Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack57:

    Name:process bypassing

    Complexity: This attack is often accomplished by a relatively unsophisticated attacker using only knowledge gained while on the job. The complexity of many such attacks is low, however, in the general case it may be quite difficult to assure that no such attacks exist without a particular level of collusion. Not formal analysis has been published to date.
    fc@red.a.net

    Related Database Material

    [TBVProcessing - Relates to Processing]
    [TBVMalicious - Relates to Malicious]
    [TBVDenial - Relates to Denial]
    [PDRIntegrity - Relates to Integrity]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat4 - consultants]
    [Threat5 - vendors]
    [Threat6 - customers]
    [Threat7 - Fraudsters]
    [Threat8 - competitors]
    [Threat10 - hackers]
    [Threat11 - crackers]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat15 - maintenance people]
    [Threat16 - professional thieves]
    [Threat19 - activists]
    [Threat20 - crackers for hire]
    [Threat23 - drug cartels]
    [Threat24 - terrorists]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat27 - police]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Defense54 - accountability]
    [Defense32 - anomaly detection]
    [Defense30 - audit analysis]
    [Defense29 - auditing]
    [Defense88 - authenticated information]
    [Defense47 - authorization limitation]
    [Defense35 - awareness of implications]
    [Defense33 - capture and punishment]
    [Defense118 - document and information control procedures]
    [Defense76 - effective protection mind-set]
    [Defense63 - encrypted authentication]
    [Defense18 - encryption]
    [Defense138 - filtering devices]
    [Defense34 - improved morality]
    [Defense130 - internal control principle (GASSP)]
    [Defense79 - inventory control]
    [Defense31 - misuse detection]
    [Defense42 - multi-person controls]
    [Defense108 - numbering and tracking all sensitive information]
    [Defense28 - procedures]
    [Defense51 - secure design]
    [Defense40 - separation of duties]
    [Defense41 - separation of function]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense24 - training and awareness]
    [Defense95 - traps]
    [Defense9 - trusted applications]