Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:56 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Threat15:

    Name:maintenance people

    Complexity: Maintenance people commonly introduce viruses by accident. They often have far more physical access than even highly trusted employees, they are often allowed in sensitive areas alone and at off-hours, they are usually poorly paid and assumed to have little knowledge, and they are often trusted with items of high value.
    fc@red.a.net

    Related Database Material

    [Attack59 - backup theft, corruption, or destruction]
    [Attack3 - cable cuts]
    [Attack88 - collaborative misuse]
    [Attack48 - data diddling]
    [Attack38 - device access exploitation]
    [Attack17 - dumpster diving]
    [Attack37 - environment corruption]
    [Attack1 - errors and omissions]
    [Attack36 - excess privilege exploitation]
    [Attack71 - false updates]
    [Attack31 - get a job]
    [Attack41 - implied trust exploitation]
    [Attack86 - inappropriate defaults]
    [Attack23 - infrastructure interference]
    [Attack25 - insertion in transit]
    [Attack27 - modification in transit]
    [Attack26 - observation in transit]
    [Attack51 - PBX bugging]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack87 - piggybacking]
    [Attack57 - process bypassing]
    [Attack53 - repair-replace-remove information]
    [Attack65 - residual data gathering]
    [Attack20 - resource availability manipulation]
    [Attack60 - restoration process corruption or misuse]
    [Attack55 - shoulder surfing]
    [Attack22 - spoofing and masquerading]
    [Attack13 - system maintenance]
    [Attack16 - Trojan horses]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack47 - viruses]
    [Attack54 - wire closet attacks]