Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Defense59:

    Name:lockouts

    Complexity: The major complexity in lockouts comes when they are used automatically. This leads to the possibility for enemy use reflexive control to cause denial of services. Analyzing this class of behaviors is quite complex.
    fc@red.a.net

    Related Database Material

    [PDRReact - Relates to React]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRWidespread - Relates to Widespread]
    [PLSSystemic - Relates to Systemic]
    [ManAlPolicy - Relates to Policy]
    [ManAlProcedures - Relates to Procedures]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlPersonnel - Relates to Personnel]
    [ManAlIncident - Relates to Incident]
    [ManAlLegal - Relates to Legal]
    [ManAlPhysical - Relates to Physical]
    [Attack1 - errors and omissions]
    [Attack2 - power failure]
    [Attack3 - cable cuts]
    [Attack11 - environmental control loss]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack15 - inadequate maintenance]
    [Attack16 - Trojan horses]
    [Attack18 - fictitious people]
    [Attack19 - protection missetting exploitation]
    [Attack20 - resource availability manipulation]
    [Attack23 - infrastructure interference]
    [Attack29 - cascade failures]
    [Attack32 - password guessing]
    [Attack38 - device access exploitation]
    [Attack39 - modeling mismatches]
    [Attack40 - simultaneous access exploitations]
    [Attack42 - interrupt sequence mishandling]
    [Attack43 - emergency procedure exploitation]
    [Attack52 - audio/video viewing]
    [Attack61 - hangup hooking]
    [Attack62 - call forwarding fakery]
    [Attack69 - induced stress failures]
    [Attack70 - hardware failure - system flaw exploitation]
    [Attack76 - replay attacks]
    [Attack78 - breaking key management systems]
    [Attack81 - reflexive control]
    [Attack82 - dependency analysis and exploitation]
    [Attack84 - below-threshold attacks]
    [Attack87 - piggybacking]
    [Attack91 - combinations and sequences]
    [Attack92 - kiting]
    [Attack93 - salami attacks]