The All.Net Security Database is, in some sense, an
ongoing record of causes, attack and defense mechanisms, effects, and
viewpoints on information protection. It is unique from other
security-related databases in several important ways:
- It contains the most comprehensive collection published to date of
mechanisms used in information attack
and defense. This collection
stems from a series of research studies and papers published in refereed
journal articles. It is comprised of more than 80 methods of attack and
more than 140 methods of defense. These collected historical
information elements were combined and categorized under a set of widely
used descriptive names, and first presented together for public viewing
in 1997.
- The causes - also known as threats
- were manually cross-referenced against the attack mechanisms to
provide a linkage between the cause and the mechanisms used. The attack
mechanisms were then manually cross-references against the defense
mechanisms to indicate which defense mechanisms might be effective in
some circumstances against those attack mechanisms. All of this
information is automatically generated from the cross-reference list to
form the cross-referneces you see in any database element. This means
that any time you look at a threat, attack, or defense, you also see all
of the related items in the database, and can drill-down into further
details at the press of a button.
- The cross-references go quite a bit further than this. In addition
to the threat, attack, defense cross-references, the database has a set
of different views of information protection. These views
include protection process, attack impact, domain of discourse,
sophistocation level, and organizational responsibility. By using these
views, the user can examine - for example -
detection techniques that involve
integrity, are systemic in nature,
and involve personnel or
procedural elements.
This ability to consider information from many different views is
extremely useful in thinking about and analyzing protection situations.
- But this database doesn't only have breadth - it also has
substantial depth. This is provided in the form of citations and
drill-downs.
This capability means that instead of spending hours at the
library to find more details on a database topic, it's there for you at
the push of a button in a matter of seconds.
- Another important feature of the database is its speed. Unlike
many other databases with substantial quantities of information, this
database is blindingly fast. Because of the way it is organized - by
humans and for humans - related information is always at your fingertips
at the push of a button. We compared over-the-Internet speed of our
database running on a 120Mhz PC with multiple users active to
from-the-console stand-alone performance of the same database running an
optimized Oracle server on a top-of-the-line Sparc and found that our
performance was better by more than a factor of two.
- Your access to our database doesn't do this, but there is also a
feature that is available to users who pay for it that allows the
cross-references in the database to be automatically analyzed to do three
very handy functions:
- You can provide information on what mechanisms are being observed
during an incident, and the analysis engine will provide results on the
closest matches of what threats are most closely correlated to the
observed mechanisms, the sophistication level of the attack, the likely
intent (to leak information, corrupt information, or deny services), and
other methods that are likely to be used.
- Push another button, and this result can be used to generate
cross-references sets of protective measures of a given sophistication
level or levels that can be used to prevent, detect, or respond to the
current and anticipated attacks in order to protect integrity, availability,
and/or confidentiality in your systems.
- For those of us that also red-team
systems, the same engine can be used in reverse to help us emulate a
particular threat with a particular goal, and to analyze what attack
methods would likely be most successful at achieving a particular
objective based on a set of defenses that the defender is believed to
have in place.
To sum up, the All.Net Information Security Database
is a unique resource unmatched today. And even more impressive, most of
it is available for free at the all.net Web site.