Table of Contents

RFC 4949 Internet Security Glossary Definitions L

Return to RFC 4949 Internet Security Glossary Definitions, RFC 4949 Internet Security Glossary, RFC 4949 Internet Security Glossary Bibliography, Cybersecurity, Awesome Security

RFC 4949: #, A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z (navbar_rfc4949)


([[Fair Use]] [[Source]]: [[RFC 4949])


(N) See: Layer 2 Forwarding Protocol.

([[Fair Use]] [[Source]]: [[RFC 4949])


(N) See: Layer 2 Tunneling Protocol.

([[Fair Use]] [[Source]]: [[RFC 4949])


See: time stamp, security label.

Shirey Informational Page 179]

RFC 4949 Internet Security Glossary, Version 2 August 2007

([[Fair Use]] [[Source]]: [[RFC 4949])


(O) “Use of sophisticated signal recovery equipment in a laboratory environment to recover information from data storage media.” [C4009]

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) Abbreviation for “local area network” [R1983. (See: [FP191].)

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) A denial-of-service attack that sends an IP packet that (a) has the same address in both the Source Address and Destination Address fields and (b) contains a TCP SYN packet that has the same port number in both the Source Port and Destination Port fields.

Derivation: This single-packet attack was named for “land”, the program originally published by the cracker who invented this exploit. Perhaps that name was chosen because the inventor thought of multi-packet (i.e., flooding) attacks as arriving by sea.

([[Fair Use]] [[Source]]: [[RFC 4949])


(N) A language (ISO 8807-1990) for formal specification of computer network protocols; describes the order in which events occur.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) A finite set together with a partial ordering on its elements such that for every pair of elements there is a least upper bound and a greatest lower bound.

Example: A lattice is formed by a finite set S of security levels – i.e., a set S of all ordered pairs (x,c), where x is one of a finite set X of hierarchically ordered classification levels X(1), non-hierarchical categories C(1), …, C(M) – together with the “dominate” relation. Security level (x,c) is said to “dominate” (x',c') if and only if (a) x is greater (higher) than or equal to x' and (b) c includes at least all of the elements of c'. (See: dominate, lattice model.)

Tutorial: Lattices are used in some branches of cryptography, both as a basis for hard computational problems upon which cryptographic algorithms can be defined, and also as a basis for attacks on cryptographic algorithms.

([[Fair Use]] [[Source]]: [[RFC 4949])


1. (I) A description of the semantic] [[structure formed by a finite set of security levels, such as those used in military organizations. (See: dominate, lattice, security model.)

Shirey Informational Page 180]

RFC 4949 Internet Security Glossary, Version 2 August 2007

2. (I) /formal model/ A model for flow control in a system, based on the lattice that is formed by the finite security levels in a system and their partial ordering. [Denn]

([[Fair Use]] [[Source]]: [[RFC 4949])


(N) A data item that is automatically embedded in data encrypted by devices (e.g., CLIPPER chip) that implement the Escrowed Encryption Standard.

([[Fair Use]] [[Source]]: [[RFC 4949])


(N) See: OSIRM.

([[Fair Use]] [[Source]]: [[RFC 4949])


(N) An Internet protocol (originally developed by Cisco Corporation) that uses tunneling of PPP over IP to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user. (See: L2TP.)

([[Fair Use]] [[Source]]: [[RFC 4949])


(N) An Internet client-server protocol that combines aspects of PPTP and L2F and supports tunneling of PPP over an IP network or over frame relay or other switched network. (See: VPN.)

Tutorial: PPP can in turn encapsulate any OSIRM Layer 3 protocol. Thus, L2TP does not specify security services; it depends on protocols layered above and below it to provide any needed security.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) See: Lightweight Directory Access Protocol.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) The principle that a security architecture should minimize reliance on mechanisms that are shared by many users.

Tutorial: Shared mechanisms may include cross-talk paths that permit a breach of data security, and it is difficult to make a single mechanism operate in a correct and trusted manner to the satisfaction of a wide range of users.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) The principle that a security architecture should be designed so that each system entity is granted the minimum system resources and authorizations that the entity needs to do its work. (Compare: economy of mechanism, least trust.)

Shirey Informational Page 181]

RFC 4949 Internet Security Glossary, Version 2 August 2007

Tutorial: This principle tends to limit damage that can be caused by an accident, error, or unauthorized act. This principle also tends to reduce complexity and promote modularity, which can make certification easier and more effective. This principle is similar to the principle of protocol layering, wherein each layer provides specific, limited communication services, and the functions in one layer are independent of those in other layers.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) The principle that a security architecture should be designed in a way that minimizes (a) the number of components that require trust and (b) the extent to which each component is trusted. (Compare: least privilege, trust level.)

