Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Attack27:

    Name:modification in transit

    Complexity: Modification in transit is roughly equivalent in complexity to the combination of observation in transit and insertion in transit, however, because of the real-time requirements for some sorts of modification in transit, the difficulty of successful attack may be significantly increased.
    fc@red.a.net

    Related Database Material

    [TBVTransmission - Relates to Transmission]
    [TBVMalicious - Relates to Malicious]
    [TBVDenial - Relates to Denial]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat4 - consultants]
    [Threat5 - vendors]
    [Threat6 - customers]
    [Threat7 - Fraudsters]
    [Threat10 - hackers]
    [Threat11 - crackers]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat15 - maintenance people]
    [Threat16 - professional thieves]
    [Threat18 - vandals]
    [Threat19 - activists]
    [Threat20 - crackers for hire]
    [Threat22 - organized crime]
    [Threat23 - drug cartels]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat29 - infrastructure warriors]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Threat36 - extortionists]
    [Defense131 - adversary principle (GASSP)]
    [Defense32 - anomaly detection]
    [Defense45 - augmented authentication devices time or use variant]
    [Defense88 - authenticated information]
    [Defense61 - authentication of packets]
    [Defense47 - authorization limitation]
    [Defense57 - change management]
    [Defense137 - choice of location]
    [Defense58 - configuration management]
    [Defense96 - content checking]
    [Defense114 - control physical access]
    [Defense72 - detailed audit]
    [Defense87 - disable unsafe features]
    [Defense60 - drop boxes and processors]
    [Defense7 - effective mandatory access control]
    [Defense63 - encrypted authentication]
    [Defense18 - encryption]
    [Defense139 - environmental controls]
    [Defense71 - Faraday boxes]
    [Defense21 - fault isolation]
    [Defense138 - filtering devices]
    [Defense65 - increased or enhanced perimeters]
    [Defense74 - information flow controls]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense89 - integrity checking]
    [Defense55 - integrity shells]
    [Defense79 - inventory control]
    [Defense67 - jamming]
    [Defense53 - known-attack scanning]
    [Defense37 - least privilege]
    [Defense84 - limited function]
    [Defense85 - limited sharing]
    [Defense86 - limited transitivity]
    [Defense82 - locks]
    [Defense111 - minimize traffic in work areas]
    [Defense31 - misuse detection]
    [Defense43 - multi-version programming]
    [Defense66 - noise injection]
    [Defense108 - numbering and tracking all sensitive information]
    [Defense22 - out-of-range detection]
    [Defense69 - path diversity]
    [Defense15 - physical security]
    [Defense77 - physical switches or shields on equipment and devices]
    [Defense112 - place equipment and supplies out of harms way]
    [Defense28 - procedures]
    [Defense121 - program change logs]
    [Defense122 - protection of names of resources]
    [Defense16 - redundancy]
    [Defense100 - retaining confidentiality of security status information]
    [Defense51 - secure design]
    [Defense80 - secure distribution]
    [Defense81 - secure key management]
    [Defense83 - secure or trusted channels]
    [Defense4 - sensors]
    [Defense115 - separation of equipment so as to limit damage from local events]
    [Defense68 - spread spectrum]
    [Defense1 - strong change control]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense64 - tempest protection]
    [Defense20 - temporary blindness]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense113 - universal use of badges]