|
|
DAC (Discretionary Access Control), 12, 440, 506
data
custodian of, 291, 506
integrity of, 22–23, 506
owner of, 291
user of, 291
Data Encryption Standard (DES), 321
data integrity, 506
Data Link layer, 506
data packet, 506
data repositories, 241–242, 506
data source, 175, 506
databases, 244–246
access and design of secure, 245
backing up, 410–411, 411
exploitation of, 75
technologies for hardening, 244
vulnerabilities of servers, 245
datagram, 506
DDoS (Distributed Denial of Service) attacks, 53–54, 54, 506
decentralized key generation, 374–376, 375, 376
deceptive actions when intruder detected, 183, 184
decryption, 506
default gateway, 506
demilitarized zone (DMZ), 26, 27, 506
Denial of Service attacks. See DoS attacks
DES (Data Encryption Standard), 321
desensitizing, 273
designing security
business needs, 31–35, 33
asset identification, 31–32
risk assessment, 32
threat identification, 32–35, 33
goals for topologies, 22–34
accountability, 23, 500
availability, 23
confidentiality, 22
integrity, 22–23
requirements for security policies, 7
security zones, 27, 527
vulnerabilities in software and systems, 35–36
destination port number, 506
detection
defined, 506
of information violations, 9–10
DHCP (Dynamic Host Configuration Protocol), 241, 508
dictionary attack, 58, 506
differential backups, 413, 507
Diffie-Hellman key, 324, 507
digital signatures, 327–328, 328, 507
direct-sequence, 507
direct-sequence spread spectrum (DSSS), 193, 507
directories, 507
directory services
Active Directory, 243, 500
defined, 507
eDirectory, 170, 243
LDAP, 243
NDS, 170, 171, 227
security for, 242–243, 242
disaster recovery, 405–420
backups, 406–409, 502
defined, 405–406, 507
disaster recovery plans, 409–420
alternate sites, 418–420
backup plan issues, 410–412, 411
defined, 8, 409–410, 507
developing backup plans, 413–415, 414
recovering a system, 417–418
types of backups, 412–413
disaster recovery plans (DRPs), 409–420
alternate sites, 418–420
backup plan issues, 410–412, 411
defined, 8, 409–410, 507
developing backup plans, 413–415, 414
backup server method, 416–417, 416
defined, 502
full archival method, 415, 415
grandfather, father, son method, 413–415, 414, 510–511
system recovery, 417–418
types of backups, 412–413
Discretionary Access Control (DAC), 12, 440, 506
disk duplexing, 405
disk mirroring, 404–405, 507
disk striping
defined, 404, 507
with parity, 405, 507
diskettes as removable media, 153
Distributed Denial of Service (DDoS) attacks, 53–54, 54, 506
DMZ (demilitarized zone), 26, 27, 506
DNS (Domain Name Service), 20, 243, 508
DNS servers
application hardening, 238–239
defined, 507
DNS zone, 507
documentation
best practices and, 460–467
change, 464–465, 472–473
disposal and destruction policies for, 429
documenting incident response, 191
evaluating standards documents, 282
DoD Networking Model, 507
Domain Name Service (DNS), 20, 243, 508
domains, 508
DoS (Denial of Service) attacks
defined, 53, 506
DNS, 238
on file and print servers and services, 240
DRPs. See disaster recovery plans
DSSS (direct-sequence spread spectrum), 193
dual-homed firewalls, 108–109, 108, 108
dual-homed hosts, 508
due care policies, 428
dumb terminal, 508
dumpster diving, 51, 508
duplexed hard drives, 508
duplicate servers, 508
Dynamic Host Configuration Protocol (DHCP), 241, 508
dynamic routing, 508
dynamically allocated port, 508
|
|