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) A system that is in operation but will not be improved or expanded while a new system is being developed to supersede it.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) See: secondary definition under “non-repudiation”.

([[Fair Use]] [[Source]]: [[RFC 4949])


1. (I) /general security/ Operating a system as though it began operation in a secure state, even though it cannot be proven that such a state was established (i.e., even though a security compromise might have occurred at or before the time when operation began).

2. (I) /COMSEC/ The initial part, i.e., the first communication step, or steps, of a protocol that is vulnerable to attack (especially a man-in-the-middle attack) during that part but, if that part is completed without being attacked, is subsequently not vulnerable in later steps (i.e., results in a secure communication association for which no man-in-the-middle attack is possible).

Usage: This term is listed in English dictionaries, but their definitions are broad and can be interpreted in many ways in Internet contexts. Similarly, the definition stated here can be interpreted in several ways. Therefore, IDOCs that use this term (especially IDOCs that are protocol specifications) SHOULD state a more specific definition for it.

Tutorial: In a protocol, a leap of faith typically consists of accepting a claim of peer id[[entity, data origin, or data integrity without authenticating that claim. When a protocol includes such a step, the protocol might also be designed so that if a man-in- the-middle attack succeeds during the vulnerable first part, then the attacker must remain in the middle for all subsequent

Shirey Informational Page 182]

RFC 4949 Internet Security Glossary, Version 2 August 2007

exchanges or else one of the legitimate parties will be able to detect the attack.

([[Fair Use]] [[Source]]: [[RFC 4949])


(N) /U.S. DoD/ A rating assigned to an information system that indicates the extent to which protective measures, techniques, and procedures must be applied. (See: critical, sensitive, level of robustness.)

([[Fair Use]] [[Source]]: [[RFC 4949])


(N) /U.S. DoD/ A characterization of (a) the strength of a security function, mechanism, service, or solution and (b) the assurance (or confidence) that it is implemented and functioning. [Cons, IATF] (See: level of concern.)

([[Fair Use]] [[Source]]: [[RFC 4949])


(O) An international consortium of more than 150 commercial, nonprofit, and governmental organizations that was created in 2001 to address technical, business, and policy problems of id[[entity and id[[entity-based Web services and develop a standard for federated network id[[entity that supports current and emerging network devices.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) An Internet client-server protocol (RFC 3377) that supports basic use of the X.500 Directory (or other directory servers) without incurring the resource requirements of the full Directory Access Protocol (DAP).

Tutorial: Designed for simple management and browser applications that provide simple read/write interactive directory service. Supports both simple authentication and strong authentication of the client to the directory server.

([[Fair Use]] [[Source]]: [[RFC 4949])


1a. (I) A communication facility or physical medium that can sustain data communications between multiple network nodes, in the protocol layer immediately below IP. (RFC 3753)

1b. (I) /subnetwork/ A communication channel connecting subnetwork relays (especially one between two packet switches) that is implemented at OSIRM Layer 2. (See: link encryption.)

Tutorial: The relay computers assume that links are logically passive. If a computer at one end of a link sends a sequence of bits, the sequence simply arrives at the other end after a finite time, although some bits may have been changed either accidentally (errors) or by active wiretapping.

Shirey Informational Page 183]

RFC 4949 Internet Security Glossary, Version 2 August 2007

2. (I) /World Wide Web/ See: hyperlink.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) Stepwise (link-by-link) protection of data that flows between two points in a network, provided by encrypting data separately on each network link, i.e., by encrypting data when it leaves a host or subnetwork relay and decrypting when it arrives at the next host or relay. Each link may use a different key or even a different algorithm. [R1455] (Compare: end-to-end encryption.)

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) A property of a communication association or a feature of a communication protocol that provides assurance to the recipient of data that the data is being freshly transmitted by its originator, i.e., that the data is not being replayed, by either the originator or a third party, from a previous transmission. (See: fresh, nonce, replay attack.)

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) Malicious logic that activates when specified conditions are met. Usually intended to cause denial of service or otherwise damage system resources. (See: Trojan horse, virus, worm.)

([[Fair Use]] [[Source]]: [[RFC 4949])


1a. (I) An act by which a system entity establishes a session in which the entity can use system resources. (See: principal, session.)

