Index for glossary D
The reverse process of encryption in which encoded messages or ciphertext is decoded from its protected, scrambled form into original plaintext so that they can be easily readable.
Defence-in-Depth is the approach of using multiple layers of security to guard against failure of a single security component.
Reduce magnetic flux density to zero by applying a reversing magnetic field, in order to permanently remove data from a magnetic storage medium, such as a tape or disk. It is also called demagnetizing.
Denial of Service (DoS)
An attacker attempts to prevent legitimate users from accessing information or services. Examples of such attacks are SYN flood, Ping O death, packet flooding and Ping flooding.
Detective controls are used to identify undesirable events that have occurred.
Dictionary attack is a technique used to break an encryption or authentication system by trying words that can be found in a dictionary.
A digital certificate is a form of electronic record that serves as an identification of who you are in conducting online transactions. The certificate usually contains information such as user's public key, name and email address.
Under the public key infrastructure (PKI) technology, a digital signature is derived by applying a mathematical function to compute the electronic message and the signer's private key. Recipients can verify the integrity, authenticity, and non-repudiation of the electronic message by checking the digital signature with the use of the sender's public key. Under the Electronic Transactions Ordinance (Cap. 553) (ETO), electronic or digital signatures have the same legal status as paper-based signatures.
Discretionary Access Control (DAC)
Discretionary Access Control (DAC) is an authorisation mechanism in which users own the objects under their control, and the granting and revoking of access control privileges are left to the discretion of individual users.
Distributed Denial of Service (DDoS) Attack
An attack using multiple computers to launch denial-of-service (DoS) attacks at the same time against a targeted system.
Domain Name Server (DNS)
DNS servers resolve human-memorable domain names and hostnames into the corresponding Internet Protocol (IP) addresses.
Domain Name Server (DNS) Spoofing
The DNS spoofing compromises the domain name server which resolve the domain name to an incorrect IP address and diverting traffic to another computer (often the attacker's).
Domain Name System Security Extensions (DNSSEC)
DNSSEC was designed to protect the Internet from certain attacks, such as DNS cache poisoning. It is a set of extensions to DNS, which provide: a) origin authentication of DNS data, b) data integrity, and c) authenticated denial of existence.
Drive-by attack is used by attackers who construct URL(s) embedded with malicious scripts in a website, where the users are tricked to click on the URL allowing the embedded script running on their web browsers and resulting in more malignant attacks (such as downloading a Trojan Horse or sending cookie information to the attacker).