United States
Anatomy of an ARP Poisoning Attack
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

White Papers

Case Studies

Network Security Glossary

Network Security Glossary
A list of frequently used terms

This glossary contains a list of terms, abbreviations, and acronyms frequently used when discussing networks, security, firewalls, and WatchGuard products.

# | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | All

D

data compression
See compress.
datagram
A packet of data that contains information, plus origin and destination addresses. Generally used in reference to UDP and ICMP packets when talking about IP protocols.
data transmission speed
The number of bits that can travel per second over a network cable, typically measured in bits per second (bps).
DCE-RPC (Distributed Computing Environment Remote Procedure Call)
A Microsoft implementation of a portmapping service. A portmapper is a service that runs on a specific port, redirecting clients that send a request to that port. These initial calls typically result in a response from the trusted machine that redirects the client to a new port for the actual service the client wants.
See also RPC.
DDoS
See denial of service attack (DoS).
decompress
To expand a compressed file or group of files back to their normal size so that the file or files can be opened.
See also compress.
decrypt
To decode data that has been encrypted, turning it back into plain text.
See also encrypt.
dedicated server
A single computer in a network, reserved for serving the needs of the network.
default
A predefined setting built into a program, used when an alternative setting is not specified.
default gateway
When individual machines on a network segment send data packets, they check the packet's destination to figure out whether the destination is local (meaning, on the same network segment) or not. If the packet's destination is not local, the machine forwards it to a node on the network serving as the entrance to all other networks. This node is called the default gateway, and could be any routing device, such as a router or a firewall appliance.
default packet handling
A set of rules that instruct the Firebox on how to process packets when no other rules have been specified. For example, by default the Firebox logs any packet sent to a broadcast address.
denial of service attack (DoS)
A type of attack aimed at making the targeted system or network unusable, often by monopolizing system resources. For example, in February 2000 a hacker directed thousands of requests to eBay's Web site. The network traffic flooded the available Internet connection so that no users could access eBay for a few hours. A distributed denial of service (DDoS) involves many computer systems, possibly hundreds, all sending traffic to a few choice targets. The term "Denial of Service" is also used imprecisely to refer to any outwardly-induced condition that renders a computer unusable, thus "denying service" to its rightful user.
DES (Data Encryption Standard)
A commonly-used encryption algorithm that encrypts data using a key of 56 bits, which is considered fairly weak given the speed and power of modern computers. Until recently it was the US government's encryption standard, but it has largely been replaced by Triple-DES and AES.
See also Triple-DES.
device
A generic term for computer equipment such as a hub, switch, router, or printer.
DHCP (Dynamic Host Configuration Protocol)
A standard proposed in RFC 1541 for transferring network configuration information from a central server to devices as the devices boot up. This data typically includes a machine's IP address, which the server can change and allocate automatically (on the fly) under DHCP.
DHCP server
A device that automatically assigns IP addresses to networked computers from a defined pool of numbers, returning unused IP addresses to the pool. Using a DHCP server, an administrator normally does not have to get involved with the details of assigning IP addresses to individual clients.
dialog box
A box that appears when you choose a command from a menu. It offers additional options, and requires your acknowledgement before it goes away.
dial-up connection
A connection between a remote computer and a server, established using software, a modem, and a telephone line.
dictionary attack
An attempt to guess a password by systematically trying every word in a dictionary as the password. This attack is usually automated, using a dictionary of the hacker's choosing, which may include both ordinary words and jargon, names, and slang.
Diffie-Hellman
A mathematical algorithm that allows two users to exchange a secret key over an insecure medium without any prior secrets. This protocol, named after the inventors who first published it in 1976, is used in Virtual Private Networking (VPN).
digital signature
An electronic identification of a person or thing, intended to verify to a recipient the integrity of data sent to them, and the identity of the sender. Creating a digital signature involves elaborate mathematical techniques that the sender and recipient can both perform on the transmitted data. Performing identical formulas on identical data should produce identical results at both the sending and receiving end. If the recipient's results do not equal the sender's results, the message may have been tampered with en route. If the message was modified after being sent -- even if all someone did was change the punctuation on a sentence, or added an extra space between two of the words -- you could tell. A digital signature typically depends upon three elements: public key encryption, a Certificate Authority, and a digital certificate.
