Focused On Your Success


The All.Net Security Database


Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • Defense88:

    Name:authenticated information

    Complexity: Redundancy required for authentication and the complexity of high assurance authentication combine to limit the effectiveness of this method, however, there is an increasing trend towards its use because it is relatively efficient and reasonably easy to do with limited assurance.
    fc@red.a.net

    Related Database Material

    [PDRPrevent - Relates to Prevent]
    [PDRDetect - Relates to Detect]
    [PDRIntegrity - Relates to Integrity]
    [PDRDemonstrated - Relates to Demonstrated]
    [PLSSystemic - Relates to Systemic]
    [ManAlStandards - Relates to Standards]
    [ManAlProcedures - Relates to Procedures]
    [ManAlSafeguards - Relates to Safeguards]
    [Attack1 - errors and omissions]
    [Attack7 - solar flares]
    [Attack12 - relocation]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack16 - Trojan horses]
    [Attack18 - fictitious people]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack22 - spoofing and masquerading]
    [Attack23 - infrastructure interference]
    [Attack25 - insertion in transit]
    [Attack27 - modification in transit]
    [Attack33 - invalid values on calls]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack36 - excess privilege exploitation]
    [Attack39 - modeling mismatches]
    [Attack41 - implied trust exploitation]
    [Attack47 - viruses]
    [Attack48 - data diddling]
    [Attack50 - electronic interference]
    [Attack57 - process bypassing]
    [Attack58 - content-based attacks]
    [Attack59 - backup theft, corruption, or destruction]
    [Attack60 - restoration process corruption or misuse]
    [Attack61 - hangup hooking]
    [Attack62 - call forwarding fakery]
    [Attack63 - input overflow]
    [Attack64 - illegal value insertion]
    [Attack66 - privileged program misuse]
    [Attack71 - false updates]
    [Attack72 - network service and protocol attacks]
    [Attack74 - man-in-the-middle]
    [Attack76 - replay attacks]
    [Attack80 - error insertion and analysis]
    [Attack83 - interprocess communication attacks]
    [Attack85 - peer relationship exploitation]
    [Attack90 - strategic or tactical deceptions]
    [Attack94 - repudiation]