Working for a safe, affordable, vibrant, innovative, and interconnected city.
Learn More
Seattle.gov Home Page
Seattle.gov This Department
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
We make technology work for the City Michael Mattmiller, Acting Chief Technology Officer
Information Security Home Page
Chief Information Security Officer
Information Security Bulletins
Information Security Newsletter
Information Systems Security Policy
Spams and Scams
Creating Passwords
Securing Your Laptop
Protecting Your Home
Spyware Solutions
Wireless Network Security Solutions
Digital Consumer
Living Digital
Contact Us
Glossary of IT Terms

Information Security

Glossary D


This glossary contains industry standard and City specific IT terminology. The glossary should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
A B C D E F G H I J K L M
N O P Q R S T U V W X Y Z

Data Custodians
Data / Information
Data Encryption
Data Mining
Data Storage Device
Database
Database Administrator - DBA
Debug
Deciplegic
Decryption
Default Password
Denial of Service
DES / AES
Desktop
Dial-up
Digital
Digital Certificate
Digital Signature
Digital Subscriber Line (DSL)
Digital Versatile Disk - DVD
Digital Watermark
Disable
Disaster Recovery Plan - DRP
Distributed Processing
DMZ
DNS
Domain Name
Dongle
Driver
Dual Homing
Due Care
Dynamic Host Configuration Protocol (DHCP)


Data Custodians
Individuals who have been officially designated as being accountable for protecting the confidentiality of specific data that is transmitted, used, and stored on a system or systems within a department or administrative agency of the City.


Data / Information
In the area of Information Security, data (and the individual elements that comprise the data) is processed, formatted and re-presented, so that it gains meaning and thereby becomes information. Information Security is concerned with the protection and safeguard of that information which, in its various forms can be identified as Business Assets or Information Assets. The terms data and information can be used somewhat interchangeably; but, as a general rule, information always comprises data, but data is not always information.


Data Encryption
Data encryption is a means of scrambling the data so that is can only be read by the person(s) holding the 'key' - a password of some sort. Without the 'key', the cipher cannot be broken and the data remains secure. Using the key, the cipher is decrypted and the data is returned to its original value or state. Each time one wishes to encrypt data, a key from the 72,000,000,000,000,000 possible key variations, is randomly generated, and used to encrypt the data. The same key must be made known to the receiver if they are to decrypt the data.


Data Mining

  • Data Mining is the analysis of corporate data, for relationships and correlations which have yet to be discovered. Such relationship discoveries can identify significant marketing opportunities to target specific client segments. The term Data mining was coined by IBM who hold some related patents.
  • Spending numerous hours combing the Internet looking for specific pieces of information, and finding everything except what you are looking for!

  • Data Storage Device

    A device that may or may not have intelligence that is connected to the City network via a network port, or by insertion into a computing device port that is connected to the network. These devices are generally used for data storage.


    Database
    A collection of files, tables, forms, reports, etc., held on computer media that have a predictable relationship with each other for indexing, updating, and retrieval purposes.


    Database Administrator
    DBAA 'DBA' is a highly technical person who has specialized in the development and maintenance of databases and database applications. The DBA is responsible for ensuring that all housekeeping routines are performed on the database, which may include designing and maintaining the structure and content of the (many) tables which together form the database, and the relationships between these tables. In addition, the DBA will usually be specialized in writing reports and querying the database, usually using Structured Query Language - or SQL.


    Debug
    To trace and fix faults (bugs) in computer software and, occasionally, hardware. The term derives from the same source as Bug.


    Deciplegic
    Mouse Potato suffering from Trigger Finger.


    Decryption
    The process by which encrypted data is restored to its original form in order to be understood/usable by another computer or person.


