Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack91:

    Name:combinations and sequences

    Complexity: Combinations and sequences of attacks are at least as complex as their individual components, and may be more complex to create in coordination. Detection may be less complex because detection of any subset or subsequence may be adequate to detect the combined attack. This has not been studied in any mathematical depth to date.
    fc@red.a.net

    Related Database Material

    [TBVMalicious - Relates to Malicious]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRWidespread - Relates to Widespread]
    [PLSSystemic - Relates to Systemic]
    [Threat4 - consultants]
    [Threat6 - customers]
    [Threat7 - Fraudsters]
    [Threat8 - competitors]
    [Threat10 - hackers]
    [Threat11 - crackers]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat16 - professional thieves]
    [Threat19 - activists]
    [Threat20 - crackers for hire]
    [Threat26 - foreign agents and spies]
    [Threat27 - police]
    [Threat28 - government agencies]
    [Threat29 - infrastructure warriors]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat34 - paramilitary groups]
    [Threat35 - information warriors]
    [Defense131 - adversary principle (GASSP)]
    [Defense135 - alarms]
    [Defense32 - anomaly detection]
    [Defense30 - audit analysis]
    [Defense35 - awareness of implications]
    [Defense33 - capture and punishment]
    [Defense137 - choice of location]
    [Defense120 - clear line of responsibility for protection]
    [Defense94 - concealed services]
    [Defense58 - configuration management]
    [Defense91 - conservative resource allocation]
    [Defense132 - continuity principle (GASSP)]
    [Defense99 - deceptions]
    [Defense72 - detailed audit]
    [Defense13 - detection before failure]
    [Defense87 - disable unsafe features]
    [Defense76 - effective protection mind-set]
    [Defense139 - environmental controls]
    [Defense21 - fault isolation]
    [Defense6 - feeding false information]
    [Defense14 - human intervention after detection]
    [Defense65 - increased or enhanced perimeters]
    [Defense127 - integration principle (GASSP)]
    [Defense89 - integrity checking]
    [Defense130 - internal control principle (GASSP)]
    [Defense10 - isolated sub-file-system areas]
    [Defense84 - limited function]
    [Defense86 - limited transitivity]
    [Defense59 - lockouts]
    [Defense31 - misuse detection]
    [Defense126 - multidisciplinary principle (GASSP)]
    [Defense66 - noise injection]
    [Defense69 - path diversity]
    [Defense98 - perception management]
    [Defense25 - policies]
    [Defense28 - procedures]
    [Defense104 - protection of data used in system testing]
    [Defense122 - protection of names of resources]
    [Defense70 - quad-tri-multi-angulation]
    [Defense16 - redundancy]
    [Defense101 - regular review of protection measures]
    [Defense23 - reintegration]
    [Defense26 - rerouting attacks]
    [Defense100 - retaining confidentiality of security status information]
    [Defense51 - secure design]
    [Defense40 - separation of duties]
    [Defense115 - separation of equipment so as to limit damage from local events]
    [Defense41 - separation of function]
    [Defense133 - simplicity principle (GASSP)]
    [Defense27 - standards]
    [Defense103 - standby equipment]
    [Defense1 - strong change control]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense20 - temporary blindness]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense128 - timeliness principle (GASSP)]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense24 - training and awareness]
    [Defense95 - traps]
    [Defense9 - trusted applications]
    [Defense97 - trusted system technologies]