Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack26:

    Name:observation in transit

    Complexity: Except in cases where cryptography, spread spectrum, or other similar technology is used to defend against such an attack, it appears that observation in transit over physically insecure communications media is simple to accomplish and expensive to detect. In cases where the media is secured (e.g., interprocess communication within a single processor under a secure operating system) some method of getting around any system-level protection is also required.
    fc@red.a.net

    Related Database Material

    [TBVTransmission - Relates to Transmission]
    [TBVMalicious - Relates to Malicious]
    [TBVLeakage - Relates to Leakage]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRWidespread - Relates to Widespread]
    [PLSSystemic - Relates to Systemic]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat3 - reporters]
    [Threat4 - consultants]
    [Threat5 - vendors]
    [Threat6 - customers]
    [Threat7 - Fraudsters]
    [Threat8 - competitors]
    [Threat9 - whistle blowers]
    [Threat10 - hackers]
    [Threat11 - crackers]
    [Threat12 - club initiates]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat15 - maintenance people]
    [Threat16 - professional thieves]
    [Threat20 - crackers for hire]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat27 - police]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Threat36 - extortionists]
    [Defense131 - adversary principle (GASSP)]
    [Defense62 - analysis of physical characteristics]
    [Defense33 - capture and punishment]
    [Defense137 - choice of location]
    [Defense114 - control physical access]
    [Defense99 - deceptions]
    [Defense60 - drop boxes and processors]
    [Defense63 - encrypted authentication]
    [Defense18 - encryption]
    [Defense71 - Faraday boxes]
    [Defense6 - feeding false information]
    [Defense65 - increased or enhanced perimeters]
    [Defense74 - information flow controls]
    [Defense67 - jamming]
    [Defense53 - known-attack scanning]
    [Defense85 - limited sharing]
    [Defense111 - minimize traffic in work areas]
    [Defense107 - minimizing copies of sensitive information]
    [Defense66 - noise injection]
    [Defense108 - numbering and tracking all sensitive information]
    [Defense69 - path diversity]
    [Defense15 - physical security]
    [Defense77 - physical switches or shields on equipment and devices]
    [Defense112 - place equipment and supplies out of harms way]
    [Defense122 - protection of names of resources]
    [Defense100 - retaining confidentiality of security status information]
    [Defense80 - secure distribution]
    [Defense81 - secure key management]
    [Defense83 - secure or trusted channels]
    [Defense4 - sensors]
    [Defense68 - spread spectrum]
    [Defense64 - tempest protection]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense73 - trunk access restriction]
    [Defense113 - universal use of badges]
    [Defense2 - waste data destruction]