Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack72:

    Name:network service and protocol attacks

    Complexity: Analyzing protocol specifications to find candidate attacks appears to be straightforward and implementing many of these attacks has proven within the ability of an average programmer. In general, this problem would appear to be as complex as analyzing protocols which has been studied in depth before and shown to be at least NP-complete for certain subclasses of protocol elements.
    fc@red.a.net

    Related Database Material

    [TBVTransmission - Relates to Transmission]
    [TBVMalicious - Relates to Malicious]
    [TBVDenial - Relates to Denial]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRWidespread - Relates to Widespread]
    [PLSSystemic - Relates to Systemic]
    [Threat1 - insiders]
    [Threat4 - consultants]
    [Threat6 - customers]
    [Threat8 - competitors]
    [Threat11 - crackers]
    [Threat12 - club initiates]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat16 - professional thieves]
    [Threat18 - vandals]
    [Threat19 - activists]
    [Threat20 - crackers for hire]
    [Threat22 - organized crime]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat29 - infrastructure warriors]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Threat36 - extortionists]
    [Defense135 - alarms]
    [Defense32 - anomaly detection]
    [Defense30 - audit analysis]
    [Defense45 - augmented authentication devices time or use variant]
    [Defense88 - authenticated information]
    [Defense61 - authentication of packets]
    [Defense47 - authorization limitation]
    [Defense35 - awareness of implications]
    [Defense33 - capture and punishment]
    [Defense94 - concealed services]
    [Defense96 - content checking]
    [Defense99 - deceptions]
    [Defense87 - disable unsafe features]
    [Defense7 - effective mandatory access control]
    [Defense63 - encrypted authentication]
    [Defense18 - encryption]
    [Defense138 - filtering devices]
    [Defense65 - increased or enhanced perimeters]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense89 - integrity checking]
    [Defense10 - isolated sub-file-system areas]
    [Defense53 - known-attack scanning]
    [Defense84 - limited function]
    [Defense31 - misuse detection]
    [Defense19 - over-damped protocols]
    [Defense69 - path diversity]
    [Defense70 - quad-tri-multi-angulation]
    [Defense26 - rerouting attacks]
    [Defense51 - secure design]
    [Defense83 - secure or trusted channels]
    [Defense4 - sensors]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense20 - temporary blindness]
    [Defense125 - time, location, function, and other similar access limitations]