Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:56 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Threat5:

    Name:vendors

    Complexity: Vendors are often in competition with each other over sales and with you over pricing and terms. They tend to be in long-term relationships and often work closely with your people. Their economic motives are often not alligned with yours and in some cases, they take advantage of information in order to gain economic adantage in negotiations.
    fc@red.a.net

    Related Database Material

    [Attack30 - bribes and extortion]
    [Attack88 - collaborative misuse]
    [Attack58 - content-based attacks]
    [Attack79 - covert channels]
    [Attack56 - data aggregation]
    [Attack17 - dumpster diving]
    [Attack80 - error insertion and analysis]
    [Attack1 - errors and omissions]
    [Attack35 - inadequate notice exploitation]
    [Attack23 - infrastructure interference]
    [Attack24 - infrastructure observation]
    [Attack25 - insertion in transit]
    [Attack74 - man-in-the-middle]
    [Attack27 - modification in transit]
    [Attack26 - observation in transit]
    [Attack90 - strategic or tactical deceptions]
    [Attack51 - PBX bugging]
    [Attack32 - password guessing]
    [Attack85 - peer relationship exploitation]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack87 - piggybacking]
    [Attack57 - process bypassing]
    [Attack81 - reflexive control]
    [Attack53 - repair-replace-remove information]
    [Attack76 - replay attacks]
    [Attack94 - repudiation]
    [Attack65 - residual data gathering]
    [Attack20 - resource availability manipulation]
    [Attack93 - salami attacks]
    [Attack55 - shoulder surfing]
    [Attack22 - spoofing and masquerading]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack16 - Trojan horses]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack47 - viruses]
    [Attack54 - wire closet attacks]