Table of Contents
RFC 4949 Internet Security Glossary Definitions F
Return to RFC 4949 Internet Security Glossary Definitions, RFC 4949 Internet Security Glossary, RFC 4949 Internet Security Glossary Bibliography, Cybersecurity, Awesome Security
RFC 4949: #, A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z (navbar_rfc4949)
([[Fair Use]] [[Source]]: [[RFC 4949])
1. (I) Synonym for “fail-secure”.
2. (I) A mode of termination of system functions that prevents damage to specified system resources and system entities (i.e., specified data, property, and life) when a failure occurs or is detected in the system (but the failure still might cause a security compromise). (See: failure control.)
Tutorial: Definitions 1 and 2 are opposing design alternatives. Therefore, IDOCs SHOULD NOT use this term without providing a definition for it. If definition 1 is intended, IDOCs can avoid ambiguity by using “fail-secure” instead.
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) A mode of termination of system functions that prevents loss of secure state when a failure occurs or is detected in the system (but the failure still might cause damage to some system resource or system entity). (See: failure control. Compare: fail-safe.)
Shirey Informational Page 126]
RFC 4949 Internet Security Glossary, Version 2 August 2007
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) Selective termination of affected, non-essential system functions when a failure occurs or is detected in the system. (See: failure control.)
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) A methodology used to provide fail-safe, fail-secure or fail- soft termination and recovery of system functions. [FP039]
([[Fair Use]] [[Source]]: [[RFC 4949])
- fairness
(I) A property of an access protocol for a system resource whereby the resource is made equitably or impartially available to all eligible users. (RFC 3753)
Tutorial: Fairness can be used to defend against some types of denial-of-service attacks on a system connected to a network. However, this technique assumes that the system can properly receive and process inputs from the network. Therefore, the technique can mitigate flooding but is ineffective against jamming.
([[Fair Use]] [[Source]]: [[RFC 4949])
- falsification
(I) A type of threat action whereby false data deceives an authorized entity. (See: active wiretapping, deception.)
Usage: This type of threat action includes the following subtypes: - “Substitution”: Altering or replacing valid data with false data that serves to deceive an authorized entity. - “Insertion”: Introducing false data that serves to deceive an authorized entity.
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) A branching, hierarchical data structure that is used to represent events and to determine the various combinations of component failures and human acts that could result in a specified undesirable system event. (See: attack tree, flaw hypothesis methodology.)
Tutorial: “Fault-tree analysis” is a technique in which an undesired state of a system is specified and the system is studied in the context of its environment and operation to find all credible ways in which the event could occur. The specified fault event is represented as the root of the tree. The remainder of the tree represents AND or OR combinations of subevents, and sequential combinations of subevents, that could cause the root event to occur. The main purpose of a fault-tree analysis is to calculate the probability of the root event, using statistics or other analytical methods and incorporating actual or predicted
Shirey Informational Page 127]
RFC 4949 Internet Security Glossary, Version 2 August 2007
quantitative reliability and maintainability data. When the root event is a security violation, and some of the subevents are deliberate acts intended to achieve the root event, then the fault tree is an attack tree.
([[Fair Use]] [[Source]]: [[RFC 4949])
- FEAL
(O) A family of symmetric block ciphers that was developed in Japan; uses a 64-bit block, keys of either 64 or 128 bits, and a variable number of rounds; and has been successfully attacked by cryptanalysts. [Schn]
([[Fair Use]] [[Source]]: [[RFC 4949])
- Federal Information Processing Standards (FIPS)
(N) The Federal Information Processing Standards Publication (FIPS PUB) series issued by NIST under the provisions of Section 111(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987 (Public Law 100-235) as technical guidelines for U.S. Government procurements of information processing system equipment and services. (See: “[FPxxx]” items in Section 7, Informative References.)
