Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Attack84:

    Name:below-threshold attacks

    Complexity: Remaining below detection thresholds is straightforward if the thresholds are known and not possible to guarantee if they are unknown. In most cases, estimates based on comparable policies or widely published standards are adequate to accomplish below-threshold attacks.
    fc@red.a.net

    Related Database Material

    [TBVProcessing - Relates to Processing]
    [TBVMalicious - Relates to Malicious]
    [TBVLeakage - Relates to Leakage]
    [TBVmasQuerade - Relates to masQuerade]
    [TBVDenial - Relates to Denial]
    [TBVUsage - Relates to Usage]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [Threat1 - insiders]
    [Threat4 - consultants]
    [Threat10 - hackers]
    [Threat11 - crackers]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat16 - professional thieves]
    [Threat20 - crackers for hire]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Defense131 - adversary principle (GASSP)]
    [Defense30 - audit analysis]
    [Defense45 - augmented authentication devices time or use variant]
    [Defense35 - awareness of implications]
    [Defense99 - deceptions]
    [Defense72 - detailed audit]
    [Defense13 - detection before failure]
    [Defense6 - feeding false information]
    [Defense119 - individual accountability for all assets and actions]
    [Defense59 - lockouts]
    [Defense98 - perception management]
    [Defense100 - retaining confidentiality of security status information]
    [Defense4 - sensors]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense20 - temporary blindness]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense95 - traps]