Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack71:

    Name:false updates

    Complexity: This attack appears to be easily carried out against many installations and examples have shown that even well-trained and adequately briefed employees fail to prevent such an attack. In cases where relatively secure distribution techniques are used, the complexity may be driven up, but more often than not, the addition of a disk will bypass even this sort of process.
    fc@red.a.net

    Related Database Material

    [TBVInput - Relates to Input]
    [TBVMalicious - Relates to Malicious]
    [TBVDenial - Relates to Denial]
    [PDRIntegrity - Relates to Integrity]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat3 - reporters]
    [Threat4 - consultants]
    [Threat8 - competitors]
    [Threat10 - hackers]
    [Threat11 - crackers]
    [Threat12 - club initiates]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat15 - maintenance people]
    [Threat16 - professional thieves]
    [Threat20 - crackers for hire]
    [Threat22 - organized crime]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Defense54 - accountability]
    [Defense131 - adversary principle (GASSP)]
    [Defense62 - analysis of physical characteristics]
    [Defense29 - auditing]
    [Defense45 - augmented authentication devices time or use variant]
    [Defense88 - authenticated information]
    [Defense61 - authentication of packets]
    [Defense47 - authorization limitation]
    [Defense8 - automated protection checkers and setters]
    [Defense57 - change management]
    [Defense58 - configuration management]
    [Defense96 - content checking]
    [Defense13 - detection before failure]
    [Defense75 - disconnect maintenance access]
    [Defense118 - document and information control procedures]
    [Defense63 - encrypted authentication]
    [Defense18 - encryption]
    [Defense119 - individual accountability for all assets and actions]
    [Defense74 - information flow controls]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense89 - integrity checking]
    [Defense79 - inventory control]
    [Defense111 - minimize traffic in work areas]
    [Defense108 - numbering and tracking all sensitive information]
    [Defense69 - path diversity]
    [Defense15 - physical security]
    [Defense25 - policies]
    [Defense28 - procedures]
    [Defense121 - program change logs]
    [Defense100 - retaining confidentiality of security status information]
    [Defense80 - secure distribution]
    [Defense83 - secure or trusted channels]
    [Defense48 - security marking and/or labeling]
    [Defense27 - standards]
    [Defense1 - strong change control]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense78 - trusted repair teams]