|
Data type, assessing, 38–39
Database access, monitoring, 122
database directory, 622
Datastream
description, 243
Transmission Control Protocol (TCP), 249
Date, time, and time zone settings in IPSO, 660–661
Daylight savings time, 722
Db-dmz interface, 302
DCE-RPC service object, 509
Debian GNU/Linux, 1211
debug command (PIX firewalls), 266, 362
Default and initial security policies, 537–538
Default configurations for PIX firewalls, 264
Defining firewalls, 54–55
Denial of service (DoS) attacks, 12, 22–23, 519–520
Department of Defense (DoD) Trusted Computer System Evaluation Criteria (Orange Book), 41
Deployment of security policies, 534–535, 537
Design of security policies, 33–37, 533
Desktop Security panel (FireWall-1), 520
Device Manager, PIX (PDM), 264, 376
Devices, protecting, 46–47
DHCP. see Dynamic Host Configuration Protocol (DHCP)
Dial-up connection dropped, 1014
DIDS (distributed intrusion detection system), 115–116
Diffie-Hellman algorithm, 579
Digital signatures, 581
disable command (PIX firewalls), 266
Disabling
disable command (PIX firewalls), 266
NetBIOS interface, 823–824
packages, Nokia, 688–689
services on firewall host, 173, 425–426
services on ISA Server, 1032–1033
signatures, 1266–1267
SMTP service, 1151
socket pooling, 1031–1033, 1129–1133
Telnet access, 669
Diskette drive, 257
Distributed intrusion detection system (DIDS), 115–116
dmz interface, 302
DMZ networks
advanced design concepts, 103–104
advantages and disadvantages, 88–89
application server placement, 99
authentication design, 106
business partner connections, 101–102
concepts, 78–84
description, 60–61, 539–540
design, 90–92
domain controllers, 99
e-commerce services, 102
e-mail services, 103
extranets, 102
failover services, 107–109
generic configuration, 77
high availability, 106–107
ports, 95–96
protocols, 93
RADIUS, 100
remote administration concepts, 104–105
risks, advanced, 101–103
screened subnets, 97–98
server cluster, 106–107
TCP/IPv4 flaws, 94
traffic flow, 84–88
vocabulary, 74–75
VPN, 100–101
Web and FTP sites, 102
DNS. see Domain Name System (DNS)
DNS Guard protocol, 251, 318–319
Dollar sign ($), 622
Domain controllers
DMZ networks, 99
ISA Server, 981
promoting to, 1124–1126
user rights on, 1147–1148
domain-name command (PIX firewalls), 268
Domain name resolution, rule for, 546
Domain Name System (DNS)
functions, monitoring, 123
lookup zones, forward and reverse, 1122–1124
PIX firewalls, 244, 318–319
private entries, 1077–1078
public entries, 1076–1077
round robin, 832–834
User Datagram Protocol (UDP), 250
Domain objects, 497–498
Domains, VPN, 582
Duplex setting in IPSO, 657
Dynamic Host Configuration Protocol (DHCP)
clients, 342–343
description, 341–342
lease, can't renew, 1007
Nokia enterprise firewall appliances, 611
number of clients supported, 343
servers, 343–347
TFTP servers, 347
Dynamic NAT
configuring, 278–282
description, 253
Dynamic objects, 503–504
|