([[Fair Use]] [[Source]]: [[RFC 4949])
- Federal Public-key Infrastructure (FPKI)
(O) A PKI being planned to establish facilities, specifications, and policies needed by the U.S. Government to use public-key certificates in systems involving unclassified but sensitive applications and interactions between Federal agencies as well as with entities of state and local governments, the business community, and the public. [FPKI]
([[Fair Use]] [[Source]]: [[RFC 4949])
- Federal Standard 1027
(N) An U.S. Government document defining emanation, anti-tamper, security fault analysis, and manual key management criteria for DES encryption devices, primary for OSIRM Layer 2. Was renamed “FIPS PUB 140” when responsibility for protecting unclassified, sensitive information was transferred from NSA to NIST, and has since been superseded by newer versions of that standard [FP140].
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) A TCP-based, Application-Layer, Internet Standard protocol (RFC 959) for moving data files from one computer to another.
([[Fair Use]] [[Source]]: [[RFC 4949])
- fill device
(N) /COMSEC/ A device used to transfer or store keying material in electronic form or to insert keying material into cryptographic equipment.
([[Fair Use]] [[Source]]: [[RFC 4949])
1. (I) /noun/ Synonym for “guard”. (Compare: content filter, filtering router.)
Shirey Informational Page 128]
RFC 4949 Internet Security Glossary, Version 2 August 2007
2. (I) /verb/ To process a flow of data and selectively block passage or permit passage of individual data items according to a security policy.
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) An internetwork router that selectively prevents the passage of data packets according to a security policy. (See: guard.)
Tutorial: A router usually has two or more physical connections to networks or other systems; and when the router receives a packet on one of those connections, it forwards the packet on a second connection. A filtering router does the same; but it first decides, according to some security policy, whether the packet should be forwarded at all. The policy is implemented by rules (packet filters) loaded into the router. The rules mostly involve values of data packet control fields (especially IP source and destination addresses and TCP port numbers) [R2179]. A filtering router may be used alone as a simple firewall or be used as a component of a more complex firewall.
([[Fair Use]] [[Source]]: [[RFC 4949])
- financial institution
(N) “An establishment responsible for facilitating customer- initiated transactions or transmission of funds for the extension of credit or the custody, loan, exchange, or issuance of money.” [SET2]
([[Fair Use]] [[Source]]: [[RFC 4949])
- fingerprint
1. (I) A pattern of curves formed by the ridges on a fingertip. (See: biometric authentication. Compare: thumbprint.)
2. (D) /PGP/ A hash result (“key fingerprint”) used to authenticate a public key or other data. [PGP]
Deprecated Definition: IDOCs SHOULD NOT use this term with definition 2, and SHOULD NOT use this term as a synonym for “hash result” of *any* kind. Either use would mix concepts in a potentially misleading way.
([[Fair Use]] [[Source]]: [[RFC 4949])
- FIPS
(N) See: Federal Information Processing Standards.
([[Fair Use]] [[Source]]: [[RFC 4949])
- FIPS PUB 140
(N) The U.S. Government standard [FP140] for security requirements to be met by a cryptographic module when the module is used to protect unclassified information in computer and communication systems. (See: Common Criteria, FIPS, Federal Standard 1027.)
Shirey Informational Page 129]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Tutorial: The standard specifies four increasing levels (from “Level 1” to “Level 4”) of requirements to cover a wide range of potential applications and environments. The requirements address basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference and electromagnetic compatibility (EMI/EMC), and self-testing. NIST and the Canadian Communication Security Establishment jointly certify modules.
([[Fair Use]] [[Source]]: [[RFC 4949])
- FIREFLY
(O) /U.S. Government/ “Key management protocol based on public-key cryptography.” [C4009]
([[Fair Use]] [[Source]]: [[RFC 4949])
1. (I) An internetwork gateway that restricts data communication traffic to and from one of the connected networks (the one said to be “inside” the firewall) and thus protects that network's system resources against threats from the other network (the one that is said to be “outside” the firewall). (See: guard, security gateway.)
