Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack37:

    Name:environment corruption

    Complexity: In most computing environments, there are only a relatively small number of ways that environment variables get set or used. This limits the search for such vulnerabilities substantially, however, the ways in which environmental variables might be used by programs in general is unlimited. Thus the theoretical complexity of identifying all such problems would likely be at least NP-complete. This would seem to give computational leverage to the attacker.
    fc@red.a.net

    Related Database Material

    [TBVStorage - Relates to Storage]
    [TBVMalicious - Relates to Malicious]
    [TBVDenial - Relates to Denial]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSPhysical - Relates to Physical]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat4 - consultants]
    [Threat6 - customers]
    [Threat11 - crackers]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat15 - maintenance people]
    [Threat18 - vandals]
    [Threat20 - crackers for hire]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Threat36 - extortionists]
    [Defense62 - analysis of physical characteristics]
    [Defense32 - anomaly detection]
    [Defense57 - change management]
    [Defense137 - choice of location]
    [Defense58 - configuration management]
    [Defense96 - content checking]
    [Defense63 - encrypted authentication]
    [Defense139 - environmental controls]
    [Defense71 - Faraday boxes]
    [Defense138 - filtering devices]
    [Defense65 - increased or enhanced perimeters]
    [Defense102 - independent computer and tool use by auditors]
    [Defense109 - independent control of audit information]
    [Defense74 - information flow controls]
    [Defense89 - integrity checking]
    [Defense55 - integrity shells]
    [Defense67 - jamming]
    [Defense84 - limited function]
    [Defense85 - limited sharing]
    [Defense111 - minimize traffic in work areas]
    [Defense31 - misuse detection]
    [Defense22 - out-of-range detection]
    [Defense19 - over-damped protocols]
    [Defense69 - path diversity]
    [Defense15 - physical security]
    [Defense122 - protection of names of resources]
    [Defense101 - regular review of protection measures]
    [Defense51 - secure design]
    [Defense80 - secure distribution]
    [Defense83 - secure or trusted channels]
    [Defense41 - separation of function]
    [Defense68 - spread spectrum]
    [Defense1 - strong change control]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense24 - training and awareness]
    [Defense95 - traps]
    [Defense97 - trusted system technologies]