Glossary
GL-9
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
EAP Extensible Authentication Protocol. A protocol for wireless networks that expands on Authentication
methods used by the PPP (Point-to-Point Protocol), a protocol often used when connecting a computer
to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart
cards, certificates, one-time passwords, and Public Key Encryption authentication.
EAP-MD5 Extensible Authentication Protocol-Message Digest 5. An EAP security algorithm developed by RSA
Security that uses a 128-bit generated number string, or ha sh, to verify the authenticity of a data
communication.
EAP-TLS Extensible Authentication Protocol-Translation Layer Security. A high-security version of EAP that
requires authentication from both the client and the server. If one of the m fails to offer the appropriate
authenticator, the connection is terminated. Used to create a secured connection for 802.1X by
preinstalling a digital certificate on the client computer. EAP-TLS is the protocol that serves for
mutual authentication and integrity-protected cipher suite negotiation and key exchange between a
client and server. Both the client and the server use X.509 certificates to verify their identities to each
other.
F
false rejects When an authentication system fails to recognize a valid user.
FTP File Transfer Protocol . A TCP/IP protocol specifying the transfer of text or binary files across the
network.
filter Used to specify which packets will or will not be used. It can be used in sniffers to determine which
packets get displayed, or by firewalls to determine which packets get blocked.
filtering router An inter-network router that selectively prevents the passage of data packets according to a security
policy. A filtering router may be used as a firewall or part of a firewall. A router usually receives a
packet from a network and decides where to forward it on a second network. A filtering router does
the same, but first decides whether the packet should be forwarded at all, according to some security
policy. The policy is implemented by rules (packet filters) loaded into the router.
firewall A TCP/IP Fragmentation Attack that is possible because IP allows packets to be br oken down into
fragments for more efficient transport across various media. The TCP packet (and its header) are
carried in the IP packet. In this attack the second fragment contains incorrect offset. When packet is
reconstructed, the port number will be overwritten.
fragmentation The process of storing a data file in several "chunks" or fragments rather than in a single contiguous
sequence of bits in one place on the storage medium.
frames Data that is transmitted between network points as a unit complete with addressing and necessary
protocol control information. A frame is usually transmitted serial bit by bit and contains a header
field and a trailer field that "frame" the data. (Some control frames contain no data.)
full duplex A type of duplex communications channel which carries data in both direct ions at once. Refers to the
transmission of data in two directions simultaneously. Communications in which both sender and
receiver can send at the same time.
fully-qualified
domain name
A server name with a hostname followed by the full domain name.