Focused On Your Success


The All.Net Security Database


Reaction Cross Reference
Reaction Cross Reference


Reaction: Because we can't be certain that all detected intrusions are actually attacks, we must be careful about our reactions. But because attacks can be so highly automated that tens of thousands of attacks per hour can occur against one system, we cannot spend a lot of time on each activity. Thus we are faced with the dilemma of automating a reaction that is effective against real attacks and does not create side problems for false positives.

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • [Defense131 - adversary principle (GASSP)]
    [Defense135 - alarms]
    [Defense45 - augmented authentication devices time or use variant]
    [Defense47 - authorization limitation]
    [Defense33 - capture and punishment]
    [Defense96 - content checking]
    [Defense114 - control physical access]
    [Defense99 - deceptions]
    [Defense72 - detailed audit]
    [Defense87 - disable unsafe features]
    [Defense75 - disconnect maintenance access]
    [Defense21 - fault isolation]
    [Defense6 - feeding false information]
    [Defense38 - financial situation checking]
    [Defense92 - fire suppression equipment]
    [Defense14 - human intervention after detection]
    [Defense65 - increased or enhanced perimeters]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense136 - insurance]
    [Defense89 - integrity checking]
    [Defense10 - isolated sub-file-system areas]
    [Defense67 - jamming]
    [Defense53 - known-attack scanning]
    [Defense84 - limited function]
    [Defense85 - limited sharing]
    [Defense59 - lockouts]
    [Defense66 - noise injection]
    [Defense98 - perception management]
    [Defense134 - periods processing and color changes]
    [Defense28 - procedures]
    [Defense70 - quad-tri-multi-angulation]
    [Defense16 - redundancy]
    [Defense23 - reintegration]
    [Defense26 - rerouting attacks]
    [Defense140 - searches and inspections]
    [Defense41 - separation of function]
    [Defense103 - standby equipment]
    [Defense117 - suppression of incomplete, erroneous, or obsolete data]
    [Defense20 - temporary blindness]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense24 - training and awareness]
    [Defense73 - trunk access restriction]
    [Defense78 - trusted repair teams]
    [Defense17 - uninterruptable power supplies and motor generators]
    [Defense2 - waste data destruction]