Data Driven Attack: A form of attack in which the attack is encoded in innocuous-seeming data which is executed by a user or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the firewall in data form and launch an attack against a system behind the firewall.

Decode: Conversion of encoded text to plain text through the use of a code.

Decrypt: Conversion of either encoded or enciphered text into plaintext.

Dedicated: A special purpose device. Although it is capable of performing other duties, it is assigned to only one.

Defense in Depth: The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls.

Daemon: (pronounced and sometimes spelled like "demon") is a program that runs continuously and exists for the purpose of handling periodic service requests that a computer system expects to receive. The daemon program forwards the requests to other programs (or processes) as appropriate. Each server of pages on the Web has an HTTPD or Hypertext Transport Protocol daemon that continually waits for requests to come in from Web clients and their users.

DES: Data Encryption Standard. Symmetric encryption procedure with 56 bytes key length. DES was developed by IBM and published on January 15, 1977, by NIST.

DES3: Triple-DES-Algorithm: The simple DES algorithm no longer being considered secure, it was extended to the -- currently secure -- Triple-DES-algorithm. It runs DES three times, either with two or with three different keys, being equivalent to an effective key length of 113 resp. 168 bit.

Digest: A hash value (or digest) is a number generated from a string of text. The hash value is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will result in the same hash value. Hashing can be used to check the integrity of data: if someone produces a hash value and sends it along with the message, the receiver can produce a hash value on receipt of the message. If the receiver's hash matches the one that was sent along with the message, the original message has not been changed.

Digital Envelop: A cryptographic technique to encrypt data and send the encryption key along with the data. Generally, a symmetric algorithm is used to encrypt the data and an asymmetric algorithm is used to encrypt the encryption key.

Digital Wallet: Encryption software that works like a physical wallet during electronic commerce transactions. A wallet can hold a user's payment information, a digital certificate to identify the user, and shipping information to speed transactions. The consumer benefits because his or her information is encrypted against piracy and because some wallets will automatically input shipping information at the merchant's site and will give the consumer the option of paying by digital cash or check. Merchants benefit by receiving protection against fraud. Most wallets reside on the user's PC, but recent versions, called "thin" wallets, are placed on the credit card issuer's server. Netscape and Microsoft now support wallet technology on their browsers.

DoS -- Denial of Service: A DoS attack is commonly referred to as a "hack" because it is a malicious offensive against another computer system; but unlike most other hacks, it does not involve the attacker gaining access or entry into the target server. Instead, a DoS is a massive stream of information sent to a target with the intention of flooding it until it crashes or can no longer take legitimate traffic. The information is frequently in the form of "pings," which are small packets of data sent by one computer to another with the intention of checking to see if the other computer is accessible. The target computer responds to the ping and the connection is made. But if the pinger gives a false address, the target computer can't return the ping to make the connection. In that case, the target waits and finally gives up. In great amounts, this can overwhelm a server.

DNS: Domain Name Service, allows the resolution of hostnames to IP addresses and vice versa in large networks.

DNS Spoofing: Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.

Dual Homed Gateway: 1) A system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks. 2) A firewall implement without the use of a screening router.