers, disabling)
services: 10.10. Disabling Nonrequired Services
on Unix: 11.3.2. Disabling Services Under Unix
11.3.4. Specific Unix Services to Disable
on Windows NT: 12.4.2. How to Disable Services Under Windows NT
12.4.5. Specific Windows NT Services to Disable
discard service: 22.7. Mostly Harmless Protocols
disconnecting
from network: 27.1.3. Disconnect or Shut Down, as Appropriate
plan for: 27.4.3. Planning for Disconnecting or Shutting Down Machines
machine: 27.4.3. Planning for Disconnecting or Shutting Down Machines
after incident: 27.1.3. Disconnect or Shut Down, as Appropriate
disk space (see memory resources)
disks, needs for: 10.3.3. What Hardware Configuration?
DisplayName registry key: 12.4.1.1. Registry keys
Distributed Component Object Model (DCOM): 14.2. Distributed Component Object Model (DCOM)
Distributed File System (Dfs): 17.4.2. Distributed File System (Dfs)
diversity of defense systems: 3.7. Diversity of Defense
DMZ (Demilitarized Zone): 5.1. Some Firewall Definitions
DNS (Domain Name Service): 2.7. Naming and Directory Services
10.6. Selecting Services Provided by a Bastion Host
20.1. Domain Name System (DNS)
on Windows NT: 12.4.5. Specific Windows NT Services to Disable
clients: 20.1.5.3. Internal DNS clients query the internal server
configuring: 24.2.1.7. DNS
to hide information: 20.1.6. Setting Up DNS to Hide Information, with Subdomains
without hiding information: 20.1.7. Setting Up DNS Without Hiding Information
in screened subnet architecture: 24.1.1.7. DNS
data: 20.1.3. DNS Data
fake server: 20.1.5.1. Set up a "fake" DNS server on the bastion host for the outside world to use
hiding information with: 20.1.5. Setting Up DNS to Hide Information, Without Subdomains
revealing information to attackers: 20.1.4.5. Revealing too much information to attackers
server for internal hosts: 20.1.5.2. Set up a real DNS server on an internal system for internal hosts to use
Windows 2002 and: 20.1.8. Windows 2000 and DNS
DNS Mail Exchange (MX): 16.2.6. Configuring SMTP to Work with a Firewall
documenting
plan for: 27.4.7. Planning for Documentation
system after incident: 27.1.6. Snapshot the System
27.4.5. Planning for Snapshots
domain controllers: 21.6. NTLM Domains
communication among: 21.6.7. Controller-to-Controller Communication
domain master browser, on Microsoft networks: 20.4.2.1. Domain master browser
Domain Name Service (see DNS)
domains, on Microsoft networks: 20.4.1. Domains and Workgroups
Domino server: 16.5. Lotus Notes and Domino
dot (.) files, disabling creation of: 17.1.4.2.3. Disabling the creation of directories and certain files
double-reverse lookups: 20.1.4.3. Mismatched data between the hostname and IP address DNS trees
20.1.5.1. Set up a "fake" DNS server on the bastion host for the outside world to use
DSA (Digital Signature Algorithm): C.5.2. Digital Signature Algorithms
DSS (Digital Signature Standard) algorithm: C.5.2. Digital Signature Algorithms
dual-homed hosts: 5.1. Some Firewall Definitions
architecture of: 6.1.2. Dual-Homed Host
as firewall: 10.10.3. Turning Off Routing
nonrouting: 10.2.1. Nonrouting Dual-Homed Hosts
proxy services (see proxy services)
dumpel utility: 12.3.1. Setting Up System Logs Under Windows NT
dynamic packet filtering, FTP and: 17.1.1. Packet Filtering Characteristics of FTP


Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z


Library Navigation Links

Copyright © 2002 O'Reilly & Associates, Inc. All Rights Reserved.