    Default Password
    The password installed by a manufacturer and required to access a computer system when it is initially delivered, or a password required by software (typically shareware) to prove that the user is registered with the software vendor. Default passwords are not normally encountered on new PCs and have become relatively rare, but, in cases where such a password has been installed, the new owner of the equipment should change it at the earliest opportunity, to avoid it being known to third parties. There are a range of default passwords known to everyone; and these are the first ones tried by anyone hacking into, or merely attempting opportunistic access. Such passwords as 'password', '123456' and ' ' i.e. blank (nothing) must be changed immediately. If you have one of these or similar passwords; please change it now. RUSecure will still be here when you have finished!


    Denial of Service
    A Denial of Service (DoS) attack, is an Internet attack against a Web site whereby a client is denied the level of service expected. In a mild case, the impact can be unexpectedly poor performance. In the worst case, the server can become so overloaded as to cause a crash of the system.

    DoS attacks do not usually have theft or corruption of data as their primary motive and will often be executed by persons who have a grudge against the organization concerned. The following are the main types of DoS attack: :

  • Buffer Overflow Attacks; whereby data is sent to the server at a rate and volume that exceeds the capacity of the system; causing errors.
  • SYN Attack. This takes places when connection requests to the server are not properly responded to, causing a delay in connection. Although these failed connection will eventually time out, should they occur in volume, they can deny access to other legitimate requests for access.
  • Teardrop Attack. The exploitation of a features of the TCP/IP protocol whereby large packets of data are split into 'bite sized chunks' with each fragment being identified to the next by an 'offset' marker. Later the fragments are supposed to be re-assembled by the receiving system. In the teardrop attack, the attacker enters a confusing offset value in the second (or later) fragment which can crash the recipient's system.
  • Smurf Attack or Ping Attack. This is where an illegitimate 'attention request' or Ping is sent to a system, with the return address being that of the target host (to be attacked). The intermediate system responds to the Ping request but responds to the unsuspecting victim system. If the receipt of such responses becomes excessive, the target system will be unable to distinguish between legitimate and illegitimate traffic.
  • Viruses. Viruses are not usually targeted but where the host server becomes infected, it can cause a Denial of Service; or worse.
  • Physical Attacks. A physical attack may be little more that cutting the power supply, or perhaps the removal of a network cable.

  • DES / AES
    DES - The Data Encryption Standard and the AES - Advanced Encryption Standard are both data encryption standards for the scrambling of data to protect its confidentiality. It was developed by IBM in co-operation with the American National Security Agency and published in 1974. It has become extremely popular and, because it used to be so difficult to break, with 72,000,000,000,000,000 possible key variations, was banned from export from the USA. However, restrictions by the US Government, on the export of encryption technology was lifted in 2000 to the countries of the U.S. and a number of other countries. The AES - Advanced Encryption Standard, is a state of the art algorithm (developed by Rijndael) and chosen by the United States National Institute of Standards and Technology on October 2, 2000. Although selected, it will not become officially "approved" by the US Secretary of Commerce until Q2 2001. Meanwhile, products are already available which use the Rijndael algorithm within AES encryption tools.


    Desktop

  • Verbal shorthand for Desktop Personal Computer, normally used to differentiate such a system from a 'Laptop' or portable PC.
  • In Windows 95, and later releases, the screen visible on the computer monitor is known as the desktop and can be used to store programs and data as if it were a normal directory/folder. It is generally considered better practice to use the desktop as a place to store links to files and programs, rather than the files and programs themselves. This is partly because of the risk of accidental deletion, but - more importantly to companies - to avoid such files being visible to any curious passer-by.

  • Dial-up
    A method of communicating via telephone lines. The modem modulates the digital data of computers into analog signals to send over the telephone lines, then demodulates back into digital signals to be read by a computer on the other end.


    Digital
    Employing the binary system of numbers (1 and 0 only) for processing purposes.


