Focused On Your Success


The All.Net Security Database

Generated Fri Jun 27 09:58:56 PDT 2003 by fc@red.a.net

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
    		•  Other:
  • Risk Management
  • Database Description
    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
    		• Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
    • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
    		• Brekne's Causal:
  • Accidental
  • Malicious
    		• Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

    • Threat3:

    Name:reporters

    Complexity: Reporters often gain access that others do not have, often use misleading cover stories or false pretenses, commonly try to become friendly with insiders in order to get information, and have extraordinary power to publicly punish what they percieve to be or can construe as misdeeds.
    fc@red.a.net

    Related Database Material

    [Attack52 - audio/video viewing]
    [Attack59 - backup theft, corruption, or destruction]
    [Attack30 - bribes and extortion]
    [Attack88 - collaborative misuse]
    [Attack58 - content-based attacks]
    [Attack56 - data aggregation]
    [Attack48 - data diddling]
    [Attack17 - dumpster diving]
    [Attack43 - emergency procedure exploitation]
    [Attack11 - environmental control loss]
    [Attack80 - error insertion and analysis]
    [Attack67 - error-induced mis-operation]
    [Attack1 - errors and omissions]
    [Attack36 - excess privilege exploitation]
    [Attack71 - false updates]
    [Attack18 - fictitious people]
    [Attack31 - get a job]
    [Attack41 - implied trust exploitation]
    [Attack15 - inadequate maintenance]
    [Attack35 - inadequate notice exploitation]
    [Attack86 - inappropriate defaults]
    [Attack24 - infrastructure observation]
    [Attack39 - modeling mismatches]
    [Attack26 - observation in transit]
    [Attack90 - strategic or tactical deceptions]
    [Attack32 - password guessing]
    [Attack51 - PBX bugging]
    [Attack85 - peer relationship exploitation]
    [Attack21 - perception management a.k.a. human engineering]
    [Attack87 - piggybacking]
    [Attack81 - reflexive control]
    [Attack53 - repair-replace-remove information]
    [Attack76 - replay attacks]
    [Attack94 - repudiation]
    [Attack65 - residual data gathering]
    [Attack55 - shoulder surfing]
    [Attack22 - spoofing and masquerading]
    [Attack13 - system maintenance]
    [Attack16 - Trojan horses]
    [Attack34 - undocumented or unknown function exploitation]
    [Attack49 - van Eck bugging]
    [Attack54 - wire closet attacks]