Cisco CCNA Security 640-553 IINS Tutorials Part-6

Denial of service (DoS) A class of attack in which the attacker seeks to make a given
resource unavailable to legitimate users by overwhelming the resource with requests for service that appear legitimate. The resource, such as a server, seeks to handle all requests but ultimately fails. It either becomes unavailable for legitimate purposes or struggles to such an extent that it cannot respond to legitimate requests in a timely manner

Detective control Can detect when access to data or a system occurs.

Deterrent control Attempts to prevent a security incident by influencing a potential attacker not to launch an attack.

DHCP snooping The Dynamic Host Configuration Protocol snooping feature on Cisco
Catalyst switches can be used to combat a DHCP server spoofing attack. With this solution, Cisco Catalyst switch ports are configured in either a trusted or untrusted state. If a port is trusted, it is allowed to receive DHCP responses. If a port is untrusted, it is not allowed to receive DHCP responses. If a DHCP response attempts to enter an untrusted port, the port is disabled.

Dictionary attack Attempts to match password credentials by guessing passwords from a
“dictionary” of common words.

Diffie-Hellman (DH) algorithm A key exchange algorithm that was invented by Whitfield Diffie and Martin Hellman in 1976. The Diffie-Hellman algorithm derives its strength from the difficulty of calculating the discrete logarithms of very large numbers. The functional usage of this algorithm is to provide secure key exchange over insecure channels such as the
Internet. DH is also often used to provide keying material for other symmetric algorithms, such as DES, 3DES, and AES.

Diffie-Hellman Challenge Handshake Authentication Protocol (DHCHAP)

A variation of CHAP that may be used to authenticate devices connecting to a Fibre Channel switch so that only trusted devices may be added to a fabric. DHCHAP adds a DH exchange that
both strengthens CHAP and provides an agreed-upon secret key.

Digital signature Also called a digital signature scheme. A form of asymmetric cryptography that is used to simulate the security characteristics of a written signature in digital form. Digital signature schemes typically use two algorithms that employ a pair of public and private keys. One of these is used for signing, which involves the user’s secret or private key. The other is used to verify these signatures. This typically involves the use of the user’s public key.

Digital Signature Algorithm (DSA)
The Digital Signature Standard (DSS) outlines the use of the DSA by a signer to generate a digital signature to be applied to data and by a recipient of the data to verify the signature’s authenticity. To create the digital signature, you need both a public key and a private key. The private key is used to generate the signature, and the public key is used to verify it. For both signature generation and verification, the data, which is called a message, is reduced through the use of the Secure Hash Algorithm (SHA).