|
ICMP, See Internet Control Messaging Protocol
IDEA, 128–129
Identification badges, 54
Identification (ID) field, 76
IDS, See Intrusion detection systems
IGMP, 74
IIS 5.0, 194
IKE, See Internet Key Exchange
in.addr files, 143
Incident response, 16, 363–382
assessing resources, 370
chain of custody, 373, 379–380
containment, 366, 376–377
defining response options, 370–371
detection, 365, 373–374
disaster recovery planning, 50–51
documentation, 372, 374, 379, 380
eradication, 366, 380–381
evaluation, 365, 375–376
incident response team, 363–368
investigation, 366, 377–380
logging, 374
management support, 366
outsourcing, 367
planning, 363, 365, 366, 368–370
post-mortem, 366, 381–382
prevention, 365, 373
public relations, 376
recovery, 366
sample policy, 50
system shutdown, 377
team training, 373
threat categories, 369
toolkit, 371–373
Information assets, value of, 20–21, 24
Information overload, 152
Information security policy, See Security policy
Integrity check value (ICV), 315
Interior gateway protocols (IGPs), 96–97
Interior Gateway Routing Protocol (IGRP), 96
Intermediate System to Intermediate System (IS-IS) protocol, 96
International Data Encryption Algorithm (IDEA), 128–129
Internet Control Messaging Protocol (ICMP), 74, 84–87
connectionless nature, 85
covert channels, 86
destination unreachable traffic, 216
DoS vulnerabilities, 84–85
echo-request application, 84–86, See also PING
filtering, 355
firewall configurations, 214–216
lack of flow control, 108
message types, 84–85
redirect message, 84
threats and vulnerabilities, 108, 215, 342
time to live field and, 79
Traceroute tool, 79
Internet header length (IHL) field, 74–75
Internet Key Exchange (IKE), 181, 320–325
alternative protocol (JFK), 325–327
authentication process, 321
criticisms, 325–326
denial-of-service attack, 326
Diffie-Hellman protocol, 322
key exchange concepts, 316–320
main mode vs. aggressive mode, 320, 323
nonce (pseudo-random number), 322
perfect forward secrecy, 324
phase-one processes and problems, 321–324
phase-two processes and problems, 324–325
phases and modes, 320
protocols, 319
re-keying, 319, 324
security association (SA), 321
Internet Protocol (IP), See also IPSec; TCP/IP
addresses, See IP addresses
associated protocols, 74
connectionless, 74
determining packet precedence, 336–337
checksum field, 80, 310–311
IPSec's authentication header and, 310–311
options field, 81–82
packet filtering and, 189–190
protocol field, 80
source and destination fields, 81
time to live (TTL) field, 79, 310–311
type of service (TOS) field, 75–76, 310–311
header fields, 74–81
options, 87
packet fragmentation, 76–79
packet types, 81
quality of service, 75
source routing, 81–82
versions, 72–73, See also IPv6
Internet Protocol Security, See IPSec
Internet Security Association and Key Management Protocol (ISAKMP), 319
Internet service providers (ISPs)
dial-up connection process, 291–292
internal network vulnerabilities, 277–278
Intrusion detection systems (IDSs), 253–262, 374
alert prioritization, 264–266
anomaly detection systems, 259
bastion hosts, 116
designating standard and non-standard protocols, 256–257, 259
enticement vs. entrapment, 273
false alarms, 254, 264
false negatives, 264
file integrity checker, 270–271
firewall integration, 269–270
"honeypots," 271–274
host-based, 259–260
network-based, 260–264
performance issues, 263–264
placement, 266–267
reactive IDS, 268–269
signature-based approach, 254–258
statistical-based approach, 255–256, 258–259
stealth mode, 267
switches and port mirroring, 260–261
test access points, 261–263
tuning, 264–266
Investigation procedures, 377–380, See also Incident response
IP, See Internet Protocol
IP addresses
DHCP and management of, 88, See also Dynamic Host Configuration Protocol
DNS, See Domain Name System
illegitimate source addresses, 205–206
IPv4 vs. IPv6, 73
NAT, See Network address translation
private addresses, 90–92, 205
spoofing, 81
subnet masking, 88
techniques for finding, 354
IPSec, 91, 285–286, 305–331, See also IPSec
advantages and disadvantages, 305–306
authentication header (AH), 306, 307, 310–313
NAT interoperability, 327–328
complexity, 316
decryption process, 315
encryption algorithms, 296, 316, 317
ESP, See Encapsulating Security Payload
host-to-gateway configurations, 309
interoperability problems, 306
key exchange, 132, 316–320, See Internet Key Exchange
L2TP encryption protocol, 300, 302–303, 305
multiplex capability, 309
NAT interoperability, 35, 310, 327–331
remote clients and tunnel mode, 309–310
security parameters index, 311–314, 329–330
system performance effects, 41–42
transport mode, 306, 307, 310
tunnel mode, 306, 307–310
IPv4, 72–73, 90–91, See Internet Protocol
IPv6, 72–73, 90–91
fragmentation and, 79
IPSec and, 91, See also IPSec
IPX, 72, 289–290, 292
Iris scanning, 160, 163
ISAKMP, 319
ISO 17799, 13
ISO OSI protocol suite, 57–58
|