D

A means of restricting access to objects based on the identity of subjects and/or groups to which they belong.

A Layer 3 packet descriptor.

A level of confidence that the data will not be jeopardized and kept secret.

The second layer of the OSI model. It describes the physical topology of a network.

A unit of data sent over a network. A packet includes a header, addressing information, and the data itself.

A centralized storage location for data, such as a database.

Where data originates from.

Distributed Denial of Service. A derivative of a DoS attack in which multiple hosts in multiple locations all focus on one target. See Denial of Service attack.

The process of converting encrypted data back into its original form.

The router that all packets are sent to when the workstation doesn't know where the destination station is or when it can't find the destination station on the local segment.

A method of placing web and other servers that serve the general public outside the firewall and, therefore, isolate them from internal network access.

Type of attack that prevents any users—even legitimate ones—from using the system.

A portion of a complete address of the PC to which data is being sent from a sending PC. The port portion allows for the demultiplexing of data to be sent to a specific application.

The act of noticing an irregularity as it occurs.

See Dynamic Host Configuration Protocol.

Using words from a database (dictionary) to test against passwords until a match is found.

A type of backup in which only new files or files that have changed since the last full backup are included. Differential backups differ from incremental backups in that they do not clear the archive bit upon their completion.

A standard for exchanging keys. This cryptographic algorithm is used primarily to send secret keys across public networks. The process is not used to encrypt or decrypt messages; it is used merely for the transmission of keys in a secure manner.

An electronic signature whose sole purpose is to authenticate the sender.

A network database that contains a listing of all network resources, such as users, printers, groups, and so on.

A network service that provides access to a central database of information, which contains detailed information about the resources available on a network.

A method of communication between wireless receivers.

A communications technology that is used to communicate in the 802.11 standard. DSSS accomplishes communication by adding the data that is to be transmitted to a higher-speed transmission.

The act of recovering data following a disaster which has destroyed the data.

The procedure by which data is recovered after a disaster.

See DAC.

Technology that keeps identical copies of data on two disks to prevent the loss of data if one disk faults.

Technology that enables writing data to multiple disks simultaneously in small portions called stripes. These stripes maximize use by having all of the read/write heads working constantly. Different data is stored on each disk and is not automatically duplicated (this means that disk striping in and of itself does not provide fault tolerance).

A fault tolerance solution of writing data across a number of disks and recording the parity on another. In the event any one disk fails, the data on it can be re-created by looking at the remaining data and computing parity to figure out the missing data.

See DDoS.

See demilitarized zone.

See Domain Name Service.

Any server that performs DNS host name–to–IP address resolution. See also Domain Name Service, Internet Protocol.

An area in the DNS hierarchy that is managed as a single unit. See also Domain Name Service.

A four-layer conceptual model describing how communications should take place between computer systems. The four layers are Process/Application, Host-to-Host, Internet, and Network Access.

A group of networked Windows computers that share a single SAM database. See also Security Accounts Manager.

The network service used in TCP/IP networks that translates host names to IP addresses. See also Transmission Control Protocol/Internet Protocol.

See denial of service.

See direct-sequence.

A host that resides on more than one network and possesses more than one physical network card.

A keyboard and monitor that send keystrokes to a central processing computer (typically a mainframe or minicomputer) that returns screen displays to the monitor. The unit has no processing power of its own, hence the moniker "dumb."

Looking through trash for clues—often in the form of paper scraps— to users passwords and other pertinent information.

Two hard drives to which identical information is written simultaneously. A dedicated controller card controls each drive. Used for fault tolerance.

Two servers that are identical for use in clustering.

A protocol used on a TCP/IP network to send client configuration data, including TCP/IP address, default gateway, subnet mask, and DNS configuration, to clients. See also default gateway, Domain Name Service, subnet mask, Transmission Control Protocol/Internet Protocol.

A type of firewall used to accept or reject packets based on the contents of the packets.

The use of route discovery protocols to talk to other routers and find out what networks they are attached to. Routers that use dynamic routing send out special packets to request updates of the other routers on the network as well as to send their own updates.

See dynamic routing.

TCP/IP port used by an application when needed. The port is not constantly used.