    Digital Certificate
    A digital certificate is the electronic version of an ID card that establishes your credentials and authenticates your connection when performing e-Commerce transactions over the Internet, using the World Wide Web. To obtain Digital Certificate an organization must apply to a Certification Authority which is responsible for validating and ensuring the authenticity of requesting organization. The Certificate will identify the name of the organization, a serial number, the validity date ("from / to") and the organization's Public Key where encryption to / from that organization is required. In addition, the Digital Certificate will also contain the Digital Signature of the Certification Authority to allow any recipient to confirm the authenticity of the Digital Certificate. A global standard (X. 509 Public Key Infrastructure for the Internet) defines the requirements for Digital Certificates and the major Certificate Authorities conform to this. Such standards, and the integrity of the Certificate Authorities are vital for the establishment of 'digital trust', without which e-Commerce will never attain its potential.


    Digital Signature
    A digital signature is an electronic equivalent of an individual's signature. It authenticates the message to which it is attached and validates the authenticity of the sender. In addition, it also provides confirmation that the contents of the message to which it is attached, have not been tampered with, en route from the sender to the receiver. A further feature is that an e-mail 'signed' with a digital signature cannot easily be repudiated; i.e. the sender is not able to deny the sending and the contents of the message; plus it provides a digital time stamp to confirm the time and date of transmission. For a digital signature to be recognized, and acknowledged as something of integrity, it needs to be trusted by the recipient. It is for this reason that a Certification Authority will supply a digital signature to persons, the identity of whom, it has been able to verify; perhaps by having an Attorney's stamp on a document which validates the applicant's name, address, date of birth etc. To provide greater digital trust, the Digital Signature is packaged with the certificate of the Certification Authority, and this too may be inspected for validity and expiration. Most people expect digital signatures to totally replace the use of the ('old fashioned') pen and ink signature with orders and authorities being accepted via digitally signed e-mails, the contents of which may, or may not, be encrypted for additional security.


    Digital Subscriber Line (DSL)
    A form of high speed Internet access competing with cable modems. DSL works over standard telephone lines and supports data speeds of over 1.5 Mbps downstream (to the user) and slower speeds upstream (to the Internet).


    Digital
    Employing the binary system of numbers (1 and 0 only) for processing purposes.


    Digital Versatile Disk (DVD)
    Currently, these optical storage disks are being pioneered by the entertainment business; notably because the DVD is able to store a full length feature movie on a single CD size disk, with faithful reproduction of visual and audio quality. DVD, with a capacity (using both sides of the disk) of approx. 17GB, will doubtless replace the present CDs / CD-ROMs with their 'modest' 670MB capacity. At present consumer models are read only, but they will soon offer full record capability with integration into information systems.


    Digital Watermark
    A unique identifier that becomes part of a digital document and cannot be removed. The watermark is invisible to the human eye but a computer can analyze the document and extract the hidden data. Digital watermarks are being used for Classified/Top Secret documents - usually Military/Governmental - and highly confidential commercial material. The primary use of such marks is to allow different marks to be used when the document is copied to different persons and thereby establish an Audit Trail should there be any leakage of information.


    Disable
    The process by which hardware or software is deliberately prevented from functioning in some way. For hardware, it may be as simple as switching off a piece of equipment, or disconnecting a cable. It is more commonly associated with software, particularly shareware or promotional software, which has been supplied to a user at little or no cost, to try before paying the full purchase or registration fee. Such software may be described as 'crippled' in that certain functions, such as saving or printing files are not permitted. Some in-house development staff may well disable parts of a new program, so that the user can try out the parts which have been developed, while work continues on the disabled functions. Disabling is also often used as a security measure, for example the risk of virus infection through the use of infected floppy diskettes can be greatly reduced, by disconnecting a cable within the PC, thereby disabling the floppy drive. Even greater protection is achieved by removing the drive altogether, thereby creating a diskless PC.