disarmed
The state of a Firebox when it is not actively protecting a network.
DLL (Dynamic Link Library)
In Microsoft Windows, a Dynamic Link Library is a collection of functions that perform very commonly used tasks. This library is intended to be a universal resource that any program can use, reducing the need to have similar snippets of code existing on a computer in multiple places. Windows comes with many DLLs that programs can use to get the recognized "Windows" feel.
DMZ (Demilitarized Zone)
A partially-protected zone on a network, not exposed to the full fury of the Internet, but not fully behind the firewall. This technique is typically used on parts of the network which must remain open to the public (such as a Web server) but must also access trusted resources (such as a database). The point is to allow the inside firewall component, guarding the trusted resources, to make certain assumptions about the impossibility of outsiders forging DMZ addresses. WatchGuard refers to the DMZ as the Optional network interface.
DNS (Domain Name System)
A network system of servers that translates numeric IP addresses into readable, hierarchical Internet addresses, and vice versa. This is what allows your computer network to understand that you want to reach the server at 192.168.100.1 (for example) when you type into your browser a domain name such as www.watchguard.com.
DNS cache poisoning
A clever technique that tricks your DNS server into believing it has received authentic information when, in reality, it has been lied to. Why would an attacker corrupt your DNS server's cache? So that your DNS server will give out incorrect answers that provide IP addresses of the attacker's choice, instead of the real addresses. Imagine that someone decides to use the Microsoft Update Web site to get the latest Internet Explorer patch. But, the attacker has inserted phony addresses for update.microsoft.com in your DNS server, so instead of being taken to Microsoft's download site, the victim's browser arrives at the attacker's site and downloads the latest worm.
DNS lookup
The Domain Name Service act of matching a friendly, readable domain name (such as www.watchguard.com) to its associated IP address.
DNS spoofing
An attack technique where a hacker intercepts your system's requests to a DNS server in order to issue false responses as though they came from the real DNS server. Using this technique, an attacker can convince your system that an existing Web page does not exist, or respond to requests that should lead to a legitimate Web site, with the IP address of a malicious Web site. This differs from DNS cache poisoning because in DNS spoofing, the attacker does not hack a DNS server; instead, he inserts himself between you and the server and impersonates the server.
domain name hijacking
An attack technique where the attacker takes over a domain by first blocking access to the victim domain's DNS server, then putting up a malicious server in its place. For example, if a hacker wanted to take over fnark.com, he would have to remove the fnark.com DNS server from operation using a Denial of Service attack to block access to fnark's DNS server. Then, he would put up his own DNS server, advertising it to everyone on the Internet as fnark.com. When an unsuspecting user went to access fnark.com, he would get the attacker's domain instead of the real one.
Domain Name System (DNS)
See DNS.
DoS
See denial of service attack.
dotted notation
The notation used to write IP addresses as four decimal numbers separated by dots (periods), sometimes called dotted quad. Example: 123.212.12.4. For a full explanation of IP addresses, see the LiveSecurity article, "Foundations: Understanding IP Addresses and Binary."
driver
A software program that manipulates a device (such as a printer, keyboard, mouse, or hard drive). The driver accepts generic commands from a program and then translates them into specialized commands for the device.
drop-in mode
A network configuration in which the Firebox is physically located between the router and the LAN without any of the computers on the Trusted interface being reconfigured. This is a quick and simplified way to get the Firebox into the network, but can only protect a single network that is not subdivided into smaller networks.
See also proxy ARP. For a contrasting approach, see routed mode.
drop-in network
A network being used in drop-in mode.
See drop-in mode.
DSA (Digital Signature Algorithm)
A public key digital signature algorithm proposed by the National Institute of Standards and Technology.
DSS (Digital Signature Standard)
A standard for digital signatures proposed by the National Institute of Standards and Technology.
DVCP (Dynamic VPN Configuration Protocol)
A WatchGuard proprietary protocol that simplifies configuration of VPNs. A DVCP server provides centralized storage of all configured devices under management and builds Virtual Private Networks quickly and interactively for those devices.
Dynamic Link Library
See DLL.
dynamic NAT
On outgoing requests from your network, the Firebox replaces all private IP source addresses with one public address (usually its own).
See Network Address Translation, and IP masquerading. For a fuller explanation, LiveSecurity subscribers can read, "How and When to Use 1:1 NAT."
dynamic packet filtering
See stateful packet filtering.