Book Home

Search | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | Y | Z

Index: D

daemons, tools for : B.5. Daemons
data : 1.1.1. Your Data
communications protocols : (see TCP/IP)
DNS : 8.10.3. DNS Data
mismatched : 8.10.4.2. Mismatched data between the hostname and IP address DNS trees
protecting from sniffers : 10.1.2. Packet Sniffing
theft of : (see information theft)
espionage : 1.2.2.4. Spies (Industrial and Otherwise)
transferring
6. Packet Filtering
(see email; files, transferring)
allowing/disallowing : 6.1. Why Packet Filtering?
via TCP : 6.3.3.1. TCP
user-specified, and proxying : 7.4.4. User-Specified Data
data-driven attacks : 8.1. Electronic Mail
datagrams : C.5.1.1. The datagram
fragmenting : C.5.1.3. Fragmenting datagrams
DCC (Direct Client Connections) : 8.9.2. Internet Relay Chat (IRC)
DDN (Defense Data Network) : C.10. Internet Routing Architecture
debugging
6.1.2.1. Current filtering tools are not perfect
(see also bugs)
operating system : 5.8.1.2. Fix all known system bugs
dedicated proxy servers : 7.3.2. Generic Versus Dedicated Proxies
default deny stance
3.5.1. Default Deny Stance: That Which Is Not Expressly Permitted Is Prohibited
6.2.3. Default Permit Versus Default Deny
default permit stance
3.5.2. Default Permit Stance: That Which Is Not Expressly Prohibited Is Permitted
6.2.3. Default Permit Versus Default Deny
Defense Data Network (DDN) : C.10. Internet Routing Architecture
defense in depth
3.2. Defense in Depth
9.1.4.2. Defense in depth
9.2.3.2. Defense in depth
delivery agent, email : 8.1. Electronic Mail
Demilitarized Zone (DMZ) : 4.1. Some Firewall Definitions
denial of service : 1.2.1.2. Denial of Service
accidental : 1.2.3. Stupidity and Accidents
designing firewalls : 1.4.3. Buying Versus Building
destination unreachable codes : (see ICMP)
diagramming the system : 13.5.2. Labeling and Diagraming Your System
dictionary attacks : 10.3.1. One-Time Passwords
Direct Client Connections (DCC) : 8.9.2. Internet Relay Chat (IRC)
disabling Internet services : 5.8.2. Disabling Nonrequired Services
disabling routing : (see routing, disabling)
disconnecting after incident : 13.1.2. Disconnect or Shut Down, as Appropriate
disconnecting machine : 13.4.3. Planning for Disconnecting or Shutting Down Machines
disk space : (see memory/disk space; resources)
disks, needs for : 5.3.3. What Hardware Configuration?
diversity of defense systems : 3.7. Diversity of Defense
DMZ (Demilitarized Zone) : 4.1. Some Firewall Definitions
DNS (Domain Name Service)
2.9. Name Service
5.6. Selecting Services Provided by the Bastion Host
configuring : 8.10. Domain Name System (DNS)
in screened host architecture : 9.2.1.6. DNS
in screened subnet architecture : 9.1.1.6. DNS
without hiding information : 8.10.6. Setting up DNS Without Hiding Information
data : 8.10.3. DNS Data
fake server : 8.10.5.1. Set up a `fake' DNS server on the bastion host for the outside world to use
hiding information with : 8.10.5. Setting Up DNS to Hide Information
revealing information to attackers : 8.10.4.3. Revealing too much information to attackers
server for internal hosts : 8.10.5.2. Set up a real DNS server on an internal system for internal hosts to use
documenting
incidents : 13.1.7. Document the Incident
plan for : 13.4.7. Planning for Documentation
system after incident
13.1.5. Snapshot the System
13.4.5. Planning for Snapshots
Domain Name Service : (see DNS)
dot (.) files, disabling creation of : 8.2.1.6. Be careful of writable directories in the anonymous FTP area
double-reverse lookups
8.10.4.2. Mismatched data between the hostname and IP address DNS trees
8.10.5.1. Set up a `fake' DNS server on the bastion host for the outside world to use
Drawbridge package : B.3.2. Drawbridge
dual-homed hosts
7. Proxy Systems
(see also proxy services)
architecture of : 4.2.1. Dual-Homed Host Architecture
with screen subnet architecture : 4.3.8. It's OK to Use Dual-Homed Hosts and Screened Subnets
as firewall : 5.8.2.5. Turning off routing
nonrouting : 5.2.1. Nonrouting Dual-homed Hosts
proxy services and : (see proxy services)
dynamic packet filtering : 6.3.3.2. UDP
FTP and : 8.2.1.1. Packet filtering characteristics of FTP


Search | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | Y | Z

Copyright © 1999 O'Reilly & Associates, Inc. All Rights Reserved.