1b. (I) An act by which a system user has its id[[entity authenticated by the system. (See: principal, session.)

Usage: Usually understood to be accomplished by providing an identifier and matching authentication information (e.g., a password) to a security mechanism that authenticates the user's id[[entity; but sometimes refers to establishing a connection with a server when no authentication or specific authorization is involved.

Derivation: Refers to “logfile, a security audit trail that records (a) security events, such as the beginning of a session, and (b) the names of the system entities that initiate events.

([[Fair Use]] [[Source]]: [[RFC 4949])


(O) /U.S. Government/ “Descriptive title of [an item of COMSEC material].” [C4009] (Compare: short title.)

Shirey Informational Page 184]

RFC 4949 Internet Security Glossary, Version 2 August 2007

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) Result of TRANSEC measures used to hide or disguise a communication.

([[Fair Use]] [[Source]]: [[RFC 4949])


(I) Result of TRANSEC measures used to prevent interception of a communication.

([[Fair Use]] [[Source]]: [[RFC 4949])


(N) See: Language of Temporal Ordering Specification.


Fair Use Sources

Fair Use Sources:

Cybersecurity: DevSecOps - Security Automation, Cloud Security - Cloud Native Security (AWS Security - Azure Security - GCP Security - IBM Cloud Security - Oracle Cloud Security, Container Security, Docker Security, Podman Security, Kubernetes Security, Google Anthos Security, Red Hat OpenShift Security); CIA Triad (Confidentiality - Integrity - Availability, Authorization - OAuth, Identity and Access Management (IAM), JVM Security (Java Security, Spring Security, Micronaut Security, Quarkus Security, Helidon Security, MicroProfile Security, Dropwizard Security, Vert.x Security, Play Framework Security, Akka Security, Ratpack Security, Netty Security, Spark Framework Security, Kotlin Security - Ktor Security, Scala Security, Clojure Security, Groovy Security;

, JavaScript Security, HTML Security, HTTP Security - HTTPS Security - SSL Security - TLS Security, CSS Security - Bootstrap Security - Tailwind Security, Web Storage API Security (localStorage Security, sessionStorage Security), Cookie Security, IndexedDB Security, TypeScript Security, Node.js Security, NPM Security, Deno Security, Express.js Security, React Security, Angular Security, Vue.js Security, Next.js Security, Remix.js Security, PWA Security, SPA Security, Svelts.js Security, Ionic Security, Web Components Security, Nuxt.js Security, Z Security, htmx Security

Python Security - Django Security - Flask Security - Pandas Security,

Database Security (Database Security on Kubernetes, Database Security on Containers / Database Security on Docker, Cloud Database Security - DBaaS Security, Concurrent Programming and Database Security, Functional Concurrent Programming and Database Security, Async Programming and Databases Security, MySQL Security, Oracle Database Security, Microsoft SQL Server Security, MongoDB Security, PostgreSQL Security, SQLite Security, Amazon RDS Security, IBM Db2 Security, MariaDB Security, Redis Security (Valkey Security), Cassandra Security, Amazon Aurora Security, Microsoft Azure SQL Database Security, Neo4j Security, Google Cloud SQL Security, Firebase Realtime Database Security, Apache HBase Security, Amazon DynamoDB Security, Couchbase Server Security, Elasticsearch Security, Teradata Database Security, Memcached Security, Infinispan Security, Amazon Redshift Security, SQLite Security, CouchDB Security, Apache Kafka Security, IBM Informix Security, SAP HANA Security, RethinkDB Security, InfluxDB Security, MarkLogic Security, ArangoDB Security, RavenDB Security, VoltDB Security, Apache Derby Security, Cosmos DB Security, Hive Security, Apache Flink Security, Google Bigtable Security, Hadoop Security, HP Vertica Security, Alibaba Cloud Table Store Security, InterSystems Caché Security, Greenplum Security, Apache Ignite Security, FoundationDB Security, Amazon Neptune Security, FaunaDB Security, QuestDB Security, Presto Security, TiDB Security, NuoDB Security, ScyllaDB Security, Percona Server for MySQL Security, Apache Phoenix Security, EventStoreDB Security, SingleStore Security, Aerospike Security, MonetDB Security, Google Cloud Spanner Security, SQream Security, GridDB Security, MaxDB Security, RocksDB Security, TiKV Security, Oracle NoSQL Database Security, Google Firestore Security, Druid Security, SAP IQ Security, Yellowbrick Data Security, InterSystems IRIS Security, InterBase Security, Kudu Security, eXtremeDB Security, OmniSci Security, Altibase Security, Google Cloud Bigtable Security, Amazon QLDB Security, Hypertable Security, ApsaraDB for Redis Security, Pivotal Greenplum Security, MapR Database Security, Informatica Security, Microsoft Access Security, Tarantool Security, Blazegraph Security, NeoDatis Security, FileMaker Security, ArangoDB Security, RavenDB Security, AllegroGraph Security, Alibaba Cloud ApsaraDB for PolarDB Security, DuckDB Security, Starcounter Security, EventStore Security, ObjectDB Security, Alibaba Cloud AnalyticDB for PostgreSQL Security, Akumuli Security, Google Cloud Datastore Security, Skytable Security, NCache Security, FaunaDB Security, OpenEdge Security, Amazon DocumentDB Security, HyperGraphDB Security, Citus Data Security, Objectivity/DB). Database drivers (JDBC Security, ODBC), ORM (Hibernate Security, Microsoft Entity Framework), SQL Operators and Functions Security, Database IDEs (JetBrains DataSpell Security, SQL Server Management Studio Security, MySQL Workbench Security, Oracle SQL Developer Security, SQLiteStudio),

