Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense87:

    Name:disable unsafe features

    Complexity: This is not difficult to to, but often the feature that is unsafe is used and this introduces a risk/benefit tradeoff. It is also common to find new vulnerabilities and if this policy is followed, it may result in numerous changes in how systems are used and thus create operational problems that make the use of many features infeasible.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRReact - Relates to React]
    [PDRIntegrity - Relates to Integrity]
    [PDRAvailability - Relates to Availability]
    [PDRConfidentiality - Relates to Confidentiality]
    [PDRUse - Relates to Use]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [ManAlPolicy - Relates to Policy]
    [ManAlStandards - Relates to Standards]
    [ManAlProcedures - Relates to Procedures]
    [ManAlSafeguards - Relates to Safeguards]
    [ManAlIncident - Relates to Incident]
    [ManAlPhysical - Relates to Physical]
    [Attack1 - errors and omissions]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack15 - inadequate maintenance]
    [Attack16 - Trojan horses]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack22 - spoofing and masquerading]
    [Attack23 - infrastructure interference]
    [Attack27 - modification in transit]
    [Attack28 - sympathetic vibration]
    [Attack29 - cascade failures]
    [Attack36 - excess privilege exploitation]
    [Attack38 - device access exploitation]
    [Attack39 - modeling mismatches]
    [Attack43 - emergency procedure exploitation]
    [Attack45 - imperfect daemon exploits]
    [Attack51 - PBX bugging]
    [Attack52 - audio/video viewing]
    [Attack63 - input overflow]
    [Attack66 - privileged program misuse]
    [Attack67 - error-induced mis-operation]
    [Attack69 - induced stress failures]
    [Attack70 - hardware failure - system flaw exploitation]
    [Attack72 - network service and protocol attacks]
    [Attack73 - distributed coordinated attacks]
    [Attack78 - breaking key management systems]
    [Attack81 - reflexive control]
    [Attack82 - dependency analysis and exploitation]
    [Attack83 - interprocess communication attacks]
    [Attack85 - peer relationship exploitation]
    [Attack86 - inappropriate defaults]
    [Attack89 - race conditions]
    [Attack91 - combinations and sequences]