2. (O) A device or system that controls the flow of traffic between networks using differing security postures. [SP41]
Tutorial: A firewall typically protects a smaller, secure network (such as a corporate LAN, or even just one host) from a larger network (such as the Internet). The firewall is installed at the point where the networks connect, and the firewall applies policy rules to control traffic that flows in and out of the protected network.
A firewall is not always a single computer. For example, a firewall may consist of a pair of filtering routers and one or more proxy servers running on one or more bastion hosts, all connected to a small, dedicated LAN (see: buffer zone) between the two routers. The external router blocks attacks that use IP to break security (IP address spoofing, source routing, packet fragments), while proxy servers block attacks that would exploit a vulnerability in a higher-layer protocol or service. The internal router blocks traffic from leaving the protected network except through the proxy servers. The difficult part is defining criteria by which packets are denied passage through the firewall, because a firewall not only needs to keep unauthorized traffic (i.e., intruders) out, but usually also needs to let authorized traffic pass both in and out.
Shirey Informational Page 130]
RFC 4949 Internet Security Glossary, Version 2 August 2007
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) Computer programs and data stored in hardware – typically in read-only memory (ROM) or programmable read-only memory (PROM) – such that the programs and data cannot be dynamically written or modified during execution of the programs. (See: hardware, software.)
([[Fair Use]] [[Source]]: [[RFC 4949])
- FIRST
(N) See: Forum of Incident Response and Security Teams.
([[Fair Use]] [[Source]]: [[RFC 4949])
- flaw
1. (I) An error in the design, implementation, or operation of an information system. A flaw may result in a vulnerability. (Compare: vulnerability.)
2. (D) “An error of commission, omission, or oversight in a system that allows protection mechanisms to be bypassed.” [NCSSG] (Compare: vulnerability. See: brain-damaged.)
Deprecated Definition: IDOCs SHOULD NOT use this term with definition 2; not every flaw is a vulnerability.
([[Fair Use]] [[Source]]: [[RFC 4949])
- flaw hypothesis methodology
(I) An evaluation or attack technique in which specifications and documentation for a system are analyzed to hypothesize flaws in the system. The list of hypothetical flaws is prioritized on the basis of the estimated probability that a flaw exists and, assuming it does, on the ease of exploiting it and the extent of control or compromise it would provide. The prioritized list is used to direct a penetration test or attack against the system. [NCS04] (See: fault tree, flaw.)
([[Fair Use]] [[Source]]: [[RFC 4949])
- flooding
1. (I) An attack that attempts to cause a failure in a system by providing more input than the system can process properly. (See: denial of service, fairness. Compare: jamming.)
Tutorial: Flooding uses “overload” as a type of “obstruction” intended to cause “disruption”.
2. (I) The process of delivering data or control messages to every node of a network. (RFC 3753)
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) An analysis performed on a nonprocedural, formal, system specification that locates potential flows of information between system variables. By assigning security levels to the variables, the analysis can find some types of covert channels. [Huff]
Shirey Informational Page 131]
RFC 4949 Internet Security Glossary, Version 2 August 2007
([[Fair Use]] [[Source]]: [[RFC 4949])
1. (I) /data security/ A procedure or technique to ensure that information transfers within a system are not made from one security level to another security level, and especially not from a higher level to a lower level. [Denns] (See: covert channel, confinement property, information flow policy, simple security property.)
2. (O) /data security/ “A concept requiring that information transfers within a system be controlled so that information in certain types of objects cannot, via any channel within the system, flow to certain other types of objects.” [NCSSG]
([[Fair Use]] [[Source]]: [[RFC 4949])
- For Official Use Only (FOUO)
(O) /U.S. DoD/ A U.S. Government designation for information that has not been given a security classification pursuant to the criteria of an Executive Order dealing with national security, but which may be withheld from the public because disclosure would cause a foreseeable harm to an interest protected by one of the exemptions stated in the Freedom of Information Act (Section 552 of title 5, United States Code). (See: security label, security marking. Compare: classified.)
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) Expressed in a restricted syntax language with defined semantic]s [[based on well-established mathematical concepts. [CCIB] (Compare: informal, semiformal.)
