|
Data availability, 14–15
Data backup, 46
Data Encryption Standard (DES), 127–128
Data integrity, 14
Data-link connection identifier (DLCI), 83
Data-link layer, 64–69, 82
bridges, 65–66
encryption, 64–65
maximum transmit unit (MTU), 68–69
protocols, 64, 72, See specific protocols
switches, 66–68
Data offset field, 104
Data padding, 314
Decryption, 119–120, See also Cryptography; Encryption
Default gateways, 89–90
Defense in depth, 32, 208
Demilitarized zone, 116–117
firewall interface, 211
NAT and firewall operations, 246–248
VPN gateway, 332
Denial-of-service (DoS) attacks
bandwidth-based attacks, 228
distributed DoS clients, 229
ICMP vulnerabilities, 84–85
Internet Key Exchange, 326
OS attacks, 229
strategies for limiting, 228–236, See also under Firewalls
UDP vulnerabilities, 108, 113–114
Deny all statement, 219
DES, 127–128
Destination field, 81
Destination port field, 102
DHCP, See Dynamic Host Configuration Protocol
Dial-up connection process, 291–292
Diffie, Whitfield, 130
Diffie-Hellman algorithm, 130–132, 182, 322
Diffserv, 76, 337
Digital signatures, 125, 126, 169, 321
Disaster recovery planning, 16, 383–388
business impact analysis, 385
implementation, 385–386
off-site facility options, 386–387
public key infrastructure, 187
risk analysis, 25, 384–385
sample policy, 50–51
testing, 387–388
training, 387
Discretionary access control (DAC), 148–149
Disk imaging software, 371
Distance vector routing protocol, 96
Distinguished name (DN), 178
DMZ, See Demilitarized zone
DNS, See Domain Name System
Documentation of incident response, 372, 374, 379, 380
Domain Name System (DNS), 141–146, 178
DHCP configuration, 89, 90
firewall configuration rules, 211
hacker tool, 354–355
root servers, 143
router/filter configuration, 223–224
security concerns, 144–146
split configuration, 146
zone and in.addr files, 143
Due care, 11
Due diligence, 11
Dynamic Host Configuration Protocol (DHCP), 87–90
router functionality, 70
security concerns, 89–90, 343
Dynamic routing protocols, 70
|