Index: D
 
Symbols
| A
| B
| C
| D
| E
| F
| G
| H
| I
| J
| K
| L
| M
| N
| O
| P
| Q
| R
| S
| T
| U
| V
| W
| X
| Y
| Z
Index: D
- daemons, tools for: B.5. Daemons
- data: 1.1.1. Your Data
- 
  
  - DNS: 20.1.3. DNS Data
- 
    
    - mismatched: 20.1.4.3. Mismatched data between the hostname and IP address DNS trees
 
- protecting: C.2.3. Integrity Protection
- 
    
    - from sniffers: 13.1.6. Packet Sniffing
 
- theft of: 1.2.1.3. Information theft
- 
    - 1.2.2.4. Spies (industrial and otherwise)
 
- transferring: 2.4. File Transfer, File Sharing, and Printing
- 
    - 4.1. What Does a Packet Look Like?
- 8. Packet Filtering
- allowing/disallowing: 8.1.1. Basic Packet Filtering
- evaluating protocols for: 13.2.2. What Data Does the Protocol Transfer?
- via TCP: 4.3.1. TCP
 
 
- data-driven attacks: 13.1.2. Data-Driven Attacks
- 
  
  - protecting against: 13.1.10. Protecting Services
 
- database protocols, connecting to web servers with: 23.1.1.3. Using the database's protocols to connect to a perimeter web server
- database servers, locating: 23.1.1. Locating Database Servers
- daytime service: 22.7. Mostly Harmless Protocols
- DCC (Direct Client Connections): 19.1. Internet Relay Chat (IRC)
- DCOM (Distributed Component Object Model): 14.2. Distributed Component Object Model (DCOM)
- dcomcnfg program: 14.2. Distributed Component Object Model (DCOM)
- debugging operating system: 10.9.2. Fix All Known System Bugs
- dedicated proxy servers: 9.3.2. Generic Versus Dedicated Proxies
- Deep Crack: 21.2. Passwords
- default deny stance: 3.5.1. Default Deny Stance: That Which Is Not Expressly Permitted Is Prohibited
- 
  - 8.2.3. Default Permit Versus Default Deny
 
- default permit stance: 3.5.2. Default Permit Stance: That Which Is Not Expressly Prohibited Is Permitted
- 
  - 8.2.3. Default Permit Versus Default Deny
 
- defense in depth: 3.2. Defense in Depth
- 
  - 24.1.4.2. Defense in depth
- 24.2.4.2. Defense in depth
 
- Demilitarized Zone (DMZ): 5.1. Some Firewall Definitions
- denial of service attacks: 1.2.1.2. Denial of service
- 
  - 2.3.1. Electronic Mail
- 13.1.9. Denial of Service
- HTTP and: 15.1. HTTP Server Security
- ICMP and: 22.4. ICMP and Network Diagnostics
- JavaScript and: 15.4.1. JavaScript 
- protecting against: 13.1.10. Protecting Services
 
- DependOnGroup registry key: 12.4.1.1. Registry keys
- DependOnService registry key: 12.4.1.1. Registry keys
- DES (Data Encryption Standard) algorithm: C.5.1. Encryption Algorithms
- designing rewalls: 1.6.1. Buying Versus Building
- destination unreachable codes (see ICMP)
- Dfs (Distributed File System): 17.4.2. Distributed File System (Dfs)
- DHCP (Dynamic Host Configuration Protocol): 22.3.2. Dynamic Host Configuration Protocol (DHCP)
- diagramming the system: 27.5.2. Labeling and Diagramming Your System
- dictionary attacks: 21.3.1. One-Time Password Software
- Diffie-Helman algorithm: C.5.4. Key Exchange
- digital signature: C.3.1. Digital Signatures
- 
  
  - in ActiveX: 15.4.4. ActiveX
- in OpenPGP: 16.1.4. S/MIME and OpenPGP
- in S/MIME: 16.1.4. S/MIME and OpenPGP
- algorithms: C.5.2. Digital Signature Algorithms
 
- Direct Client Connections (DCC): 19.1. Internet Relay Chat (IRC)
- Directory Replication (Windows NT): 22.6.3. Windows NT Directory Replication
- disabling
- 
  
  - routing (see routers, disabling)
- services: 10.10. Disabling Nonrequired Services
- 
    
