Cisco Systems ASA5515K9, ASA 5500

Glossary

GL-5

Cisco ASA 5500 Series Configuration Guide using the CLI

data origin

authentication

A security service where the receiver can verify that protected data could have originated only from

the sender. This service requires a data integrity service plus a key distribution mechanism, where a

secret key is shared only between the sender and receiver.

decryption Application of a specific algorithm or cipher to encrypted data so a s to ren der the data comprehensible

to those who are authorized to see the information. See also encryption.

DES Data encryption standard. DES was published in 1977 by the National Bureau of Standards and is a

secret key encryption scheme based on the Lucifer algorithm from IBM. Cisco uses DES in classic

crypto (40-bit and 56-bit key lengths), IPsec crypto (56-bit key), and 3DES (triple DES), which

performs encryption three times using a 56-bit key. 3DES is more secure than DES but requires more

processing for encryption and decryption. See also AES, ESP.

DHCP Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP addresses to hosts

dynamically, so that addresses can be reused when hosts no longer need them and so that mobile

computers, such as laptops, receive an IP address applicable to the LAN to which it is connected.

Diffie-Hellman A public key cryptography protocol that allows two parties to establish a shared secret over insecure

communications channels. Diffie-Hellman is used within IKE to establish session keys.

Diffie-Hellman is a component of Oakley key exchange.

Diffie-Hellman

Group 1, Group 2,

Group 5, Group 7

Diffie-Hellman refers to a type of public key cryptography using asymmetric encryption based on

large prime numbers to establish both Phase 1 and Phase 2 SAs. Group 1 provides a smaller prime

number than Group 2 but may be the only version supported by some IPsec peers. Diffe-Hellman

Group 5 uses a 1536-bit prime number, is the most secure, and is recommended for use with AES.

Group 7 has an elliptical curve field size of 163 bits and is for use with the Movian VPN client, but

works with any peer that supports Group 7 (ECC). See also VPN and encryption.

Note The group 7 command option was deprecated in ASA Version 8.0(4). Attempts to configure

group 7 will generate an error message and use group 5 instead.

digital certificate See certificate.

DMZ See interface.

DN Distinguished Name. Global, authoritative name of an entry in the OSI Directory (X.500).

DNS Domain Name System (or Service). An Internet service that translates domain names into IP

addresses.

DoS Denial of Service. A type of network attack in which the goal is to render a network service

unavailable.

DSL digital subscriber line. Public network technology that delivers high bandwidth over conventional

copper wiring at limited distances. DSL is provisioned via modem pairs, with one modem located at

a central office and the other at the customer site. Because most DSL technologies do not use the

whole bandwidth of the twisted pair, there is room remaining for a voice channel.

DSP digital signal processor. A DSP segments a voice signal into frames and stores them in voice packets.

DSS Digital Signature Standard. A digital signature algorithm designed by The US National Institute of

Standards and Technology and based on public-key cryptography. DSS does not do user datagram

encryption. DSS is a component in classic crypto, as well as the Redcreek IPsec card, but not in IPsec

implemented in Cisco IOS software.