Strategic Security Intelligence


The All.Net Security Database

Generated Wed May 5 16:25:34 PDT 1999 by fc@all

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Threat33:

    Name:military organizations

    Complexity: Militaries tend to blow things up, however, in the more advanced military organizations, information is exploited to maximize their advantage and neutralize opponent capabilities. Physical destruction is often avoided in order to preserve infrastructure used after the conflict has ended. They tend to have and use exotic as well as every-day capabilities.
    fc@all

    Related Database Material

    [Attack1 - errors and omissions]
    [Attack2 - power failure]
    [Attack3 - cable cuts]
    [Attack4 - fire]
    [Attack5 - flood]
    [Attack10 - static]
    [Attack11 - environmental control loss]
    [Attack12 - relocation]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack15 - inadequate maintenance]
    [Attack16 - Trojan horses]
    [Attack17 - dumpster diving]
    [Attack18 - fictitious people]
    [Attack19 - protection missetting exploitation]
    [Attack20 - resource availability manipulation]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack22 - spoofing and masquerading]
    [Attack23 - infrastructure interference]
    [Attack24 - infrastructure observation]
    [Attack25 - insertion in transit]
    [Attack26 - observation in transit]
    [Attack27 - modification in transit]
    [Attack28 - sympathetic vibration]
    [Attack29 - cascade failures]
    [Attack30 - bribes and extortion]
    [Attack31 - get a job]
    [Attack32 - password guessing]
    [Attack33 - invalid values on calls]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack36 - excess privilege exploitation]
    [Attack37 - environment corruption]
    [Attack38 - device access exploitation]
    [Attack39 - modeling mismatches]
    [Attack40 - simultaneous access exploitations]
    [Attack41 - implied trust exploitation]
    [Attack42 - interrupt sequence mishandling]
    [Attack43 - emergency procedure exploitation]
    [Attack44 - desychronization and time-based attacks]
    [Attack45 - imperfect daemon exploits]
    [Attack46 - multiple error inducement]
    [Attack47 - viruses]
    [Attack48 - data diddling]
    [Attack49 - van Eck bugging]
    [Attack50 - electronic interference]
    [Attack51 - PBX bugging]
    [Attack52 - audio/video viewing]
    [Attack53 - repair-replace-remove information]
    [Attack54 - wire closet attacks]
    [Attack55 - shoulder surfing]
    [Attack56 - data aggregation]
    [Attack57 - process bypassing]
    [Attack58 - content-based attacks]
    [Attack59 - backup theft, corruption, or destruction]
    [Attack60 - restoration process corruption or misuse]
    [Attack61 - hangup hooking]
    [Attack62 - call forwarding fakery]
    [Attack63 - input overflow]
    [Attack64 - illegal value insertion]
    [Attack65 - residual data gathering]
    [Attack66 - privileged program misuse]
    [Attack67 - error-induced mis-operation]
    [Attack68 - audit suppression]
    [Attack69 - induced stress failures]
    [Attack70 - hardware failure - system flaw exploitation]
    [Attack71 - false updates]
    [Attack72 - network service and protocol attacks]
    [Attack73 - distributed coordinated attacks]
    [Attack74 - man-in-the-middle]
    [Attack75 - selected plaintext]
    [Attack76 - replay attacks]
    [Attack77 - cryptanalysis]
    [Attack78 - breaking key management systems]
    [Attack79 - covert channels]
    [Attack80 - error insertion and analysis]
    [Attack81 - reflexive control]
    [Attack82 - dependency analysis and exploitation]
    [Attack83 - interprocess communication attacks]
    [Attack84 - below-threshold attacks]
    [Attack85 - peer relationship exploitation]
    [Attack86 - inappropriate defaults]
    [Attack87 - piggybacking]
    [Attack88 - collaborative misuse]
    [Attack89 - race conditions]
    [Attack90 - strategic or tactical deceptions]
    [Attack91 - combinations and sequences]
    [Attack92 - kiting]
    [Attack93 - salami attacks]
    [Attack94 - repudiation]
    [Attack1 - errors and omissions]
    [Attack2 - power failure]
    [Attack3 - cable cuts]
    [Attack4 - fire]
    [Attack5 - flood]
    [Attack10 - static]
    [Attack11 - environmental control loss]
    [Attack12 - relocation]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack15 - inadequate maintenance]
    [Attack16 - Trojan horses]
    [Attack17 - dumpster diving]
    [Attack18 - fictitious people]
    [Attack19 - protection missetting exploitation]
    [Attack20 - resource availability manipulation]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack22 - spoofing and masquerading]
    [Attack23 - infrastructure interference]
    [Attack24 - infrastructure observation]
    [Attack25 - insertion in transit]
    [Attack26 - observation in transit]
    [Attack27 - modification in transit]
    [Attack28 - sympathetic vibration]
    [Attack29 - cascade failures]
    [Attack30 - bribes and extortion]
    [Attack31 - get a job]
    [Attack32 - password guessing]
    [Attack33 - invalid values on calls]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack36 - excess privilege exploitation]
    [Attack37 - environment corruption]
    [Attack38 - device access exploitation]
    [Attack39 - modeling mismatches]
    [Attack40 - simultaneous access exploitations]
    [Attack41 - implied trust exploitation]
    [Attack42 - interrupt sequence mishandling]
    [Attack43 - emergency procedure exploitation]
    [Attack44 - desychronization and time-based attacks]
    [Attack45 - imperfect daemon exploits]
    [Attack46 - multiple error inducement]
    [Attack47 - viruses]
    [Attack48 - data diddling]
    [Attack49 - van Eck bugging]
    [Attack50 - electronic interference]
    [Attack51 - PBX bugging]
    [Attack52 - audio/video viewing]
    [Attack53 - repair-replace-remove information]
    [Attack54 - wire closet attacks]
    [Attack55 - shoulder surfing]
    [Attack56 - data aggregation]
    [Attack57 - process bypassing]
    [Attack58 - content-based attacks]
    [Attack59 - backup theft, corruption, or destruction]
    [Attack60 - restoration process corruption or misuse]
    [Attack61 - hangup hooking]
    [Attack62 - call forwarding fakery]
    [Attack63 - input overflow]
    [Attack64 - illegal value insertion]
    [Attack65 - residual data gathering]
    [Attack66 - privileged program misuse]
    [Attack67 - error-induced mis-operation]
    [Attack68 - audit suppression]
    [Attack69 - induced stress failures]
    [Attack70 - hardware failure - system flaw exploitation]
    [Attack71 - false updates]
    [Attack72 - network service and protocol attacks]
    [Attack73 - distributed coordinated attacks]
    [Attack74 - man-in-the-middle]
    [Attack75 - selected plaintext]
    [Attack76 - replay attacks]
    [Attack77 - cryptanalysis]
    [Attack78 - breaking key management systems]
    [Attack79 - covert channels]
    [Attack80 - error insertion and analysis]
    [Attack81 - reflexive control]
    [Attack82 - dependency analysis and exploitation]
    [Attack83 - interprocess communication attacks]
    [Attack84 - below-threshold attacks]
    [Attack85 - peer relationship exploitation]
    [Attack86 - inappropriate defaults]
    [Attack87 - piggybacking]
    [Attack88 - collaborative misuse]
    [Attack89 - race conditions]
    [Attack90 - strategic or tactical deceptions]
    [Attack91 - combinations and sequences]
    [Attack92 - kiting]
    [Attack93 - salami attacks]
    [Attack94 - repudiation]