Focused On Your Success
The All.Net Security Database
Attack Cross Reference
Cause/Mechanism:
Threat Profiles
Attack Methods
Defense Methods
Process:
Prevention
Detection
Reaction
Impact:
Integrity
Availability
Confidential
Use Control
Other:
Risk Management
Database Description
Domain:
Physical
Informational
Systemic
Sophistication:
Theoretical
Demonstrated
Widespread
Perspectives:
Management
Policy
Standards
Procedures
Documentation
Audit
Testing
Technical Safeguards
Personnel
Incident Handling
Legal
Physical
Awareness
Training
Education
Organization
Brekne's Mechanistic:
Input
Output
Storage
Processing
Transmission
Brekne's Causal:
Accidental
Malicious
Brekne's Method:
Leakage
Masquerade
Denial
Corruption
Usage
Mental
audio/video viewing
audit suppression
backup theft, corruption, or destruction
below-threshold attacks
breaking key management systems
bribes and extortion
cable cuts
call forwarding fakery
cascade failures
collaborative misuse
combinations and sequences
content-based attacks
covert channels
cryptanalysis
data aggregation
data diddling
dependency analysis and exploitation
desychronization and time-based attacks
device access exploitation
distributed coordinated attacks
dumpster diving
earth movement
electronic interference
emergency procedure exploitation
environmental control loss
environment corruption
error-induced mis-operation
error insertion and analysis
errors and omissions
excess privilege exploitation
false updates
fictitious people
fire
flood
get a job
hangup hooking
hardware failure - system flaw exploitation
illegal value insertion
imperfect daemon exploits
implied trust exploitation
inadequate maintenance
inadequate notice exploitation
inappropriate defaults
induced stress failures
infrastructure interference
infrastructure observation
input overflow
insertion in transit
interprocess communication attacks
interrupt sequence mishandling
invalid values on calls
kiting
man-in-the-middle
modeling mismatches
modification in transit
multiple error inducement
network service and protocol attacks
observation in transit
password guessing
PBX bugging
peer relationship exploitation
perception management a.k.a. human engineering
piggybacking
power failure
privileged program misuse
process bypassing
protection missetting exploitation
race conditions
reflexive control
relocation
repair-replace-remove information
replay attacks
repudiation
residual data gathering
resource availability manipulation
restoration process corruption or misuse
salami attacks
selected plaintext
severe weather
shoulder surfing
simultaneous access exploitations
solar flares
spoofing and masquerading
static
strategic or tactical deceptions
sympathetic vibration
system maintenance
testing
Trojan horses
undocumented or unknown function exploitation
van Eck bugging
viruses
volcanos
wire closet attacks
Fri Jun 27 09:58:52 PDT 2003 fc