False Acceptance
False acceptance, also called a type II error, is a mistake occasionally made by biometric security systems. In an instance of false acceptance, an unauthorized person is identified as an authorized person.

False Negative
A false negative is the term applied to a failure in an alerting system - most commonly in an anti-virus product or intrusion detection system. It occurs when a virus or intrusion condition exists, but is "allowed" (or ignored or missed) by the alerting system.

False Positive
A false positive is a term applied to a failure in an alerting system - most commonly in an anti-virus product or intrusion detection system. It occurs when a virus or intrusion condition is incorrectly reported; that is, the alerting systems reports a virus or intrusion condition that does not exist. Too many false positives can be very intrusive.

False Rejection
False rejection, also called a type I error, is a mistake occasionally made by authentication systems. In an instance of false rejection, the system fails to recognize an authorized person and rejects that person as an impostor.

FAR: False Acceptance Rate
False Acceptance Rate (FAR) is often used in biometric access control systems. The false acceptance rate (FAR) is a measure of the likelihood that the access system will wrongly accept an access attempt; that is, will allow the access attempt from an unauthorized user.

Faraday Cage
A Faraday cage is a metallic enclosure that prevents the entry or escape of an electromagnetic field (EM field). An ideal Faraday cage consists of an unbroken, perfectly conducting shell. This ideal cannot be achieved in practice, but can be approached by using fine-mesh copper screening.

Fast File System
Fast File System is the first major revision to the Unix file system, providing faster reading access and faster (delayed, asynchronous) writing access through a disk cache and better file system layout on disk. It uses inodes (pointers) and data blocks.

Fast packet keying
Fast packet keying is an encryption algorithm which is enhancement for the RC4 algorithm used by Wired Equivalent Privacy (WEP).

Fault Line Attacks
Fault Line Attack is a type attack that uses weaknesses between interfaces of systems to exploit gaps in coverage.

FedCIRC: Federal Computer Incident Response Center
Federal Computer Incident Response Center (FedCIRC) is a U.S. government agency dealing with computer security issues for federal government departments.

File integrity checker
File integrity checker is a software program that protects systems against having their files modified or replaced.

File slack
File slack refers to the unused space on hard disks that can hide important data.

File system traversal attack
File system traversal attack refers to a coding vulnerability allowing users to access files in parent directories.

FH-CDMA: Frequency Hopping - Code Division Multiple Access
Frequency hopping (FH) is one of two basic modulation techniques used in spread spectrum signal transmission. It is the repeated switching of frequencies during radio transmission, often to minimize the effectiveness of the unauthorized interception or jamming of telecommunications. It also is known as frequency- hopping code division multiple access (FH-CDMA).

Filter
A filter is used to specify which packets will or will not be used or passed. It can be used in sniffers to determine which packets get displayed, or by firewalls to determine which packets get blocked.

Filtering Router
Filtering Router is an inter-network router that selectively prevents the passage of data packets according to a security policy. A filtering router may be used as a firewall or part of a firewall. A router usually receives a packet from a network and decides where to forward it on a second network. A filtering router does the same, but first decides whether the packet should be forwarded at all, according to some security policy. The policy is implemented by rules (packet filters) loaded into the router.

Finger
Finger is a protocol to lookup user information on a given host. A Unix program that takes an e-mail address as input and returns information about the user who owns that e-mail address. On some systems, finger only reports whether the user is currently logged on. Other systems return additional information, such as the user's full name, address, and telephone number. Of course, the user must first enter this information into the system. Many e-mail programs now have a finger utility built into them.

Finger Image
Finger image is the digital image obtained by fingerscanning, also called fingerprint scanning, which is the process of electronically obtaining and storing human fingerprints.

Fingerprint Scanning
Fingerprint scanning, also called fingerscanning, is the process of electronically obtaining and storing human fingerprints. The digital image obtained by such scanning is called a finger image.

Fingerprinting
Fingerprinting is the procedure of taking inked impressions of a person's fingerprints for the purpose of identification. In computer networking, fingerprinting embeds a digital signal in text, image, audio or video files, which may contain information on the end user.

FIP: Fair Information Practices
Fair Information Practices (FIP) are standards governing collection and use of personal data.

FIPS: Federal Information Processing Standard
Federal Information Processing Standard(FIPS) is a series of standards developed by the National Institute of Standards and Technology (NIST) for federal computer systems.

Firewall
A firewall is a piece of software or hardware device that filters the information coming through the Internet connection into a private network or a computer system. A firewall enforces an access control policy between two or more networks with two key functions: to block unwanted traffic, and to permit wanted traffic.

Firewall Appliance
A Firewall Appliance is typically a black box piece of networking hardware and software system that is to function as the implementor of the defined access control policy. A fully featured firewall appliance will include NAT (Network Address Translation), DMZ (De-Militarized Zone), VPN (Virtual Private Network), Intrusion Detection and extensive audit logging with alarm condition detection and reporting. Content Filtering can be a highly desirable option to prevent pornography and specific non-work related web sites from being accessed.

FIRST: Forum of Incident Response and Security Teams
Forum of Incident Response and Security Teams (FIRST) is an umbrella organization for computer security incident response centers around the world.

Fishing
Fishing is a variation of the word "phishing" in the network security context. Phishing often uses spam emails which are some official-looking e-mail messages that ask for updates on personal or financial information.

