Focused On Your Success


The All.Net Security Database

Detection Cross Reference
Detection Cross Reference

Detection: Unless we detect attacks, we cannot hope to respond to them. Historically, network-based detection has been poor. For example, according to several published sources, in the Internet less than 1 in 100 attacks are detected by those without a strong detection capability. Similarly, computer viruses are most commonly detected for the first time by people noticing system misbehavior. There are several reasons that detection has been poor.

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental
    • [Defense135 - alarms]
    [Defense62 - analysis of physical characteristics]
    [Defense32 - anomaly detection]
    [Defense30 - audit analysis]
    [Defense29 - auditing]
    [Defense45 - augmented authentication devices time or use variant]
    [Defense88 - authenticated information]
    [Defense61 - authentication of packets]
    [Defense8 - automated protection checkers and setters]
    [Defense35 - awareness of implications]
    [Defense46 - biometrics]
    [Defense57 - change management]
    [Defense49 - classifying information as to sensitivity]
    [Defense120 - clear line of responsibility for protection]
    [Defense94 - concealed services]
    [Defense96 - content checking]
    [Defense99 - deceptions]
    [Defense72 - detailed audit]
    [Defense3 - detect waste examination]
    [Defense13 - detection before failure]
    [Defense118 - document and information control procedures]
    [Defense76 - effective protection mind-set]
    [Defense63 - encrypted authentication]
    [Defense6 - feeding false information]
    [Defense138 - filtering devices]
    [Defense38 - financial situation checking]
    [Defense56 - fine-grained access control]
    [Defense44 - hard-to-guess passwords]
    [Defense102 - independent computer and tool use by auditors]
    [Defense109 - independent control of audit information]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense89 - integrity checking]
    [Defense55 - integrity shells]
    [Defense79 - inventory control]
    [Defense53 - known-attack scanning]
    [Defense31 - misuse detection]
    [Defense43 - multi-version programming]
    [Defense108 - numbering and tracking all sensitive information]
    [Defense22 - out-of-range detection]
    [Defense36 - periodic reassessment]
    [Defense28 - procedures]
    [Defense121 - program change logs]
    [Defense122 - protection of names of resources]
    [Defense70 - quad-tri-multi-angulation]
    [Defense11 - quotas]
    [Defense16 - redundancy]
    [Defense101 - regular review of protection measures]
    [Defense140 - searches and inspections]
    [Defense4 - sensors]
    [Defense41 - separation of function]
    [Defense1 - strong change control]
    [Defense48 - security marking and/or labeling]
    [Defense52 - testing]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense24 - training and awareness]
    [Defense95 - traps]
    [Defense97 - trusted system technologies]
    [Defense113 - universal use of badges]