Devil’s advocates methodlogy
+Devil’s advocates methodology
Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf
+Updated from Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf
No interaction capabilities
+No exposed functionality in the honeypot.
+Network capture
+The honeypot collects raw network capture.
+Events
@@ -12920,6 +12939,314 @@ Exclusive flag set which means the values or predicate below must be set exclusi+ + | ++monarc-threat namespace available in JSON format at this location. The JSON format can be freely reused in your application or automatically enabled in MISP taxonomy. + | +
MONARC Threats Taxonomy
+Error in use
+A person commits an operating error, input error or utilisation error on hardware or software.
+Forging of rights
+A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc.
+Eavesdropping
+Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.
+Denial of actions
+A person or entity denies being involved in an exchange with a third party or carrying out an operation.
+Abuse of rights
+Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources.
+Breach of personnel availability
+Absence of qualified or authorised personnel to execute the usual operations.
+Fraudulent copying or use of counterfeit software
+Someone inside the organisation makes fraudulent copies (also called pirated copies) of package software or in-house software.
+Corruption of data
+Someone gains access to the communication equipment of the information system and corrupts transmission of information (by intercepting, inserting, destroying, etc.) or repeatedly attempts access until successful.
+Illegal processing of data
+A person carries out information processing that is forbidden by the law or a regulation.
+Remote spying
+Personnel actions observable from a distance. Visual observation with or without optical equipment, for example observation of a user entering a code or password on a keyboard.
+Tampering with hardware
+Someone with access to a communication medium or equipment installs an interception or destruction device in it.
+Interception of compromising interference signals
+Interfering signals from an electromagnetic source emitted by the equipment (by conduction on the electrical power supply cables or earth wires or by radiation in free space). Capture of these signals depends on the distance to the targeted equipment or the possibility of connecting to cables or any other conductor passing close to the equipment (coupling phenomenon).
+Theft or destruction of media, documents or equipment
+Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen.
+Retrieval of recycled or discarded media
+Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information.
+Malware infection
+Unwanted software that is doing operations seeking to harm the company.
+Data from untrustworthy sources
+Receiving false data or unsuitable equipment from outside sources and using them in the organisation.
+Disclosure
+Person who voluntarily or negligently disclosure information.
+Failure of telecommunication equipment
+Disturbance, shutdown or incorrect sizing of telecommunications services (telephone, Internet access, Internet network).
+Loss of power supply
+Failure, shutdown or incorrect sizing of the power supply to the assets arising either from the supplier’s service or from the internal distribution system.
+Failure of air-conditioning
+Failure, shutdown or inadequacy of the air-conditioning service may cause assets requiring cooling or ventilation to shut down, malfunction or fail completely.
+Software malfunction
+Design error, installation error or operating error committed during modification causing incorrect execution.
+Equipment malfunction or failure
+Logical or physical event causing hardware malfunctions or failures.
+Saturation of the information system
+A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment.
+Breach of information system maintainability
+Lack of expertise in the system making retrofitting and upgrading impossible
+Destruction of equipment or supports
+Event causing destruction of equipment or media.
+Fire
+Any situation that could facilitate the conflagration of premises or equipment.
+Water damage
+Situation facilitating the water hazard on equipment (floods, water leak, cellars, etc.)
+Major accident
+Any event that can physically destroy the premises
+Pollution
+Presence of dust, vapours, corrosive or toxic gases in the ambient air.
+Environmental disaster (fire, flood, dust, dirt, etc.)
+Any event that can physically ruin the premises
+