    - on Unix: 11.3.2. Disabling Services Under Unix
- 
      - 11.3.4. Specific Unix Services to Disable
 
- on Windows NT: 12.4.2. How to Disable Services Under Windows NT
- 
      - 12.4.5. Specific Windows NT Services to Disable
 
 
 
- discard service: 22.7. Mostly Harmless Protocols
- disconnecting
- 
  
  - from network: 27.1.3. Disconnect or Shut Down, as Appropriate
- 
    
    - plan for: 27.4.3. Planning for Disconnecting or Shutting Down Machines
 
- machine: 27.4.3. Planning for Disconnecting or Shutting Down Machines
- 
    
    - after incident: 27.1.3. Disconnect or Shut Down, as Appropriate
 
 
- disk space (see memory resources)
- disks, needs for: 10.3.3. What Hardware Configuration?
- DisplayName registry key: 12.4.1.1. Registry keys
- Distributed Component Object Model (DCOM): 14.2. Distributed Component Object Model (DCOM)
- Distributed File System (Dfs): 17.4.2. Distributed File System (Dfs)
- diversity of defense systems: 3.7. Diversity of Defense
- DMZ (Demilitarized Zone): 5.1. Some Firewall Definitions
- DNS (Domain Name Service): 2.7. Naming and Directory Services
- 
  - 10.6. Selecting Services Provided by a Bastion Host
- 20.1. Domain Name System (DNS)
- on Windows NT: 12.4.5. Specific Windows NT Services to Disable
- clients: 20.1.5.3. Internal DNS clients query the internal server
- configuring: 24.2.1.7. DNS
- 
    
    - to hide information: 20.1.6. Setting Up DNS to Hide Information, with Subdomains
- without hiding information: 20.1.7. Setting Up DNS Without Hiding Information
- in screened subnet architecture: 24.1.1.7. DNS
 
- data: 20.1.3. DNS Data
- fake server: 20.1.5.1. Set up a "fake" DNS server on the bastion host for the outside world to use
- hiding information with: 20.1.5. Setting Up DNS to Hide Information, Without Subdomains
- revealing information to attackers: 20.1.4.5. Revealing too much information to attackers
- server for internal hosts: 20.1.5.2. Set up a real DNS server on an internal system for internal hosts to use
- Windows 2002 and: 20.1.8. Windows 2000 and DNS
 
- DNS Mail Exchange (MX): 16.2.6. Configuring SMTP to Work with a Firewall
- documenting
- 
  
  - plan for: 27.4.7. Planning for Documentation
- system after incident: 27.1.6. Snapshot the System
- 
    - 27.4.5. Planning for Snapshots
 
 
- domain controllers: 21.6. NTLM Domains
- 
  
  - communication among: 21.6.7. Controller-to-Controller Communication
 
- domain master browser, on Microsoft networks: 20.4.2.1. Domain master browser
- Domain Name Service (see DNS)
- domains, on Microsoft networks: 20.4.1. Domains and Workgroups
- Domino server: 16.5. Lotus Notes and Domino
- dot (.) files, disabling creation of: 17.1.4.2.3. Disabling the creation of directories and certain files
- double-reverse lookups: 20.1.4.3. Mismatched data between the hostname and IP address DNS trees
- 
  - 20.1.5.1. Set up a "fake" DNS server on the bastion host for the outside world to use
 
- DSA (Digital Signature Algorithm): C.5.2. Digital Signature Algorithms
- DSS (Digital Signature Standard) algorithm: C.5.2. Digital Signature Algorithms
- dual-homed hosts: 5.1. Some Firewall Definitions
- 
  
  - architecture of: 6.1.2. Dual-Homed Host 
- as firewall: 10.10.3. Turning Off Routing
- nonrouting: 10.2.1. Nonrouting Dual-Homed Hosts
- proxy services (see proxy services)
 
- dumpel utility: 12.3.1. Setting Up System Logs Under Windows NT
- dynamic packet filtering, FTP and: 17.1.1. Packet Filtering Characteristics of FTP
Symbols
| A
| B
| C
| D
| E
| F
| G
| H
| I
| J
| K
| L
| M
| N
| O
| P
| Q
| R
| S
| T
| U
| V
| W
| X
| Y
| Z
 
Copyright © 2002
O'Reilly & Associates, Inc.
All Rights Reserved.