The Security Guide Security Guide RSS Feed


Internet and Data Security Knowledgebase

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 


DES The Data Encryption Standard (DES) is a cipher (a method for encrypting information) .
DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small.
DNS cache poisoning One of the earliest vector for DNS attack was by poisoning the cache with false information.
This can be done by overloading a DNS server with both real and fake information, in the hopes to find a transaction ID that can be hijacked, and then make the server cache a wrong IP for a host name.
Some of the older DNS systems would also accept non-authoritative answers for other hosts from DNS servers, which was another way to poison a server.
In early July 2008, all DNS manufacturers released a patch simultaneously to fix a potential severe flaw related to DNS poisoning. The flaw involved DNS servers using predictable ports to send queries on.
This means an attacker could predict which would be the next port used, and send a fake reply in place of the real one that the server was expecting.
DNS hijacking The simplest way an attacker could use DNS against an end user is by getting him to install a malware, either from an e-mail or web site, which would change the DNS servers the computer uses.
Instead of asking his ISP, the end user would now ask the attacker's DNS server, which would redirect all sites to his own.
Regardless which site is entered, the browser would always think it's at the right site but instead would be going to the wrong IP.
DRM Digital rights management (DRM) is a generic term that refers to access control technologies used by hardware manufacturers, publishers and copyright holders to limit usage of digital media or devices.
Data Encryption The translation of data into a form that is unintelligible without a deciphering mechanism.
Data layer Access control lists (ACLs), encryption, and the Encrypting File System (EFS).
Decryption The process of converting encrypted data back into its original form.
Defense in Depth A security strategy for an organization is most effective when data is protected by more than one layer of security.
A defense-in-depth security strategy uses multiple layers of defense so that if one layer is compromised, it does not necessarily mean that the attacker will be able to access all the resources on your network.
A defense-in-depth strategy increases an attackerÆs risk of detection and reduces an attackerÆs chance of success.
Denial of service Flooding a network with unwanted packets to slow it down.
By overloading a service hackers seek to make it unavailable to legitimate users. For example, by sending millions of spam emails simultaneously to a mail server, ordinary traffic will get clogged up.
Desktop firewall A firewall that operates on a user's computer (as opposed to a gateway firewall).
Digital signature Data that is bundled with a message or transmitted separately and is used to identify and authenticate the sender and message data. A valid digital signature also confirms that the message has not been tampered with.
Digital signature schemes consist of at least three algorithms: a key generation algorithm, a signature algorithm, and a verification algorithm.
Domain Controllers Domain controllers are targets for specific security threats, including:
- Modification or addition of Active Directory objects. If attackers can compromise a domain controller, they can make any changes they want to Active Directory.
- Password attacks. If attackers can gain access to a domain controller, they can back up the Active Directory database by performing a System State backup or by copying the Active Directory database.
- Denial-of-service attacks. Attackers can prevent users from performing authentication by executing denial-of-service (DoS) attacks against domain controllers.
- Replication prevention attacks. If attackers are able to disrupt replication between domain controllers, they might be able to prevent the application of Group Policy objects.
- Exploitation of known security issues. Attackers might be able to compromise a domain controller that is not kept up to date with the latest service packs and security updates.
Dumpster diving A method of social engineering in which criminals raid rubbish bins to gather telling personal information.

© RuleWorks - All Rights Reserved - Policy -