Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense18:

    Name:encryption

    Complexity: Shannon's 1949 paper [Shannon49] on cryptanalysis asserted that, with the exception of the perfect protection provided by the on-time-pad, cryptography is based on driving up the workload for the attacker to break the code. The goal is to create computational leverage so that the encryption and decryption process are relatively easy for those in possession of the key(s) while the same process for those without the key(s) is relatively hard. Proper use of cryptography requires proper key management, which in many cases is the far harder problem. Encryptions algorithms which provide the proper leverage are now quite common.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRWidespread - Relates to Widespread]
    [PLSSystemic - Relates to Systemic]
    [ManAlManagement - Relates to Management]
    [ManAlPolicy - Relates to Policy]
    [ManAlStandards - Relates to Standards]
    [ManAlProcedures - Relates to Procedures]
    [ManAlAudit - Relates to Audit]
    [ManAlSafeguards - Relates to Safeguards]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack16 - Trojan horses]
    [Attack22 - spoofing and masquerading]
    [Attack23 - infrastructure interference]
    [Attack24 - infrastructure observation]
    [Attack25 - insertion in transit]
    [Attack26 - observation in transit]
    [Attack27 - modification in transit]
    [Attack36 - excess privilege exploitation]
    [Attack50 - electronic interference]
    [Attack51 - PBX bugging]
    [Attack53 - repair-replace-remove information]
    [Attack56 - data aggregation]
    [Attack57 - process bypassing]
    [Attack59 - backup theft, corruption, or destruction]
    [Attack60 - restoration process corruption or misuse]
    [Attack61 - hangup hooking]
    [Attack63 - input overflow]
    [Attack64 - illegal value insertion]
    [Attack65 - residual data gathering]
    [Attack66 - privileged program misuse]
    [Attack71 - false updates]
    [Attack72 - network service and protocol attacks]
    [Attack74 - man-in-the-middle]
    [Attack80 - error insertion and analysis]
    [Attack83 - interprocess communication attacks]
    [Attack85 - peer relationship exploitation]
    [Attack87 - piggybacking]