Strategic Security Intelligence
The All.Net Security Database
Generated Wed May 5 16:25:34 PDT 1999 by fc@all
Cause/Mechanism:
Threat Profiles
Attack Methods
Defense Methods
Process:
Prevention
Detection
Reaction
Impact:
Integrity
Availability
Confidential
Use Control
Other:
Risk Management
Database Description
Domain:
Physical
Informational
Systemic
Sophistication:
Theoretical
Demonstrated
Widespread
Perspectives:
Management
Policy
Standards
Procedures
Documentation
Audit
Testing
Technical Safeguards
Personnel
Incident Handling
Legal
Physical
Awareness
Training
Education
Organization
Brekne's Mechanistic:
Input
Output
Storage
Processing
Transmission
Brekne's Causal:
Accidental
Malicious
Brekne's Method:
Leakage
Masquerade
Denial
Corruption
Usage
Mental
Threat25:
Name:industrial espionage experts
People who specialize in harming companies to the benefit of other companies. (
e.g., The-Yellow-Pages
)
Complexity: These people tend to be highly skilled, well paid, and stealthy. They tend to use subtle techniques rather than brute force.
fc@all
Related Database Material
[Attack1 - errors and omissions]
[Attack2 - power failure]
[Attack3 - cable cuts]
[Attack4 - fire]
[Attack12 - relocation]
[Attack13 - system maintenance]
[Attack14 - testing]
[Attack15 - inadequate maintenance]
[Attack16 - Trojan horses]
[Attack17 - dumpster diving]
[Attack18 - fictitious people]
[Attack19 - protection missetting exploitation]
[Attack20 - resource availability manipulation]
[Attack21 - perception management a.k.a. human engineering]
[Attack22 - spoofing and masquerading]
[Attack25 - insertion in transit]
[Attack26 - observation in transit]
[Attack27 - modification in transit]
[Attack30 - bribes and extortion]
[Attack31 - get a job]
[Attack32 - password guessing]
[Attack33 - invalid values on calls]
[Attack34 - undocumented or unknown function exploitation]
[Attack36 - excess privilege exploitation]
[Attack38 - device access exploitation]
[Attack39 - modeling mismatches]
[Attack41 - implied trust exploitation]
[Attack43 - emergency procedure exploitation]
[Attack45 - imperfect daemon exploits]
[Attack47 - viruses]
[Attack48 - data diddling]
[Attack49 - van Eck bugging]
[Attack51 - PBX bugging]
[Attack52 - audio/video viewing]
[Attack53 - repair-replace-remove information]
[Attack54 - wire closet attacks]
[Attack55 - shoulder surfing]
[Attack56 - data aggregation]
[Attack57 - process bypassing]
[Attack58 - content-based attacks]
[Attack59 - backup theft, corruption, or destruction]
[Attack60 - restoration process corruption or misuse]
[Attack62 - call forwarding fakery]
[Attack63 - input overflow]
[Attack64 - illegal value insertion]
[Attack65 - residual data gathering]
[Attack66 - privileged program misuse]
[Attack68 - audit suppression]
[Attack71 - false updates]
[Attack72 - network service and protocol attacks]
[Attack74 - man-in-the-middle]
[Attack75 - selected plaintext]
[Attack76 - replay attacks]
[Attack81 - reflexive control]
[Attack84 - below-threshold attacks]
[Attack85 - peer relationship exploitation]
[Attack86 - inappropriate defaults]
[Attack87 - piggybacking]
[Attack88 - collaborative misuse]
[Attack93 - salami attacks]
[Attack94 - repudiation]
[Attack1 - errors and omissions]
[Attack2 - power failure]
[Attack3 - cable cuts]
[Attack4 - fire]
[Attack12 - relocation]
[Attack13 - system maintenance]
[Attack14 - testing]
[Attack15 - inadequate maintenance]
[Attack16 - Trojan horses]
[Attack17 - dumpster diving]
[Attack18 - fictitious people]
[Attack19 - protection missetting exploitation]
[Attack20 - resource availability manipulation]
[Attack21 - perception management a.k.a. human engineering]
[Attack22 - spoofing and masquerading]
[Attack25 - insertion in transit]
[Attack26 - observation in transit]
[Attack27 - modification in transit]
[Attack30 - bribes and extortion]
[Attack31 - get a job]
[Attack32 - password guessing]
[Attack33 - invalid values on calls]
[Attack34 - undocumented or unknown function exploitation]
[Attack36 - excess privilege exploitation]
[Attack38 - device access exploitation]
[Attack39 - modeling mismatches]
[Attack41 - implied trust exploitation]
[Attack43 - emergency procedure exploitation]
[Attack45 - imperfect daemon exploits]
[Attack47 - viruses]
[Attack48 - data diddling]
[Attack49 - van Eck bugging]
[Attack51 - PBX bugging]
[Attack52 - audio/video viewing]
[Attack53 - repair-replace-remove information]
[Attack54 - wire closet attacks]
[Attack55 - shoulder surfing]
[Attack56 - data aggregation]
[Attack57 - process bypassing]
[Attack58 - content-based attacks]
[Attack59 - backup theft, corruption, or destruction]
[Attack60 - restoration process corruption or misuse]
[Attack62 - call forwarding fakery]
[Attack63 - input overflow]
[Attack64 - illegal value insertion]
[Attack65 - residual data gathering]
[Attack66 - privileged program misuse]
[Attack68 - audit suppression]
[Attack71 - false updates]
[Attack72 - network service and protocol attacks]
[Attack74 - man-in-the-middle]
[Attack75 - selected plaintext]
[Attack76 - replay attacks]
[Attack81 - reflexive control]
[Attack84 - below-threshold attacks]
[Attack85 - peer relationship exploitation]
[Attack86 - inappropriate defaults]
[Attack87 - piggybacking]
[Attack88 - collaborative misuse]
[Attack93 - salami attacks]
[Attack94 - repudiation]