Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:50 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Attack86:

    Name:inappropriate defaults

    Complexity: It may be quite difficult to create a comprehensive lists of appropriate defaults for any nontrivial system because the optimal settings are determined by the application. No substantial mathematics has been done on analyzing the complexity of finding proper settings, but many lists of improper defaults published for select operating systems appear to require only linear time and space with the number of files in a system in order to verify and correct mis-settings.
    fc@red.a.net

    Related Database Material

    [TBVInput - Relates to Input]
    [TBVAccidental - Relates to Accidental]
    [TBVLeakage - Relates to Leakage]
    [TBVmasQuerade - Relates to masQuerade]
    [TBVDenial - Relates to Denial]
    [TBVUsage - Relates to Usage]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRWidespread - Relates to Widespread]
    [PLSLogical - Relates to Logical]
    [Threat1 - insiders]
    [Threat2 - private investigators]
    [Threat3 - reporters]
    [Threat4 - consultants]
    [Threat6 - customers]
    [Threat8 - competitors]
    [Threat9 - whistle blowers]
    [Threat10 - hackers]
    [Threat11 - crackers]
    [Threat12 - club initiates]
    [Threat13 - cyber-gangs]
    [Threat14 - tiger teams]
    [Threat15 - maintenance people]
    [Threat16 - professional thieves]
    [Threat20 - crackers for hire]
    [Threat25 - industrial espionage experts]
    [Threat26 - foreign agents and spies]
    [Threat28 - government agencies]
    [Threat30 - economic rivals]
    [Threat31 - nation states]
    [Threat32 - global coalitions]
    [Threat33 - military organizations]
    [Threat35 - information warriors]
    [Threat36 - extortionists]
    [Defense54 - accountability]
    [Defense8 - automated protection checkers and setters]
    [Defense35 - awareness of implications]
    [Defense120 - clear line of responsibility for protection]
    [Defense58 - configuration management]
    [Defense13 - detection before failure]
    [Defense87 - disable unsafe features]
    [Defense75 - disconnect maintenance access]
    [Defense118 - document and information control procedures]
    [Defense7 - effective mandatory access control]
    [Defense76 - effective protection mind-set]
    [Defense44 - hard-to-guess passwords]
    [Defense14 - human intervention after detection]
    [Defense65 - increased or enhanced perimeters]
    [Defense119 - individual accountability for all assets and actions]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense53 - known-attack scanning]
    [Defense37 - least privilege]
    [Defense31 - misuse detection]
    [Defense42 - multi-person controls]
    [Defense43 - multi-version programming]
    [Defense28 - procedures]
    [Defense16 - redundancy]
    [Defense101 - regular review of protection measures]
    [Defense140 - searches and inspections]
    [Defense27 - standards]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense24 - training and awareness]
    [Defense97 - trusted system technologies]