Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:56 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Threat2:

    Name:private investigators

    Complexity: Investigators are willing to do a substantial amount of targeted work toward accomplishing their goals, in some cases they may be willing to violate the law, they often have contacts in government and elsewhere that provide information not commonly available, and they commonly use bribes of one form or another to advance their ends.
    fc@red.a.net

    Related Database Material

    [Attack52 - audio/video viewing]
    [Attack59 - backup theft, corruption, or destruction]
    [Attack30 - bribes and extortion]
    [Attack3 - cable cuts]
    [Attack62 - call forwarding fakery]
    [Attack88 - collaborative misuse]
    [Attack58 - content-based attacks]
    [Attack77 - cryptanalysis]
    [Attack56 - data aggregation]
    [Attack17 - dumpster diving]
    [Attack50 - electronic interference]
    [Attack43 - emergency procedure exploitation]
    [Attack37 - environment corruption]
    [Attack11 - environmental control loss]
    [Attack67 - error-induced mis-operation]
    [Attack1 - errors and omissions]
    [Attack71 - false updates]
    [Attack18 - fictitious people]
    [Attack31 - get a job]
    [Attack64 - illegal value insertion]
    [Attack41 - implied trust exploitation]
    [Attack15 - inadequate maintenance]
    [Attack86 - inappropriate defaults]
    [Attack69 - induced stress failures]
    [Attack23 - infrastructure interference]
    [Attack24 - infrastructure observation]
    [Attack25 - insertion in transit]
    [Attack74 - man-in-the-middle]
    [Attack39 - modeling mismatches]
    [Attack27 - modification in transit]
    [Attack46 - multiple error inducement]
    [Attack26 - observation in transit]
    [Attack90 - strategic or tactical deceptions]
    [Attack32 - password guessing]
    [Attack51 - PBX bugging]
    [Attack85 - peer relationship exploitation]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack87 - piggybacking]
    [Attack2 - power failure]
    [Attack66 - privileged program misuse]
    [Attack57 - process bypassing]
    [Attack19 - protection missetting exploitation]
    [Attack81 - reflexive control]
    [Attack53 - repair-replace-remove information]
    [Attack76 - replay attacks]
    [Attack65 - residual data gathering]
    [Attack20 - resource availability manipulation]
    [Attack60 - restoration process corruption or misuse]
    [Attack55 - shoulder surfing]
    [Attack22 - spoofing and masquerading]
    [Attack13 - system maintenance]
    [Attack16 - Trojan horses]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack49 - van Eck bugging]
    [Attack47 - viruses]
    [Attack54 - wire closet attacks]