Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense100:

    Name:retaining confidentiality of security status information

    Complexity: Many refer to this practice as security through obscurity. There is tendency to use weaker protection techniques than are appropriate under the assumption that nobody will be able to figure them out. History shows this to be a poor assumption.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRAvailability - Relates to Availability]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRWidespread - Relates to Widespread]
    [PLSLogical - Relates to Logical]
    [ManAlManagement - Relates to Management]
    [ManAlPolicy - Relates to Policy]
    [ManAlStandards - Relates to Standards]
    [ManAlProcedures - Relates to Procedures]
    [ManAlDocumentation - Relates to Documentation]
    [ManAlAudit - Relates to Audit]
    [ManAlTesting - Relates to Testing]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlPersonnel - Relates to Personnel]
    [ManAlIncident - Relates to Incident]
    [ManAlLegal - Relates to Legal]
    [ManAlPhysical - Relates to Physical]
    [ManAlOrganization - Relates to Organization]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack16 - Trojan horses]
    [Attack18 - fictitious people]
    [Attack19 - protection missetting exploitation]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack23 - infrastructure interference]
    [Attack24 - infrastructure observation]
    [Attack26 - observation in transit]
    [Attack27 - modification in transit]
    [Attack30 - bribes and extortion]
    [Attack31 - get a job]
    [Attack43 - emergency procedure exploitation]
    [Attack66 - privileged program misuse]
    [Attack71 - false updates]
    [Attack78 - breaking key management systems]
    [Attack79 - covert channels]
    [Attack81 - reflexive control]
    [Attack84 - below-threshold attacks]
    [Attack85 - peer relationship exploitation]
    [Attack88 - collaborative misuse]
    [Attack91 - combinations and sequences]