([[Fair Use]] [[Source]]: [[RFC 4949])
(O) /U.S. Government/ Documented approval by a data owner to allow access to a particular category of information in a system. (See: category.)
([[Fair Use]] [[Source]]: [[RFC 4949])
(O) See: Ina Jo.
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) A security model that is formal. Example: Bell-LaPadula model. [Land] (See: formal, security model.)
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) “A complete and convincing mathematical argument, presenting the full logical justification for each step in the proof, for the truth of a theorem or set of theorems.” [NCSSG]
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) A precise description of the (intended) behavior of a system, usually written in a mathematical language, sometimes for the
Shirey Informational Page 132]
RFC 4949 Internet Security Glossary, Version 2 August 2007
purpose of supporting formal verification through a correctness proof. [Huff] (See: Affirm, Gypsy, HDM, Ina Jo.) (See: formal.)
Tutorial: A formal specification can be written at any level of detail but is usually a top-level specification.
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) “A top-level specification that is written in a formal mathematical language to allow theorems showing the correspondence of the system specification to its formal requirements to be hypothesized and formally proven.” [NCS04] (See: formal specification.)
([[Fair Use]] [[Source]]: [[RFC 4949])
- formulary
(I) A technique for enabling a decision to grant or deny access to be made dynamically at the time the access is attempted, rather than earlier when an access control list or ticket is created.
([[Fair Use]] [[Source]]: [[RFC 4949])
(O) A registered trademark of NSA, used for a family of interoperable security products that implement a NIST/NSA-approved suite of cryptographic algorithms for digital signature, hash, encryption, and key exchange. The products include a PC card (which contains a CAPSTONE chip), and compatible serial port modems, server boards, and software implementations.
([[Fair Use]] [[Source]]: [[RFC 4949])
(N) An international consortium of CSIRTs (e.g., CIAC) that work together to handle computer security incidents and promote preventive activities. (See: CSIRT, security incident.)
Tutorial: FIRST was founded in 1990 and, as of July 2004, had more than 100 members spanning the globe. Its mission includes: - Provide members with technical information, tools, methods, assistance, and guidance. - Coordinate proactive liaison activities and analytical support. - Encourage development of quality products and services. - Improve national and international information security for governments, private industry, academia, and the individual. - Enhance the image and status of the CSIRT community.
([[Fair Use]] [[Source]]: [[RFC 4949])
- forward secrecy
(I) See: perfect forward secrecy.
([[Fair Use]] [[Source]]: [[RFC 4949])
- FOUO
(O) See: For Official Use Only.
Shirey Informational Page 133]
RFC 4949 Internet Security Glossary, Version 2 August 2007
([[Fair Use]] [[Source]]: [[RFC 4949])
- FPKI
(O) See: Federal Public-Key Infrastructure.
([[Fair Use]] [[Source]]: [[RFC 4949])
- fraggle attack
(D) /slang/ A synonym for “smurf attack”.
Deprecated Term: It is likely that other cultures use different metaphors for this concept. Therefore, to avoid international misunderstanding, IDOCs SHOULD NOT use this term.
Derivation: The Fraggles are a fictional race of small humanoids (represented as hand puppets in a children's television series, “Fraggle Rock”) that live underground.
([[Fair Use]] [[Source]]: [[RFC 4949])
- frequency hopping
(N) Repeated switching of frequencies during radio transmission according to a specified algorithm. [C4009] (See: spread spectrum.)
Tutorial: Frequency hopping is a TRANSEC technique to minimize the potential for unauthorized interception or jamming.
([[Fair Use]] [[Source]]: [[RFC 4949])
- fresh
(I) Recently generated; not replayed from some earlier interaction of the protocol.
Usage: Describes data contained in a PDU that is received and processed for the first time. (See: liveness, nonce, replay attack.)
([[Fair Use]] [[Source]]: [[RFC 4949])
(I) See: File Transfer Protocol.
