Toto,
Here is a sample list that might be able to help you out and build upon.
Kind regards,
Alberto Cardona II, CCSE, MCP, CNA
VP of Information Security - Professional Services
=====================================
1. Unauthorized Access
- Digital
Definition:
An unauthorized user has infiltrated or compromised a system or
network
- Ex-employee/Contractor/Business Partner
Definition:
Ex-employee/contractor/business partner accessing or trying to access
networks / systems.
- Physical
Definition:
An unauthorized user has infiltrated the physical premises
2. Denial of Service
- Denial of Service (DoS)
Definition:
A "denial-of-service" attack is characterized by an explicit attempt
by attackers to prevent legitimate users of a service from using that
service
- Distributed Denial of Service (DDoS)
Definition:
An attack initiated from many individual hosts (acting as drones)
controlled from another central host in order to prevent legitimate users of
a service from using that service
3. Malware
- Virus
Definition:
A program or software code that is loaded onto a system without
user?s knowledge and runs without authorization. Also capable replicate
themselves or destroying data
- Worm
Definition:
A program or algorithm designed to replicate itself over a computer
network and usually performs malicious actions
- Trojan
Definition:
Designed to cause damage or do something malicious to a system, but
disguised as something useful.
- Spyware
Definition:
A program or software code that covertly gathers user information
through the user's Internet connection without his or her knowledge, usually
for advertising purposes
4. Inappropriate Usage
- Policy Non-compliance
Definition:
All employees and other person when they act on behalf of the company
(consultants, business partners) are to abide by the Company Corporate
Policies. Any violations of corporate policies are considered as
?non-compliance? incident. For a list of detailed policies and procedures
please refer to ?IS Policies, Standards & Procedures? .
- Dictionary \ Password Cracking, Brute Force
Definition:
A dictionary attack is in essence a password-guessing attack.
Brute-force attack looks at all possible keys
- Data Replay
Definition:
Capture network traffic (usually authentication credentials) to play
back at a later time and assume identity
- Passive Network Traffic Capture (sniffing), Eavesdropping
Definition:
Reconnaissance method to determine user credentials, traffic
patterns, and available services
- DNS Zone Transfer Requests or poisoning (Internal Network)
Definition:
Unauthorized requests to obtain website?s DNS registration
information
- DNS Zone Transfer poisoning (Internal Network)
Definition:
Unauthorized requests to corrupt website?s DNS registration
information
- Port Sweeping (TCP \ UDP \ ICMP) (Internal Network)
Definition:
Reconnaissance method to determine system vulnerabilities and
?listening? ports. Used to build more focused attacks
- Spoofing
Definition:
Creation of TCP/IP packets using somebody else's IP address
- Inappropriate browsing
Definition:
Browsing non-business related offensive web sites using Internet
infrastructure
- Inappropriate email
Definition:
Sending / Receiving / Forwarding non-business related emails using
Email infrastructure
- Inappropriate Hosting
Definition:
Hosting non-business related FTP servers, Web servers, Shares, Email
systems, News groups using infrastructure
- Hoax
Definition:
Sending / Receiving / Forwarding false messages / deceiving intent
messages using email or other communicating methods
5. External Attacks
- Spoofing
Definition:
Creation of TCP/IP packets using somebody else's IP address
- Network Traffic Redirection, Man-In-The-Middle, Data Manipulation,
Malformation (URL or URI)
Definition:
Interception of network traffic with intent to hijack the session
and modify the data payload or data stream.
- DNS Zone Transfer Requests or poisoning (External Public Network)
Definition:
Unauthorized requests to obtain website?s DNS registration
information
- DNS Zone Transfer poisoning (External Public Network)
Definition:
Unauthorized requests to corrupt website?s DNS registration
information
- Port Sweeping (TCP \ UDP \ ICMP) (External Public Network)
Definition:
Reconnaissance method to determine system vulnerabilities and
?listening? ports. Used to build more focused attacks
- Data
Definition:
A unauthorized or valid user gains circuitous or direct access to
proprietary company information retained on data storage or processing
systems and compromises that data with malicious, illicit intent
From: "Toto A Atmojo" <toto@playon.co.id>
To:
<security-basics@securityfocus.com>,<pen-test@securityfocus.com>,<security-management@securityfocus.com>,<secpapers@securityfocus.com>,
<security-basics@securityfocus.com>
Subject: Incident Regarding to CIA
Date: Wed, 7 Sep 2005 00:36:36 +0700
Dear all,
Right now I'm collecting any Incident regarding to CIA (Confidentiality,
Integrity and Avaibility).
But I'm afraid that the list is not completed. Is there any documentation
regarding this issue?
Example of list:
Incident regarding to Availability:
1. DOS
2. Disaster
3. etc
Can anyone send me the complete incident?
Incident not only causes by cracker, but outside human touch are acceptable
also.
Thanks.