Programming Language Security ((1. Python Security, 2. JavaScript Security, 3. Java Security, 4. C# Security, 5. C++ Security, 6. PHP Security, 7. TypeScript Security, 8. Ruby Security, 9. C Security, 10. Swift Security, 11. R Security, 12. Objective-C Security, 13. Scala Security, 14. Golang Security, 15. Kotlin Security, 16. Rust Security, 17. Dart Security, 18. Lua Security, 19. Perl Security, 20. Haskell Security, 21. Julia Security, 22. Clojure Security, 23. Elixir Security, 24. F# Security, 25. Assembly Language Security, 26. Shell Script Security / bash Security, 27. SQL Security, 28. Groovy Security, 29. PowerShell Security, 30. MATLAB Security, 31. VBA Security, 32. Racket Security, 33. Scheme Security, 34. Prolog Security, 35. Erlang Security, 36. Ada Security, 37. Fortran Security, 38. COBOL Security, 39. Lua Security, 40. VB.NET Security, 41. Lisp Security, 42. SAS Security, 43. D Security, 44. LabVIEW Security, 45. PL/SQL Security, 46. Delphi/Object Pascal Security, 47. ColdFusion Security, 49. CLIST Security, 50. REXX);

OS Security, Mobile Security: Android Security - Kotlin Security - Java Security, iOS Security - Swift Security; Windows Security - Windows Server Security, Linux Security (Ubuntu Security, Debian Security, RHEL Security, Fedora Security), UNIX Security (FreeBSD Security), IBM z Mainframe Security (RACF Security), Passwords (Windows Passwords, Linux Passwords, FreeBSD Passwords, Android Passwords, iOS Passwords, macOS Passwords, IBM z/OS Passwords), Passkeys, Hacking (Ethical Hacking, White Hat, Black Hat, Grey Hat), Pentesting (Red Team - Blue Team - Purple Team), Cybersecurity Certifications (CEH, GIAC, CISM, CompTIA Security Plus, CISSP), Mitre Framework, Common Vulnerabilities and Exposures (CVE), Cybersecurity Bibliography, Cybersecurity Courses, Firewalls, CI/CD Security (GitHub Actions Security, Azure DevOps Security, Jenkins Security, Circle CI Security), Functional Programming and Cybersecurity, Cybersecurity and Concurrency, Cybersecurity and Data Science - Cybersecurity and Databases, Cybersecurity and Machine Learning, Cybersecurity Glossary (RFC 4949 Internet Security Glossary), Awesome Cybersecurity, Cybersecurity GitHub, Cybersecurity Topics (navbar_security - see also navbar_aws_security, navbar_azure_security, navbar_gcp_security, navbar_k8s_security, navbar_docker_security, navbar_podman_security, navbar_mainframe_security, navbar_ibm_cloud_security, navbar_oracle_cloud_security, navbar_database_security, navbar_windows_security, navbar_linux_security, navbar_macos_security, navbar_android_security, navbar_ios_security, navbar_os_security, navbar_firewalls, navbar_encryption, navbar_passwords, navbar_iam, navbar_pentesting, navbar_privacy)

Request for Comments (RFC): List of RFCs, GitHub RFCs, Awesome RFCs, (navbar_rfc)


© 1994 - 2024 Cloud Monk Losang Jinpa or Fair Use. Disclaimers

SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.