Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:56 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Threat1:

    Name:insiders

    Complexity: Insiders typically have special knowledge of internal controls that are unavailable to outsiders, and they have some amount of access. In some cases, they perform only authorized actions - as far as the information systems have been told. They are typically trusted and those in control often trust them to the point where placing internal controls against their attacks are considered offensive.
    fc@red.a.net

    Related Database Material

    [Attack52 - audio/video viewing]
    [Attack68 - audit suppression]
    [Attack59 - backup theft, corruption, or destruction]
    [Attack84 - below-threshold attacks]
    [Attack3 - cable cuts]
    [Attack62 - call forwarding fakery]
    [Attack88 - collaborative misuse]
    [Attack79 - covert channels]
    [Attack56 - data aggregation]
    [Attack48 - data diddling]
    [Attack43 - emergency procedure exploitation]
    [Attack37 - environment corruption]
    [Attack11 - environmental control loss]
    [Attack80 - error insertion and analysis]
    [Attack67 - error-induced mis-operation]
    [Attack1 - errors and omissions]
    [Attack36 - excess privilege exploitation]
    [Attack71 - false updates]
    [Attack18 - fictitious people]
    [Attack31 - get a job]
    [Attack64 - illegal value insertion]
    [Attack45 - imperfect daemon exploits]
    [Attack41 - implied trust exploitation]
    [Attack15 - inadequate maintenance]
    [Attack35 - inadequate notice exploitation]
    [Attack86 - inappropriate defaults]
    [Attack69 - induced stress failures]
    [Attack63 - input overflow]
    [Attack25 - insertion in transit]
    [Attack33 - invalid values on calls]
    [Attack92 - kiting]
    [Attack74 - man-in-the-middle]
    [Attack39 - modeling mismatches]
    [Attack27 - modification in transit]
    [Attack46 - multiple error inducement]
    [Attack72 - network service and protocol attacks]
    [Attack26 - observation in transit]
    [Attack90 - strategic or tactical deceptions]
    [Attack32 - password guessing]
    [Attack51 - PBX bugging]
    [Attack85 - peer relationship exploitation]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack87 - piggybacking]
    [Attack66 - privileged program misuse]
    [Attack57 - process bypassing]
    [Attack19 - protection missetting exploitation]
    [Attack89 - race conditions]
    [Attack81 - reflexive control]
    [Attack53 - repair-replace-remove information]
    [Attack76 - replay attacks]
    [Attack94 - repudiation]
    [Attack65 - residual data gathering]
    [Attack20 - resource availability manipulation]
    [Attack60 - restoration process corruption or misuse]
    [Attack93 - salami attacks]
    [Attack55 - shoulder surfing]
    [Attack40 - simultaneous access exploitations]
    [Attack22 - spoofing and masquerading]
    [Attack13 - system maintenance]
    [Attack16 - Trojan horses]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack47 - viruses]
    [Attack54 - wire closet attacks]