    Disaster Recovery Plan
    The master plan needed by technical and non-technical staff to cope with a major problem - such as the Boeing Syndrome. Do not confuse and merge the DRP with the Business Continuity Plan. The DRP is the plan which is activated when there is an emergency. It is the plan which ensures that health and safety come first followed by damage limitation. Having contained the impact of the disaster, and having ensured that the situation is now under control e.g. through the Emergency Services, then the Business Continuity Plan will be activated. One of the most difficult aspects of a DRP is agreeing when it should be activated. In some circumstances it will be clear. For example, a tornado destroys part of the office block; or a serious fire reduces the premises to ashes. However, on many occasions, disasters have multiple warnings or indicators, and it is these which need to be considered and identified as the triggers to invoke your DRP. N.B. The skills required to prepare and manage a DRP are not necessarily the same as those required for a Business Continuity Plan.


    Distributed Processing
    Spreading the organization's computer processing load between two or more computers, often in geographically separate locations. If a organization has the necessary financial and technical resources, distributed processing, with mirroring between sites, is an excellent contingency plan for sudden disasters. Even if there is a total loss of one system, the remaining computer(s) can carry the load without disruption to users and without loss or corruption of data.


    DMZ
    A DMZ - De-Militarised Zone, is a separate part of an organization's network which is shielded and 'cut off ' from the main corporate network and its systems. The DMZ contains technical equipment to prevent access from external parties (say on the Internet) from gaining access to your main systems. The term comes from the buffer zone that was set up between North Korea and South Korea following their war in the early 1950s. A DMZ is not a single security component; it signifies a capability. Within the DMZ will be found firewalls, choke and access routers, front-end and back-end servers. Essentially, the DMZ provides multi-layer filtering and screening to completely block off access to the corporate network and data. And, even where a legitimate and authorized external query requests corporate data, no direct connection will be permitted from the external client, only a back-end server will issue the request (which may require additional authentication) from the internal corporate network. However, the extent to which you permit corporate data to be accessible from and by external sources will depend upon the value of the Business Assets which could be placed at (additional) risk by allowing access to (even) pre-specified data types.


    DNS
    Domain Name System (or Server). The DNS is the means by which user friendly Web addresses are translated into arcane IP addresses. The DNS ensures that a Web address is routed to the correct site.


    Domain Name
    The domain name identifies the location of an organization or entity on the Internet and, through Domain Name Service translates this to an IP Address, which is the real address to which traffic destined for that domain name is routed.


    Dongle
    A mechanical device used by software developers to prevent unlicensed use of their product. Typically, a Dongle is a small connector plug, supplied with the original software package, which fits into a socket on a PC - usually a parallel port, also known generally as the LPT1 Printer port. Without the Dongle present, the software will not run. Some older Dongles act as a terminator, effectively blocking the port for any other use, but later versions have a pass-through function, allowing a printer to be connected at the same time. Even though the PC can still communicate with the printer, there have been problems with more recent printers which use active two-way communications with the PC to notify printing status, ink levels, etc.


    Driver
    A driver is a small interface program which allows a computer to communicate with a peripheral device, such as a printer or a scanner. The driver will be automatically installed when you connect the device to the PC; hence the need for a CD-ROM or floppy disk when installing such peripherals.


    Dual Homing

    Having concurrent connectivity to more than one network from a computer or network device. Examples include, but are not limited to:

  • Connecting a server to two different networks using two network interface cards (NIC).
  • Connecting a computer to a City provided DSL, ISDN, or cable modem AND concurrently connecting to a public ISP, a bulletin board, or a family member's network via modem or publicly provisioned broadband.
  • Configuring an ISDN router to dial into the City network and an ISP, depending on packet destination.
  • Connecting a computing device to the City network and concurrently using a modem to connect to another network (whether wired or wireless)

  • Due Care
    Due is the collective steps that an organization must take to properly protect its networks, computer systems and data that resides on them.


    Dynamic Host Configuration Protocol (DHCP)
    Software that automatically assigns IP addresses to client stations logging onto a TCP/IP network. It eliminates having to manually assign permanent IP addresses. DHCP software typically runs in servers and is also found in network devices such as ISDN routers and modem routers that allow multiple users access to the Internet. Newer DHCP servers dynamically update the DNS servers after making assignments.