Fair Use Sources
Cybersecurity: DevSecOps - Security Automation, Cloud Security - Cloud Native Security (AWS Security - Azure Security - GCP Security - IBM Cloud Security - Oracle Cloud Security, Container Security, Docker Security, Podman Security, Kubernetes Security, Google Anthos Security, Red Hat OpenShift Security); CIA Triad (Confidentiality - Integrity - Availability, Authorization - OAuth, Identity and Access Management (IAM), JVM Security (Java Security, Spring Security, Micronaut Security, Quarkus Security, Helidon Security, MicroProfile Security, Dropwizard Security, Vert.x Security, Play Framework Security, Akka Security, Ratpack Security, Netty Security, Spark Framework Security, Kotlin Security - Ktor Security, Scala Security, Clojure Security, Groovy Security;
, JavaScript Security, HTML Security, HTTP Security - HTTPS Security - SSL Security - TLS Security, CSS Security - Bootstrap Security - Tailwind Security, Web Storage API Security (localStorage Security, sessionStorage Security), Cookie Security, IndexedDB Security, TypeScript Security, Node.js Security, NPM Security, Deno Security, Express.js Security, React Security, Angular Security, Vue.js Security, Next.js Security, Remix.js Security, PWA Security, SPA Security, Svelts.js Security, Ionic Security, Web Components Security, Nuxt.js Security, Z Security, htmx Security
Python Security - Django Security - Flask Security - Pandas Security,
Database Security (Database Security on Kubernetes, Database Security on Containers / Database Security on Docker, Cloud Database Security - DBaaS Security, Concurrent Programming and Database Security, Functional Concurrent Programming and Database Security, Async Programming and Databases Security, MySQL Security, Oracle Database Security, Microsoft SQL Server Security, MongoDB Security, PostgreSQL Security, SQLite Security, Amazon RDS Security, IBM Db2 Security, MariaDB Security, Redis Security (Valkey Security), Cassandra Security, Amazon Aurora Security, Microsoft Azure SQL Database Security, Neo4j Security, Google Cloud SQL Security, Firebase Realtime Database Security, Apache HBase Security, Amazon DynamoDB Security, Couchbase Server Security, Elasticsearch Security, Teradata Database Security, Memcached Security, Infinispan Security, Amazon Redshift Security, SQLite Security, CouchDB Security, Apache Kafka Security, IBM Informix Security, SAP HANA Security, RethinkDB Security, InfluxDB Security, MarkLogic Security, ArangoDB Security, RavenDB Security, VoltDB Security, Apache Derby Security, Cosmos DB Security, Hive Security, Apache Flink Security, Google Bigtable Security, Hadoop Security, HP Vertica Security, Alibaba Cloud Table Store Security, InterSystems Caché Security, Greenplum Security, Apache Ignite Security, FoundationDB Security, Amazon Neptune Security, FaunaDB Security, QuestDB Security, Presto Security, TiDB Security, NuoDB Security, ScyllaDB Security, Percona Server for MySQL Security, Apache Phoenix Security, EventStoreDB Security, SingleStore Security, Aerospike Security, MonetDB Security, Google Cloud Spanner Security, SQream Security, GridDB Security, MaxDB Security, RocksDB Security, TiKV Security, Oracle NoSQL Database Security, Google Firestore Security, Druid Security, SAP IQ Security, Yellowbrick Data Security, InterSystems IRIS Security, InterBase Security, Kudu Security, eXtremeDB Security, OmniSci Security, Altibase Security, Google Cloud Bigtable Security, Amazon QLDB Security, Hypertable Security, ApsaraDB for Redis Security, Pivotal Greenplum Security, MapR Database Security, Informatica Security, Microsoft Access Security, Tarantool Security, Blazegraph Security, NeoDatis