Focused On Your Success


The All.Net Security Database


Widespread Cross Reference
Widespread Cross Reference


This implies that tools and/or knowledge required for this is available to the general public and large numbers of people have and use this capability. Off-the-shelf would be a similar term in this context.

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • [Attack30 - bribes and extortion]
    [Attack3 - cable cuts]
    [Attack88 - collaborative misuse]
    [Attack91 - combinations and sequences]
    [Attack58 - content-based attacks]
    [Attack48 - data diddling]
    [Attack17 - dumpster diving]
    [Attack6 - earth movement]
    [Attack1 - errors and omissions]
    [Attack36 - excess privilege exploitation]
    [Attack18 - fictitious people]
    [Attack4 - fire]
    [Attack5 - flood]
    [Attack45 - imperfect daemon exploits]
    [Attack41 - implied trust exploitation]
    [Attack86 - inappropriate defaults]
    [Attack24 - infrastructure observation]
    [Attack63 - input overflow]
    [Attack72 - network service and protocol attacks]
    [Attack26 - observation in transit]
    [Attack32 - password guessing]
    [Attack85 - peer relationship exploitation]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack87 - piggybacking]
    [Attack66 - privileged program misuse]
    [Attack19 - protection missetting exploitation]
    [Attack65 - residual data gathering]
    [Attack9 - severe weather]
    [Attack55 - shoulder surfing]
    [Attack7 - solar flares]
    [Attack22 - spoofing and masquerading]
    [Attack10 - static]
    [Attack13 - system maintenance]
    [Attack16 - Trojan horses]
    [Attack47 - viruses]
    [Attack8 - volcanos]
    [Defense54 - accountability]
    [Defense30 - audit analysis]
    [Defense29 - auditing]
    [Defense45 - augmented authentication devices time or use variant]
    [Defense47 - authorization limitation]
    [Defense5 - background checks]
    [Defense49 - classifying information as to sensitivity]
    [Defense123 - compliance with laws and regulations]
    [Defense114 - control physical access]
    [Defense99 - deceptions]
    [Defense75 - disconnect maintenance access]
    [Defense118 - document and information control procedures]
    [Defense18 - encryption]
    [Defense138 - filtering devices]
    [Defense93 - fire doors, fire walls, asbestos suits and similar fire-limiting items]
    [Defense92 - fire suppression equipment]
    [Defense39 - good hiring practices]
    [Defense65 - increased or enhanced perimeters]
    [Defense53 - known-attack scanning]
    [Defense124 - legal agreements]
    [Defense59 - lockouts]
    [Defense82 - locks]
    [Defense15 - physical security]
    [Defense77 - physical switches or shields on equipment and devices]
    [Defense112 - place equipment and supplies out of harms way]
    [Defense28 - procedures]
    [Defense121 - program change logs]
    [Defense11 - quotas]
    [Defense16 - redundancy]
    [Defense100 - retaining confidentiality of security status information]
    [Defense140 - searches and inspections]
    [Defense48 - security marking and/or labeling]
    [Defense40 - separation of duties]
    [Defense115 - separation of equipment so as to limit damage from local events]
    [Defense68 - spread spectrum]
    [Defense103 - standby equipment]
    [Defense125 - time, location, function, and other similar access limitations]
    [Defense44 - hard-to-guess passwords]
    [Defense73 - trunk access restriction]
    [Defense17 - uninterruptable power supplies and motor generators]
    [Defense113 - universal use of badges]
    [Defense14 - human intervention after detection]
    [Defense90 - infrastructure-wide digging hotlines]
    [Defense136 - insurance]
    [Defense128 - timeliness principle (GASSP)]