Index_I

Previous page
Table of content
Next page


I

ICMP, See Internet Control Messaging Protocol

IDEA, 128–129

Identification badges, 54

Identification (ID) field, 76

IDS, See Intrusion detection systems

IGMP, 74

IIS 5.0, 194

IKE, See Internet Key Exchange

in.addr files, 143

Incident response, 16, 363–382

assessing resources, 370

chain of custody, 373, 379–380

containment, 366, 376–377

defining response options, 370–371

detection, 365, 373–374

disaster recovery planning, 50–51

documentation, 372, 374, 379, 380

eradication, 366, 380–381

evaluation, 365, 375–376

incident response team, 363–368

investigation, 366, 377–380

logging, 374

management support, 366

outsourcing, 367

planning, 363, 365, 366, 368–370

post-mortem, 366, 381–382

prevention, 365, 373

public relations, 376

recovery, 366

sample policy, 50

system shutdown, 377

team training, 373

threat categories, 369

toolkit, 371–373

Information assets, value of, 20–21, 24

Information overload, 152

Information security policy, See Security policy

Integrity check value (ICV), 315

Interior gateway protocols (IGPs), 96–97

Interior Gateway Routing Protocol (IGRP), 96

Intermediate System to Intermediate System (IS-IS) protocol, 96

International Data Encryption Algorithm (IDEA), 128–129

Internet Control Messaging Protocol (ICMP), 74, 84–87

connectionless nature, 85

covert channels, 86

destination unreachable traffic, 216

DoS vulnerabilities, 84–85

echo-request application, 84–86, See also PING

filtering, 355

firewall configurations, 214–216

lack of flow control, 108

message types, 84–85

redirect message, 84

threats and vulnerabilities, 108, 215, 342

time to live field and, 79

Traceroute tool, 79

Internet header length (IHL) field, 74–75

Internet Key Exchange (IKE), 181, 320–325

alternative protocol (JFK), 325–327

authentication process, 321

criticisms, 325–326

denial-of-service attack, 326

Diffie-Hellman protocol, 322

key exchange concepts, 316–320

main mode vs. aggressive mode, 320, 323

nonce (pseudo-random number), 322

perfect forward secrecy, 324

phase-one processes and problems, 321–324

phase-two processes and problems, 324–325

phases and modes, 320

protocols, 319

re-keying, 319, 324

security association (SA), 321

Internet Protocol (IP), See also IPSec; TCP/IP

addresses, See IP addresses

associated protocols, 74

connectionless, 74

determining packet precedence, 336–337

checksum field, 80, 310–311

IPSec's authentication header and, 310–311

options field, 81–82

packet filtering and, 189–190

protocol field, 80

source and destination fields, 81

time to live (TTL) field, 79, 310–311

type of service (TOS) field, 75–76, 310–311

header fields, 74–81

options, 87

packet fragmentation, 76–79

packet types, 81

quality of service, 75

source routing, 81–82

versions, 72–73, See also IPv6

Internet Protocol Security, See IPSec

Internet Security Association and Key Management Protocol (ISAKMP), 319

Internet service providers (ISPs)

dial-up connection process, 291–292

internal network vulnerabilities, 277–278

Intrusion detection systems (IDSs), 253–262, 374

alert prioritization, 264–266

anomaly detection systems, 259

bastion hosts, 116

designating standard and non-standard protocols, 256–257, 259

enticement vs. entrapment, 273

false alarms, 254, 264

false negatives, 264

file integrity checker, 270–271

firewall integration, 269–270

"honeypots," 271–274

host-based, 259–260

network-based, 260–264

performance issues, 263–264

placement, 266–267

reactive IDS, 268–269

signature-based approach, 254–258

statistical-based approach, 255–256, 258–259

stealth mode, 267

switches and port mirroring, 260–261

test access points, 261–263

tuning, 264–266

Investigation procedures, 377–380, See also Incident response

IP, See Internet Protocol

IP addresses

DHCP and management of, 88, See also Dynamic Host Configuration Protocol

DNS, See Domain Name System

illegitimate source addresses, 205–206

IPv4 vs. IPv6, 73

NAT, See Network address translation

private addresses, 90–92, 205

spoofing, 81

subnet masking, 88

techniques for finding, 354

IPSec, 91, 285–286, 305–331, See also IPSec

advantages and disadvantages, 305–306

authentication header (AH), 306, 307, 310–313

NAT interoperability, 327–328

complexity, 316

decryption process, 315

encryption algorithms, 296, 316, 317

ESP, See Encapsulating Security Payload

host-to-gateway configurations, 309

interoperability problems, 306

key exchange, 132, 316–320, See Internet Key Exchange

L2TP encryption protocol, 300, 302–303, 305

multiplex capability, 309

NAT interoperability, 35, 310, 327–331

remote clients and tunnel mode, 309–310

security parameters index, 311–314, 329–330

system performance effects, 41–42

transport mode, 306, 307, 310

tunnel mode, 306, 307–310

IPv4, 72–73, 90–91, See Internet Protocol

IPv6, 72–73, 90–91

fragmentation and, 79

IPSec and, 91, See also IPSec

IPX, 72, 289–290, 292

Iris scanning, 160, 163

ISAKMP, 319

ISO 17799, 13

ISO OSI protocol suite, 57–58



Previous page
Table of content
Next page
Network Perimeter Security. Building Defense In-Depth
Network Perimeter Security: Building Defense In-Depth
ISBN: 0849316286
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Cliff Riggs
BUY ON AMAZON
VBScript Programmers Reference
MySQL Clustering
The Complete Cisco VPN Configuration Guide
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
GO! with Microsoft Office 2003 Brief (2nd Edition)
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy