Читаем CISSP Practice полностью

A firewall platform is the system device upon which a firewall is implemented. An example of a firewall platform is a commercial operating system running on a personal computer.

Firewall rule set

A firewall rule set is a table of instructions that the firewall uses for determining how packets should be routed between its interfaces. In routers, the rule set can be a file that the router examines from top to bottom when making routing decisions.

Firmware

(1) Software permanently installed inside the computer as part of its main memory to provide protection from erasure or loss if electrical power is interrupted. (2) The programs and data components of a cryptographic module that are stored in hardware within the cryptographic boundary and cannot be dynamically written or modified during execution.

Fit-gap analysis

This analysis is a common technique, which can be applied to help define the nature of the required service components. It examines the components within the context of requirements and makes a determination as to the suitability of the service component.

Flash ROM

Flash read only memory (ROM) is nonvolatile memory that is writable.

Flaw

An error of commission, omission, or oversight in a system that allows protection mechanisms to be bypassed or disabled. Synonymous with loophole or fault.

Flaw-based DoS attacks

These make use of software errors to consume resources. Patching and upgrading software can prevent the flaw-based DoS attacks.

Flooding

Sending large numbers of messages to a host or network at a high rate.

Flooding attacks

Flooding attacks most often involve copying valid service requests and resending them to a service provider. The attacker may issue repetitive SOAP/XML messages in an attempt to overload the Web service. This type of activity may not be detected as an intrusion because the source IP address is valid, the network packer behavior is valid, and the SOAP/XML message is well- formed. But the business behavior is not legitimate resulting in a DoS attack. Techniques for detecting and handling DoS can be applied against flooding attacks.

Flow

A particular network communication session occurring between hosts.

Flow control

A strategy for protecting the contents of information objects from being transferred to objects at improper security levels. It is more restrictive than access control.

Flow-sensitive analysis

Analysis of a computer program that takes into account the flow of control.

Focused testing

A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Focused testing is also known as gray box testing.

Folder

An organizational structure used by a file system to group files.

Folder encryption

The process of encrypting individual folders on a storage medium and permitting access to the encrypted files within the folders only after proper authentication is provided.

Forensic computer

The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.

Forensic copy

An accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.

Forensic hash

It is used to maintain the integrity of an acquired data by computing a cryptographically strong, non-reversible hash value over the acquired data. A hash code value is computed using several algorithms.

Forensic process

It is the process of collecting, examining, analyzing, and reporting of facts to gain a better understanding of an event of interest.

Forensic specialist

A professional who locates, identifies, collects, analyzes, and examines data while preserving the data's integrity and maintaining a strict chain of custody of information discovered.

Formal verification

The process of using formal proofs to demonstrate the consistency (design verification) between a formal specification of a system and a formal security policy model or (implementation verification) between the formal specification and its program implementation.

Forward cipher

One of the two functions of the block cipher algorithm that is selected by the cryptographic key.

Forward engineering

The traditional process of moving from high-level abstractions and logical, implementation-independent designs to the physical implementation of a system.

Frame relay

A type of fast packet technology using variable length packets called frames. By contrast, a cell-relay system such as asynchronous transfer mode (ATM) transports user data in fixed-sized cells.

Freeware