Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense1:

    Name:strong change control

    Complexity: Strong change control typically triples programming costs, does not permit rapid changes, and prohibits the use of macros and other similar general-purpose mechanisms now widely embedded in software environments. It also prohibits programming in the production system, requires a strong management commitment to the effort, and is limited to environments where the cost and inconvenience is acceptable.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRDetect - Relates to Detect]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSLogical - Relates to Logical]
    [ManAlManagement - Relates to Management]
    [ManAlPolicy - Relates to Policy]
    [ManAlStandards - Relates to Standards]
    [ManAlProcedures - Relates to Procedures]
    [ManAlDocumentation - Relates to Documentation]
    [ManAlAudit - Relates to Audit]
    [ManAlTesting - Relates to Testing]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlPhysical - Relates to Physical]
    [Attack1 - errors and omissions]
    [Attack7 - solar flares]
    [Attack12 - relocation]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack16 - Trojan horses]
    [Attack19 - protection missetting exploitation]
    [Attack23 - infrastructure interference]
    [Attack25 - insertion in transit]
    [Attack27 - modification in transit]
    [Attack28 - sympathetic vibration]
    [Attack31 - get a job]
    [Attack33 - invalid values on calls]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack37 - environment corruption]
    [Attack38 - device access exploitation]
    [Attack40 - simultaneous access exploitations]
    [Attack41 - implied trust exploitation]
    [Attack45 - imperfect daemon exploits]
    [Attack47 - viruses]
    [Attack48 - data diddling]
    [Attack51 - PBX bugging]
    [Attack60 - restoration process corruption or misuse]
    [Attack62 - call forwarding fakery]
    [Attack63 - input overflow]
    [Attack64 - illegal value insertion]
    [Attack67 - error-induced mis-operation]
    [Attack71 - false updates]
    [Attack78 - breaking key management systems]
    [Attack82 - dependency analysis and exploitation]
    [Attack88 - collaborative misuse]
    [Attack89 - race conditions]
    [Attack91 - combinations and sequences]
    [Attack94 - repudiation]