Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense58:

    Name:configuration management

    Complexity: Configuration management normally requires a tool to describe policy controls, a tool to translate policy into the methods available for protection, and a set of tools which implement those controls on each of the controlled machines. In some cases, policy may be incommensurable with implemented protection capabilities, in other cases, proper configuration may require a substantial amount of effort, and the process of changing from one control setting to the next may introduce unresolvable insecurities.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [ManAlStandards - Relates to Standards]
    [ManAlProcedures - Relates to Procedures]
    [ManAlDocumentation - Relates to Documentation]
    [ManAlAudit - Relates to Audit]
    [ManAlTesting - Relates to Testing]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlIncident - Relates to Incident]
    [ManAlPhysical - Relates to Physical]
    [ManAlOrganization - Relates to Organization]
    [Attack1 - errors and omissions]
    [Attack3 - cable cuts]
    [Attack12 - relocation]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack15 - inadequate maintenance]
    [Attack16 - Trojan horses]
    [Attack19 - protection missetting exploitation]
    [Attack20 - resource availability manipulation]
    [Attack23 - infrastructure interference]
    [Attack27 - modification in transit]
    [Attack29 - cascade failures]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack37 - environment corruption]
    [Attack38 - device access exploitation]
    [Attack40 - simultaneous access exploitations]
    [Attack48 - data diddling]
    [Attack54 - wire closet attacks]
    [Attack59 - backup theft, corruption, or destruction]
    [Attack60 - restoration process corruption or misuse]
    [Attack62 - call forwarding fakery]
    [Attack67 - error-induced mis-operation]
    [Attack69 - induced stress failures]
    [Attack71 - false updates]
    [Attack78 - breaking key management systems]
    [Attack80 - error insertion and analysis]
    [Attack82 - dependency analysis and exploitation]
    [Attack86 - inappropriate defaults]
    [Attack90 - strategic or tactical deceptions]
    [Attack91 - combinations and sequences]