Читаем CISSP Practice полностью

Dial-back

Synonymous with callback. This is a technical and preventive control.

Dial-up

The service whereby a computer terminal can use the telephone to initiate and effect communication with a computer.

Dictionary attack

A form of guessing attack in which the attacker attempts to guess a password using a list of possible passwords that is not exhaustive.

Differential cryptanalysis attacks

A technique used to attack any block cipher. It works by beginning with a pair of plaintext blocks that differ in only a small number of bits. An attack begins when some patterns are much more common than other patterns. In doing so, it looks at pairs of plaintexts and pairs of ciphertexts.

Differential power analysis (DPA)

An analysis of the variations of the electrical power consumption of a cryptographic module, using advanced statistical methods and/or other techniques, for the purpose of extracting information correlated to cryptographic keys used in a cryptographic algorithm.

Diffie-Hellman (DH) group

Value that specifies the encryption generator type and key length to be used for generating shared secrets.

Digest authentication

Digest authentication uses a challenge-response mechanism for user authentication with a nonce or arbitrary value sent to the user, who is prompted for an ID and password. It is susceptible to offline dictionary attacks and a countermeasure is to use SSL/TLS. Both basic authentication and digest authentication are useful in protecting information from malicious bots.

Digital certificate

A password-protected and encrypted file that contains identification information about its holder. It includes a public key and a unique private key.

Digital evidence

Electronic information stored or transmitted in a digital or binary form.

Digital forensics

The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Digital signature

(1) Electronic information stored or transferred in digital form. (2) A non-forgeable transformation of data that allows the proof of the source (with nonrepudiation) and the verification of the integrity of that data. (3) An asymmetric key operation where the private key is used to digitally sign an electronic document and the public key is used to verify the signature. Digital signatures provide authentication and integrity protection. (4) The result of a cryptographic transformation of data that, when properly implemented, provides the services of origin authentication, data integrity, and signer nonrepudiation.

Digital signature algorithm (DSA)

The DSA is used by a signatory to generate a digital signature on data and by a verifier to verify the authenticity of the signature. It is an asymmetric algorithm used for digitally signing data.

Digital watermarking

It is the process of irreversibly embedding information into a digital signal. An example of is embedding copyright information about the copyright owner. Steganography is sometimes applied in digital watermarking, where two parties communicate a secret message embedded in the digital signal. Annotation of digital photographs with descriptive information is another application of invisible watermarking. While some file formats for digital media can contain additional information called metadata, digital watermarking is distinct in that the data is carried in the signal itself.

Directive controls

Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives.

Disaster recovery

The process of restoring an information system (IS) to full operation after an interruption in service, including equipment repair or replacement, file recovery or restoration, and resumption of service to users.

Disaster recovery plan (DRP)

A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities.

Discretionary access control (DAC)

The basis of this kind of security is that an individual user or program operating on the user’s behalf is allowed to specify explicitly the types of access other users or programs executing on their behalf may have to the information under the user’s control. Compare with mandatory access control.

Discretionary protection

Access control that identifies individual users and their need-to-know and limits users to the information that they are allowed to see. It is used on systems that process information with the same level of sensitivity.

Disinfecting