« Part 2: My Thoughts: Security Vulerability Categories | Main

My Thoughts: Security Vulnerability Categories

I teach many disciplines in technology but by far my passion is security. One of my theories on vulnerability categories is that there is a meta-category that can transcend multiple categories that I call "Standards-Based Attacks". Many of us are familiar with the Social Engineering, Application, or Distributed/Denial of Service, etc... My thoughts is that in the analysis of standards in electronic communication, policies, encryption, Info Sec principles and such are being dissected and used as attack vectors by attackers. One such instance that comes to mind is arp cache poisoning, it is clearly based on switching concepts following the IEEE standards. I truthfully believe that we are slowly being forced back into closed system environments and vendor specific resolutions due to this behavior. Think about how many attacks are predicated on standards within our communications and Info Sec principles.

Matrix.     ...to be continued

Posted on Friday, November 3, 2006 at 05:30PM by Registered CommenterDale Brice-Nash in | CommentsPost a Comment

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.
Editor Permission Required
You must have editing permission for this entry in order to post comments.