Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack51:

    Name:PBX bugging

    Complexity: In cases where functions that support bugging are provided by the PBX, this attack is straight forward. In cases where no such function is provided, it is essentially impossible. Determining which is the case is non-trivial in general, but in practice it is usually straightforward.
    fc@red.a.net

    Related Database Material

    [TBVTransmission - Relates to Transmission]
    [TBVMalicious - Relates to Malicious]
    [TBVLeakage - Relates to Leakage]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSLogical - Relates to Logical]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat3 - reporters]
    [Threat4 - consultants]
    [Threat5 - vendors]
    [Threat6 - customers]
    [Threat8 - competitors]
    [Threat9 - whistle blowers]
    [Threat10 - hackers]
    [Threat11 - crackers]
    [Threat12 - club initiates]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat15 - maintenance people]
    [Threat16 - professional thieves]
    [Threat20 - crackers for hire]
    [Threat21 - deranged people]
    [Threat22 - organized crime]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat27 - police]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Threat36 - extortionists]
    [Defense30 - audit analysis]
    [Defense114 - control physical access]
    [Defense72 - detailed audit]
    [Defense13 - detection before failure]
    [Defense87 - disable unsafe features]
    [Defense75 - disconnect maintenance access]
    [Defense18 - encryption]
    [Defense14 - human intervention after detection]
    [Defense89 - integrity checking]
    [Defense130 - internal control principle (GASSP)]
    [Defense53 - known-attack scanning]
    [Defense37 - least privilege]
    [Defense31 - misuse detection]
    [Defense28 - procedures]
    [Defense121 - program change logs]
    [Defense101 - regular review of protection measures]
    [Defense51 - secure design]
    [Defense4 - sensors]
    [Defense40 - separation of duties]
    [Defense41 - separation of function]
    [Defense1 - strong change control]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense73 - trunk access restriction]