Index_I

identifying threats, Identify and Prioritize, Table 14-1: STRIDE Threat Categories

Identity, Chapter 2: Role-Based Authorization

IDSs (intrusion detection systems), Detecting That an Attack Has Taken Place or Is in Progress

IIS

attacking with SQL-injection, SQL-Injection Attacks

direct connection attacks on, Table 15-3: Prioritize Threats for the Employee Management System_ (continued)

disabling unecessary services, Disable Unnecessary Internet Services

IUSR_, Restrict IUSR_<computername>, Restrict IUSR_<computername>

locking down, Locking Down IIS, Install URLScan

logging, enabling, Enable IIS Logging

sample sites, Remove Samples

script maps, disabling, Disable Unnecessary Script Maps

SSL sections, specifying, How SSL Works

unnecessary client services, Turn Off Unnecessary Services

URLScan, Automated Tools, Install URLScan

IIS (Internet Information Services)

version 6.0, Microsoft Initiatives

IIS Lockdown tool, Automated Tools, Disable Unnecessary Internet Services, Restrict IUSR_<computername>

ILDasm, Create a Blueprint of Your Application, Table 9-3: Test Tools

Impersonation, Windows Integrated Security Authentication

Index Server, Disable Unnecessary Script Maps

information disclosure attacks, Table 14-1: STRIDE Threat Categories

input

ASP.NET validator controls, Validation Tools Available to ASP.NET Web Applications

attacker goals with, Create a Blueprint of Your Application

direct user input, Direct User Input, Figure 7-1: The error displayed by the RegularExpressionValidator control

exceptions caused by, Where Exceptions Occur

free-form, Direct User Input

identifying sources of, Working with Input Types and Validation Tools

keywords, dangerous, Table 15-1: Visual Basic .NET Keywords to Look For_ (continued)

kinds of, Chapter 7: Validating Input

nonuser, Nonuser Input

numeric, validating, Parse Method

Request objects, Web Application Input

subroutine input, Input to Subroutines

validation. , see validation

Windows Forms, Validation Tools Available to Windows Forms Applications

installing

practice files, Practice Files

intercepting data attacks, Table 14-2: Example of Common Attacks and Techniques to Mitigate Them

intercepting Internet messages, Chapter 5: Securing Web Applications

interception of logon data, Table 15-3: Prioritize Threats for the Employee Management System_ (continued)

Intermediate Language Disassembler (ILDasm.Exe), Create a Blueprint of Your Application, Table 9-3: Test Tools

Internet

encryption for, Encryption in the Real World

Internet applications

security exceptions, Security Features and the Visual Basic .NET Developer

Internet Explorer, Security Zones and Trust Levels

security zones, Security Zones and Trust Levels

Internet zone

.NET Framework version 1.0, Security Zones and Trust Levels

defined, Security Zones and Trust Levels

permissions, Security Zones and Permissions

intranet

architecture recommended, Step 4: Design a Secure Architecture

intranets

Local Intranet zone. , see local intranet zone

Medium Trust security level, Run Your Code in Different Security Zones

security exceptions, Security Features and the Visual Basic .NET Developer

Untrusted Sites zone, adding to, How Visual Basic .NET Determines Zone

Windows integrated security recommended for, Windows Integrated Security Authentication

IP numbers, resolving of, The IPv6 Internet Protocol

IPSec, Locking Down SQL Server

IPv6, The IPv6 Internet Protocol

IPv6 (Internet Protocol version 6), The IPv6 Internet Protocol

isolated storage, Cooperating with the Security System

Isolated Storage Administration tool, Cooperating with the Security System

IsolatedFileStorage, Table 3-4: Permissions for Local Intranet and Trusted Sites Zones

IsolatedStorageFilePermission, Table 3-2: Permissions for Each Zone

IsValid property, Validation Tools Available to ASP.NET Web Applications

IUSR_, Restrict IUSR_<computername>, Restrict IUSR_<computername>