Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack60:

    Name:restoration process corruption or misuse

    Complexity: Creating fake backups may be complicated by having to reproduce much of what is present on actual backups on the particular site, by having to create CRC codes for replaced components of a backup and by having to recreate an overall CRC code for the entire backup when altering only one component. None of these operations are very complex and all can be accomplished with near-linear time and space techniques.
    fc@red.a.net

    Related Database Material

    [TBVProcessing - Relates to Processing]
    [TBVMalicious - Relates to Malicious]
    [TBVLeakage - Relates to Leakage]
    [TBVDenial - Relates to Denial]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSLogical - Relates to Logical]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat4 - consultants]
    [Threat14 - tiger teams]
    [Threat15 - maintenance people]
    [Threat16 - professional thieves]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat29 - infrastructure warriors]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Threat36 - extortionists]
    [Defense88 - authenticated information]
    [Defense58 - configuration management]
    [Defense96 - content checking]
    [Defense114 - control physical access]
    [Defense118 - document and information control procedures]
    [Defense63 - encrypted authentication]
    [Defense18 - encryption]
    [Defense138 - filtering devices]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense89 - integrity checking]
    [Defense79 - inventory control]
    [Defense37 - least privilege]
    [Defense84 - limited function]
    [Defense42 - multi-person controls]
    [Defense108 - numbering and tracking all sensitive information]
    [Defense69 - path diversity]
    [Defense15 - physical security]
    [Defense112 - place equipment and supplies out of harms way]
    [Defense28 - procedures]
    [Defense16 - redundancy]
    [Defense80 - secure distribution]
    [Defense83 - secure or trusted channels]
    [Defense48 - security marking and/or labeling]
    [Defense40 - separation of duties]
    [Defense41 - separation of function]
    [Defense1 - strong change control]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense78 - trusted repair teams]
    [Defense97 - trusted system technologies]