Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:56 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Threat6:

    Name:customers

    Complexity: Customers are often in competition with you over pricing and terms. Their economic motives are often not alligned with yours and in some cases, they take advantage of information in order to gain economic adantage in negotiations. In some cases, customers have worked their way into companies, extracted information, taken over their suppliers' businesses by taking advantage of the knowledge gained through their interactions.
    fc@red.a.net

    Related Database Material

    [Attack30 - bribes and extortion]
    [Attack88 - collaborative misuse]
    [Attack91 - combinations and sequences]
    [Attack58 - content-based attacks]
    [Attack79 - covert channels]
    [Attack56 - data aggregation]
    [Attack48 - data diddling]
    [Attack82 - dependency analysis and exploitation]
    [Attack17 - dumpster diving]
    [Attack43 - emergency procedure exploitation]
    [Attack37 - environment corruption]
    [Attack80 - error insertion and analysis]
    [Attack67 - error-induced mis-operation]
    [Attack1 - errors and omissions]
    [Attack36 - excess privilege exploitation]
    [Attack18 - fictitious people]
    [Attack70 - hardware failure - system flaw exploitation]
    [Attack64 - illegal value insertion]
    [Attack45 - imperfect daemon exploits]
    [Attack41 - implied trust exploitation]
    [Attack35 - inadequate notice exploitation]
    [Attack86 - inappropriate defaults]
    [Attack69 - induced stress failures]
    [Attack24 - infrastructure observation]
    [Attack33 - invalid values on calls]
    [Attack92 - kiting]
    [Attack39 - modeling mismatches]
    [Attack27 - modification in transit]
    [Attack72 - network service and protocol attacks]
    [Attack26 - observation in transit]
    [Attack90 - strategic or tactical deceptions]
    [Attack32 - password guessing]
    [Attack51 - PBX bugging]
    [Attack85 - peer relationship exploitation]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack87 - piggybacking]
    [Attack66 - privileged program misuse]
    [Attack57 - process bypassing]
    [Attack19 - protection missetting exploitation]
    [Attack81 - reflexive control]
    [Attack76 - replay attacks]
    [Attack94 - repudiation]
    [Attack65 - residual data gathering]
    [Attack20 - resource availability manipulation]
    [Attack93 - salami attacks]
    [Attack55 - shoulder surfing]
    [Attack40 - simultaneous access exploitations]
    [Attack22 - spoofing and masquerading]
    [Attack13 - system maintenance]
    [Attack14 - testing]
    [Attack16 - Trojan horses]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack47 - viruses]