Part of the Attack.tex database ()

Focused On Your Success

The All.Net Security Database

Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism: Threat Profiles Attack Methods Defense Methods Process: Prevention Detection Reaction Impact: Integrity Availability Confidential Use Control	Other: Risk Management Database Description Domain: Physical Informational Systemic Sophistication: Theoretical Demonstrated Widespread	Perspectives: Management Policy Standards Procedures Documentation Audit Testing Technical Safeguards Personnel Incident Handling Legal Physical Awareness Training Education Organization
Brekne's Mechanistic: Input Output Storage Processing Transmission	Brekne's Causal: Accidental Malicious	Brekne's Method: Leakage Masquerade Denial Corruption Usage Mental

Attack74:

Name:man-in-the-middle

The attacker positions forces between two communicating parties and both intercepts and relays information between the parties so that each believes they are talking directly to the other when, in fact, both are communicating through the attacker. Examples include attacks on public key cryptosystems permitting a man-in-them-middle to fool both parties, attacks wherein an attacker takes over an ongoing telecommunications session when one party decides to terminate it, and attacks wherein an attacker inserts transactions and prevents responses to those transactions from reaching the legitimate user. Complexity: Man-in-the-middle attacks normally require the implementation of a near-real-time capability, but there are no mathematical impediments to most such attacks.

fc@red.a.net

Related Database Material

[TBVTransmission - Relates to Transmission]
[TBVMalicious - Relates to Malicious]
[TBVmasQuerade - Relates to masQuerade]
[PDRIntegrity - Relates to Integrity]
[PDRConfidentiality - Relates to Confidentiality]
[PDRUse - Relates to Use]
[PDRDemonstrated - Relates to Demonstrated]
[PLSSystemic - Relates to Systemic]
[Threat1 - insiders]
[Threat2 - private investigators]
[Threat4 - consultants]
[Threat5 - vendors]
[Threat7 - Fraudsters]
[Threat10 - hackers]
[Threat11 - crackers]
[Threat13 - cyber-gangs]
[Threat14 - tiger teams]
[Threat16 - professional thieves]
[Threat20 - crackers for hire]
[Threat25 - industrial espionage experts]
[Threat26 - foreign agents and spies]
[Threat27 - police]
[Threat28 - government agencies]
[Threat30 - economic rivals]
[Threat31 - nation states]
[Threat32 - global coalitions]
[Threat33 - military organizations]
[Threat35 - information warriors]
[Threat36 - extortionists]
[Defense131 - adversary principle (GASSP)]
[Defense62 - analysis of physical characteristics]
[Defense88 - authenticated information]
[Defense35 - awareness of implications]
[Defense63 - encrypted authentication]
[Defense18 - encryption]
[Defense74 - information flow controls]
[Defense89 - integrity checking]
[Defense69 - path diversity]
[Defense15 - physical security]
[Defense80 - secure distribution]
[Defense81 - secure key management]
[Defense83 - secure or trusted channels]
[Defense4 - sensors]
[Defense68 - spread spectrum]
[Defense125 - time, location, function, and other similar access limitations]
[Defense73 - trunk access restriction]