Glossary
GL-5
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
data origin 
authentication
A security service where the receiver can verify that protected data could have originated only from 
the sender. This service requires a data integrity service plus a key distribution mechanism, where a 
secret key is shared only between the sender and receiver.
decryption
Application of a specific algorithm or cipher to encrypted data so as to render the data comprehensible 
to those who are authorized to see the information. See also encryption.
DES
Data encryption standard. DES was published in 1977 by the National Bureau of Standards and is a 
secret key encryption scheme based on the Lucifer algorithm from IBM. Cisco uses DES in classic 
crypto (40-bit and 56-bit key lengths), IPsec crypto (56-bit key), and 3DES (triple DES), which 
performs encryption three times using a 56-bit key. 3DES is more secure than DES but requires more 
processing for encryption and decryption. See also AES, ESP.
DHCP
Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP addresses to hosts 
dynamically, so that addresses can be reused when hosts no longer need them and so that mobile 
computers, such as laptops, receive an IP address applicable to the LAN to which it is connected.
Diffie-Hellman
A public key cryptography protocol that allows two parties to establish a shared secret over insecure 
communications channels. Diffie-Hellman is used within IKE to establish session keys. 
Diffie-Hellman is a component of Oakley key exchange.
Diffie-Hellman 
Group 1, Group 2, 
Group 5, Group 7
Diffie-Hellman refers to a type of public key cryptography using asymmetric encryption based on 
large prime numbers to establish both Phase 1 and Phase 2 SAs. Group 1 provides a smaller prime 
number than Group 2 but may be the only version supported by some IPsec peers. Diffe-Hellman 
Group 5 uses a 1536-bit prime number, is the most secure, and is recommended for use with AES. 
Group 7 has an elliptical curve field size of 163 bits and is for use with the Movian VPN client, but 
works with any peer that supports Group 7 (ECC). See also VPN and encryption.
Note The group 7 command option was deprecated in ASA Version 8.0(4). Attempts to configure 
group 7 will generate an error message and use group 5 instead.
digital certificate
See certificate.
DMZ
See interface.
DN
Distinguished Name. Global, authoritative name of an entry in the OSI Directory (X.500).
DNS
Domain Name System (or Service). An Internet service that translates domain names into IP 
addresses.
DoS
Denial of Service. A type of network attack in which the goal is to render a network service 
unavailable.
DSL
digital subscriber line. Public network technology that delivers high bandwidth over conventional 
copper wiring at limited distances. DSL is provisioned via modem pairs, with one modem located at 
a central office and the other at the customer site. Because most DSL technologies do not use the 
whole bandwidth of the twisted pair, there is room remaining for a voice channel.
DSP
digital signal processor. A DSP segments a voice signal into frames and stores them in voice packets.
DSS
Digital Signature Standard. A digital signature algorithm designed by The US National Institute of 
Standards and Technology and based on public-key cryptography. DSS does not do user datagram 
encryption. DSS is a component in classic crypto, as well as the Redcreek IPsec card, but not in IPsec 
implemented in Cisco IOS software.