Cisco ASA 5505 User Manual
Page 1943
Glossary
GL-5
Cisco ASA 5500 Series Configuration Guide using the CLI
data origin
authentication
A security service where the receiver can verify that protected data could have originated only from
the sender. This service requires a data integrity service plus a
distribution mechanism, where a
is shared only between the sender and receiver.
decryption
Application of a specific algorithm or cipher to encrypted data so as to render the data comprehensible
to those who are authorized to see the information. See also
DES
Data encryption standard. DES was published in 1977 by the National Bureau of Standards and is a
secret key encryption scheme based on the Lucifer algorithm from IBM. Cisco uses DES in classic
crypto (40-bit and 56-bit key lengths),
crypto (56-bit key), and 3DES (triple DES), which
performs encryption three times using a 56-bit key. 3DES is more secure than DES but requires more
processing for encryption and decryption. See also
DHCP
Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP addresses to hosts
dynamically, so that addresses can be reused when hosts no longer need them and so that mobile
computers, such as laptops, receive an IP address applicable to the
to which it is connected.
Diffie-Hellman
A public key cryptography protocol that allows two parties to establish a shared secret over insecure
communications channels. Diffie-Hellman is used within
to establish session keys.
Diffie-Hellman is a component of
key exchange.
Diffie-Hellman
Group 1, Group 2,
Group 5, Group 7
Diffie-Hellman refers to a type of public key cryptography using asymmetric encryption based on
large prime numbers to establish both Phase 1 and Phase 2
s. Group 1 provides a smaller prime
number than Group 2 but may be the only version supported by some
peers. Diffe-Hellman
Group 5 uses a 1536-bit prime number, is the most secure, and is recommended for use with
Group 7 has an elliptical curve field size of 163 bits and is for use with the Movian VPN client, but
works with any peer that supports Group 7 (ECC). See also
and
.
Note
The group 7 command option was deprecated in ASA Version 8.0(4). Attempts to configure
group 7 will generate an error message and use group 5 instead.
digital certificate
.
DMZ
.
DN
Distinguished Name. Global, authoritative name of an entry in the OSI Directory (X.500).
DNS
Domain Name System (or Service). An Internet service that translates domain names into IP
addresses.
DoS
Denial of Service. A type of network attack in which the goal is to render a network service
unavailable.
DSL
digital subscriber line. Public network technology that delivers high bandwidth over conventional
copper wiring at limited distances. DSL is provisioned via modem pairs, with one modem located at
a central office and the other at the customer site. Because most DSL technologies do not use the
whole bandwidth of the twisted pair, there is room remaining for a voice channel.
DSP
digital signal processor. A DSP segments a voice signal into frames and stores them in voice packets.
DSS
Digital Signature Standard. A digital signature algorithm designed by The US National Institute of
Standards and Technology and based on public-key cryptography. DSS does not do user datagram
encryption. DSS is a component in classic crypto, as well as the Redcreek
card, but not in
implemented in Cisco IOS software.