FITSAF: Federal Information Technology Security Assessment Framework
Federal Information Technology Security Assessment Framework (FITSAF) is a methodology for assessing the security of information systems.

Flooding Attack
Flooding attack is an attack that attempts to cause a failure in a computer system or other data processing entity by providing more input than the entity can process properly.

Fluhrer, Martin and Shamir Attack
Fluhrer, Martin and Shamir Attack is a vulnerability discovered in WEP by Fluhrer, Martin and Shamir: when data is encrypted before transmission, a piece of data called the initialization vector (IV) is added to the secret key. The IV is tranmitted in the clear, which can be used to recover the entire key.

Footbath
In computer security, footbath, also called a sheepdip, is the checking of media, usually diskettes or CD-ROMs, for viruses before they are used in a computer or network. A sheepdip computer is used only for virus-checking. The computer makes use of one or two antivirus programs that are kept current on a daily basis.

Footprinting
In computer security, footprinting is the process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment.

Forensic Analysis
Forensic Analysis in the context of information seucrity is the investigation of computer crime, including the data and evidence collection, analysis and presentation in court.

Forensics
Forensics is all about obtaining the proof of a misdemeanour. Computer forensics is about obtaining the proof of an illegal misuse of computers in a way that could lead to the prosecution of the culprit. Most computer forensics are built on the assumption of adequate audit trails.

Forest
In information security, a forest is a set of Active Directory domains that replicate their databases with each other.

Fork Bomb
A Fork Bomb works by using the fork() call to create a new process which is a copy of the original. By doing this repeatedly, all available processes on the machine can be taken up.

Format String Attack
Format String Attacks are caused from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as printf(). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands printf() and similar functions to write back the number of bytes formatted to an argument of type int *. By manipulating the stack by using spurious format tokens, this argument can be faked as part of the format string.

Form-Based Authentication
Form-Based Authentication uses forms on a webpage to ask a user to input username and password information.

FORTEZZA
FORTEZZA refers to a group of cryptographic technologies developed by the National Security Agency (NSA) for U.S. government use. FORTEZZA were developed to create user-friendly, low-cost security devices for the Defense Message System. The Defense Department also uses FORTEZZA to encrypt voice communications over its secure telephones.

Forward Lookup
Forward lookup means using an Internet domain name to find an IP address.

Forward Proxy
Forward Proxies are designed to be the server through which all requests are made.

Forward Secrecy
Forward secrecy implies that a compromise of the current key should not compromise any future key. While backward secrecy means that a compromise should not compromise any earlier key.

Fping
Fping, a ping like program, is a tool for testing network connectivity with hosts which uses the Internet Control Message Protocol (ICMP) echo request. Fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. Instead of trying one host until it timeouts or replies, fping will send out a ping packet and move on to the next host in a round-robin fashion. If a host replies, it is noted and removed from the list of hosts to check. If a host does not respond within a certain time limit and/or retry limit it will be considered unreachable. Unlike ping, fping is meant to be used in scripts and its output is easy to parse.

FPipe
FPipe is a free tool for source port forward/redirection. It can create a TCP or UDP stream with a source port of your choice. This is useful for getting past firewalls that allow traffic with source ports, say 23, to connect with internal servers.

Fport
Fport is a free tool for displaying which TCP/UDP services are listening on a network. Fport will show you what programs on the system are opening which ports (both TCP and UDP). If strange programs are identified, you may take action to stop them. Fport can be used on Windows NT4, Windows 2000, and Windows XP.

Fragment Offset
The fragment offset field tells the sender where a particular fragment falls in relation to other fragments in the original larger packet.

Fragment Overlap Attack
Fragment Overlap Attack is a TCP/IP fragmentation attack that is possible because IP allows packets to be broken down into fragments for more efficient transport across various media. The TCP packet (and its header) are carried in the IP packet. In this attack, the second fragment contains incorrect offset. When packet is reconstructed, the port number will be overwritten.

Fragmentation
Fragmentation is the process of storing a data file in several "chunks" or fragments rather than in a single contiguous sequence of bits in one place on the storage medium.

Frequency-Hopping Spread Spectrum
Frequency hopping (FH) is one of two basic modulation techniques used in spread spectrum signal transmission. It is the repeated switching of frequencies during radio transmission, often to minimize the effectiveness of the unauthorized interception or jamming of telecommunications.

FRR: False Rejection Rate
False rejection rate (FRR) is one of the most important specifications in any biometric system. The FRR is defined as the percentage of identification instances in which false rejection occurs. This can be expressed as a probability.

FSV: File Signature Verification
File Signature Verification (FSV) is a file-checking feature of Microsoft Windows File Protection (WFP).

FTP bounce attack
FTP bounce attack is an attack that exploits a design flaw in File Transfer Protocol (FTP). With FTP bounce attack, an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request. This technique can be used to port scan hosts discreetly, and to access specific ports that the attacker cannot access through a direct connection. nmap is a port scanner that can utilize an FTP bounce attack to scan other servers.

FTP: File Transfer Protocol
File Transfer Protocolis a TCP/IP protocol specifying the transfer of text or binary files across the network.

Full Disclosure
Full disclosure means a complete publication of a security problem on the Internet and through other media, which is known as 'full disclosure'. At its most extreme, full disclosure would include the publication of the vulnerability, the patches, the solutions as well as the exploit to take advantage of the vulnerability.

Fully-Qualified Domain Name
A Fully-Qualified Domain Name is a server name with a hostname followed by the full domain name.