Security, FileMaker Security, ArangoDB Security, RavenDB Security, AllegroGraph Security, Alibaba Cloud ApsaraDB for PolarDB Security, DuckDB Security, Starcounter Security, EventStore Security, ObjectDB Security, Alibaba Cloud AnalyticDB for PostgreSQL Security, Akumuli Security, Google Cloud Datastore Security, Skytable Security, NCache Security, FaunaDB Security, OpenEdge Security, Amazon DocumentDB Security, HyperGraphDB Security, Citus Data Security, Objectivity/DB). Database drivers (JDBC Security, ODBC), ORM (Hibernate Security, Microsoft Entity Framework), SQL Operators and Functions Security, Database IDEs (JetBrains DataSpell Security, SQL Server Management Studio Security, MySQL Workbench Security, Oracle SQL Developer Security, SQLiteStudio),
Programming Language Security ((1. Python Security, 2. JavaScript Security, 3. Java Security, 4. C# Security, 5. C++ Security, 6. PHP Security, 7. TypeScript Security, 8. Ruby Security, 9. C Security, 10. Swift Security, 11. R Security, 12. Objective-C Security, 13. Scala Security, 14. Golang Security, 15. Kotlin Security, 16. Rust Security, 17. Dart Security, 18. Lua Security, 19. Perl Security, 20. Haskell Security, 21. Julia Security, 22. Clojure Security, 23. Elixir Security, 24. F# Security, 25. Assembly Language Security, 26. Shell Script Security / bash Security, 27. SQL Security, 28. Groovy Security, 29. PowerShell Security, 30. MATLAB Security, 31. VBA Security, 32. Racket Security, 33. Scheme Security, 34. Prolog Security, 35. Erlang Security, 36. Ada Security, 37. Fortran Security, 38. COBOL Security, 39. Lua Security, 40. VB.NET Security, 41. Lisp Security, 42. SAS Security, 43. D Security, 44. LabVIEW Security, 45. PL/SQL Security, 46. Delphi/Object Pascal Security, 47. ColdFusion Security, 49. CLIST Security, 50. REXX);
OS Security, Mobile Security: Android Security - Kotlin Security - Java Security, iOS Security - Swift Security; Windows Security - Windows Server Security, Linux Security (Ubuntu Security, Debian Security, RHEL Security, Fedora Security), UNIX Security (FreeBSD Security), IBM z Mainframe Security (RACF Security), Passwords (Windows Passwords, Linux Passwords, FreeBSD Passwords, Android Passwords, iOS Passwords, macOS Passwords, IBM z/OS Passwords), Passkeys, Hacking (Ethical Hacking, White Hat, Black Hat, Grey Hat), Pentesting (Red Team - Blue Team - Purple Team), Cybersecurity Certifications (CEH, GIAC, CISM, CompTIA Security Plus, CISSP), Mitre Framework, Common Vulnerabilities and Exposures (CVE), Cybersecurity Bibliography, Cybersecurity Courses, Firewalls, CI/CD Security (GitHub Actions Security, Azure DevOps Security, Jenkins Security, Circle CI Security), Functional Programming and Cybersecurity, Cybersecurity and Concurrency, Cybersecurity and Data Science - Cybersecurity and Databases, Cybersecurity and Machine Learning, Cybersecurity Glossary (RFC 4949 Internet Security Glossary), Awesome Cybersecurity, Cybersecurity GitHub, Cybersecurity Topics (navbar_security - see also navbar_aws_security, navbar_azure_security, navbar_gcp_security, navbar_k8s_security, navbar_docker_security, navbar_podman_security, navbar_mainframe_security, navbar_ibm_cloud_security, navbar_oracle_cloud_security, navbar_database_security, navbar_windows_security, navbar_linux_security, navbar_macos_security, navbar_android_security, navbar_ios_security, navbar_os_security, navbar_firewalls, navbar_encryption, navbar_passwords, navbar_iam, navbar_pentesting, navbar_privacy)
Request for Comments (RFC): List of RFCs, GitHub RFCs, Awesome RFCs, (navbar_rfc)
© 1994 - 2024 Cloud Monk Losang Jinpa or Fair Use. Disclaimers
SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.