Cisco PIX 500 Series Configuration Manual page 1097

A security service where the receiver can verify that protected data could have originated only from
data origin
authentication the sender. This service requires a data integrity service plus a
secret key
Application of a specific algorithm or cipher to encrypted data so as to render the data comprehensible
decryption
to those who are authorized to see the information. See also encryption.
Data encryption standard. DES was published in 1977 by the National Bureau of Standards and is a
DES
secret key encryption scheme based on the Lucifer algorithm from IBM. Cisco uses DES in classic
crypto (40-bit and 56-bit key lengths),
performs encryption three times using a 56-bit key. 3DES is more secure than DES but requires more
processing for encryption and decryption. See also AES, ESP.
Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP addresses to hosts
DHCP
dynamically, so that addresses can be reused when hosts no longer need them and so that mobile
computers, such as laptops, receive an IP address applicable to the
A public key cryptography protocol that allows two parties to establish a shared secret over insecure
Diffie-Hellman
communications channels. Diffie-Hellman is used within
Diffie-Hellman is a component of
Diffie-Hellman refers to a type of public key cryptography using asymmetric encryption based on
Diffie-Hellman
Group 1, Group 2, large prime numbers to establish both Phase 1 and Phase 2 SAs. Group 1 provides a smaller prime
Group 5, Group 7
number than Group 2 but may be the only version supported by some
Group 5 uses a 1536-bit prime number, is the most secure, and is recommended for use with AES.
Group 7 has an elliptical curve field size of 163 bits and is for use with the Movian VPN client, but
works with any peer that supports Group 7 (ECC). See also
See certificate.
digital certificate
See interface.
DMZ
Distinguished Name. Global, authoritative name of an entry in the OSI Directory (X.500).
DN
Domain Name System (or Service). An Internet service that translates domain names into IP
DNS
addresses.
Denial of Service. A type of network attack in which the goal is to render a network service
DoS
unavailable.
digital subscriber line. Public network technology that delivers high bandwidth over conventional
DSL
copper wiring at limited distances. DSL is provisioned via modem pairs, with one modem located at
a central office and the other at the customer site. Because most DSL technologies do not use the
whole bandwidth of the twisted pair, there is room remaining for a voice channel.
digital signal processor. A DSP segments a voice signal into frames and stores them in voice packets.
DSP
Digital Signature Standard. A digital signature algorithm designed by The US National Institute of
DSS
Standards and Technology and based on public-key cryptography. DSS does not do user datagram
encryption. DSS is a component in classic crypto, as well as the Redcreek
implemented in Cisco IOS software.
OL-12172-03
is shared only between the sender and receiver.
Oakley
key
IPSec crypto (56-bit key), and 3DES (triple DES), which
IKE to establish session keys.
key exchange.
VPN
Cisco Security Appliance Command Line Configuration Guide
distribution mechanism, where a
LAN to which it is connected.
IPSec peers. Diffe-Hellman
and encryption.
IPSec card, but not in
Glossary
IPSec
GL-5