https://DevOpsCloud.io -- Cloud Monk Losang Jinpa

Return to RFC 4949 Internet Security Glossary Definitions, RFC 4949 Internet Security Glossary, RFC 4949 Internet Security Glossary Bibliography, Cybersecurity, Awesome Security

---

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• W3

(D) Synonym for WWW.

Deprecated Abbreviation: This abbreviation could be confused with W3C; use “WWW” instead.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• W3C

( N) See: World Wide Web Consortium.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• war dialer

(I) /slang/ A computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogs those numbers so that a cracker can try to break the systems.

Deprecated Usage: IDOCs that use this term SHOULD state a definition for it because the term could confuse international readers.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• Wassenaar Arrangement

( N) The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies is a global, multilateral agreement approved by 33 countries in July 1996 to contribute to regional and international security and stability, by promoting information exchange concerning, and greater responsibility in, transfers of arms and dual-use items, thus preventing destabilizing accumulations. (See: International Traffic in Arms Regulations.)

Tutorial: The Arrangement began operations in September 1996 with headquarters in Vienna. The participating countries were Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Korea, Romania, Russian

Shirey Informational Page 334]

RFC 4949 Internet Security Glossary, Version 2 August 2007

Federation, Slovak Republic, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom, and United States.

Participating countries seek through their national policies to ensure that transfers do not contribute to the development or enhancement of military capabilities that undermine the goals of the arrangement, and are not diverted to support such capabilities. The countries maintain effective export controls for items on the agreed lists, which are reviewed periodically to account for technological developments and experience gained. Through transparency and exchange of views and information, suppliers of arms and dual-use items can develop common understandings of the risks associated with their transfer and assess the scope for coordinating national control policies to combat these risks. Members provide semi-annual notification of arms transfers, covering seven categories derived from the UN Register of Conventional Arms. Members also report transfers or denials of transfers of certain controlled dual-use items. However, the decision to transfer or deny transfer of any item is the sole responsibility of each participating country. All measures undertaken with respect to the arrangement are in accordance with national legislation and policies and are implemented on the basis of national discretion.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• watermarking

See: digital watermarking.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• weak key

(I) In the context of a particular cryptographic algorithm, a key value that provides poor security. (See: strong.)

Example: The DEA has four “weak keys” [Schn] for which encryption produces the same result as decryption. It also has ten pairs of “semi-weak keys” [Schn] (a.k.a. “dual keys” [FP074]) for which encryption with one key in the pair produces the same result as decryption with the other key.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• web, Web

1. (I) /not capitalized/ IDOCs SHOULD NOT capitalize “web” when using the term (usually as an adjective) to refer generically to technology – such as web browsers, web servers, HTTP, and HTML – that is used in the Web or similar networks.

2. (I) /capitalized/ IDOCs SHOULD capitalize “Web” when using the term (as either a noun or an adjective) to refer specifically to the World Wide Web. (Similarly, see: internet.)

Shirey Informational Page 335]

RFC 4949 Internet Security Glossary, Version 2 August 2007

Usage: IDOCs SHOULD NOT use “web” or “Web” in a way that might confuse these definitions with the PGP “web of trust”. When using Web as an abbreviation for “World Wide Web”, IDOCs SHOULD fully spell out the term at the first instance of usage.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• web of trust

(D) /PGP/ A PKI architecture in which each certificate user defines their own trust anchor(s) by depending on personal relationships. (See: trust anchor. Compare: hierarchical PKI, mesh PKI.)

Deprecated Usage: IDOCs SHOULD NOT use this term except with reference to PGP. This term mixes concepts in potentially misleading ways; e.g., this architecture does not depend on World Wide Web technology. Instead of this term, IDOCs MAY use “trust- file PKI”. (See: web, Web).

Tutorial: This type of architecture does not usually include public repositories of certificates. Instead, each certificate user builds their own, private repository of trusted public keys by making personal judgments about being able to trust certain people to be holding properly certified keys of other people. It is this set of person-to-person relationships from which the architecture gets its name.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• web server

(I) A software process that runs on a host computer connected to a network and responds to HTTP requests made by client web browsers.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• WEP

( N) See: Wired Equivalency Protocol.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• Wired Equivalent Privacy (WEP)

( N) A cryptographic protocol that is defined in the IEEE 802.11 standard and encapsulates the packets on wireless LANs. Usage: a.k.a. “Wired Equivalency Protocol”.

Tutorial: The WEP design, which uses RC4 to encrypt both the plain text and a CRC, has been shown to be flawed in multiple ways; and it also has often suffered from flawed implementation and management.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• wiretapping

(I) An attack that intercepts and accesses information contained in a data flow in a communication system. (See: active wiretapping, end-to-end encryption, passive wiretapping, secondary definition under “interception”.)

Shirey Informational Page 336]

RFC 4949 Internet Security Glossary, Version 2 August 2007

Usage: Although the term originally referred to making a mechanical connection to an electrical conductor that links two nodes, it is now used to refer to accessing information from any sort of medium used for a link or even from a node, such as a gateway or subnetwork switch.

Tutorial: Wiretapping can be characterized according to intent:

• “Active wiretapping” attempts to alter the data or otherwise

affect the flow.

• “Passive wiretapping” only attempts to observe the data flow

and gain knowledge of information contained in it.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• work factor

1a. (I) /COMPUSEC/ The estimated amount of effort or time that can be expected to be expended by a potential intruder to penetrate a system, or defeat a particular countermeasure, when using specified amounts of expertise and resources. (See: brute force, impossible, strength.)

1b. (I) /cryptography/ The estimated amount of computing power and time needed to break a cryptographic system. (See: brute force, impossible, strength.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• World Wide Web (“the Web”, WWW)

( N) The global, hypermedia-based collection of information and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms. (See: web vs. Web, [R2084].)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• World Wide Web Consortium (W3C)

( N) Created in October 1994 to develop and standardize protocols to promote the evolution and interoperability of the Web, and now consisting of hundreds of member organizations (commercial firms, governmental agencies, schools, and others).

Tutorial: W3C Recommendations are developed through a process similar to that of the standards published by other organizations, such as the IETF. The W3 Recommendation Track (i.e., standards track) has four levels of increasing maturity: Working, Candidate Recommendation, Proposed Recommendation, and W3C Recommendation. W3C Recommendations are similar to the standards published by other organizations. (Compare: Internet Standard, ISO.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• worm

(I) A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume system resources destructively. (See: mobile code, Morris Worm, virus.)

Shirey Informational Page 337]

RFC 4949 Internet Security Glossary, Version 2 August 2007

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• wrap

1. ( N) To use cryptography to provide data confidentiality service for keying material. (See: encrypt, wrapping algorithm, wrapping key. Compare: seal, shroud.)

2. (D) To use cryptography to provide data confidentiality service for data in general.

Deprecated Usage: IDOCs SHOULD NOT use this term with definition 2 because that duplicates the meaning of the more widely understood “encrypt”.

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• wrapping algorithm

( N) An encryption algorithm that is specifically intended for use in encrypting keys. (See: KEK, wrap.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• wrapping key

( N) Synonym for “KEK”. (See: encrypt. Compare: seal, shroud.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• write

(I) /security model/ A system operation that causes a flow of information from a subject to an object. (See: access mode. Compare: read.)

([[Fair Use]] [[Source]]: [[RFC 4949])

---

• WWW

(I) See: World Wide Web.

---

Fair Use Sources:

• RFC 4949 Internet Security Glossary