Threat CC.AuA.OCAPNaS.1

URI: CC.AuA.OCAPNaS.1

Description: Network access to service Service as Client from LogicalSubnet: an attacker with access to subnet LogicalSubnet can send messages to service Service, exploiting a privileged network path through firewalls used by client Client. This allows anonymous access to vulnerabilities or backdoors in Service.

Threat Type: Primary Threat

Matching Pattern:

MP-OCAPNaS

Finds a service and its host accessed by a client via the associated client channel on an open client attack path from a logical subnet where messages from the attacker can be distinguished from those from the client, plus all the associated service process contexts and interfaces from which client messages come, and optionally the client user and the service and service host managers.

(empty)

LossOfAnonUserTW at Role_ClientChannel

CSG-ClientAddressWhitelisting

The service Service has a whitelist of network addresses from which it accepts client requests, and all the network interfaces from which requests may come have addresses that are fixed or in a restricted range not available to attackers.

Threat CC.AuA.OCAPNaS.1

MP-OCAPNaS

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (1)