Threat Landscape and Good Practice Guide for Internet Infrastructure

Threat Mind Map Bombhattacks)threats Earthquakes

Frauds Floods
DivershmanipulatedhseahcablehinhEgypt Sabotage Tsunamis
Vandalisms Landslides
Devices Lightninghstrike
Naturalhdisasters
Storagehmedia Heavyhrains
Thefts Physicalhattacks
Cables Heavyhsnowfalls
Documents Heavyhwinds
Informationhleakages)sharing Wildfire
Disasters
Unauthorisedhphysicalhaccess)unauthorisedhentryhtohpremises Electromagnetichstorm
CoercionsDhextortionshorhcorruptions Fires
Briberies)corruptions Dangerourshradiationhleaks
Pollutions
Lackhofhhumanhresources Dusts
Environmentalhdisasters
Lackhofhprocessinghpower Corrosions
Lackhofhnetworkhcapacities Unfavourablehclimatichconditions
Lackhofhstoragehcapabilities Lackhofhresources Majorheventshinhthehenvironment
Power Explosions
Water Lackhofhphysicalhresources
Cooling
Fuelhexhaustions Outages
Powerhcut Losshofhpower Linecards
Failureshofhpartshofhdevices
Powerhsurges Connectors
Absencehofhpersonnel Networkhdevices
Strikes Failureshofhdeviceshorhsystems Servers
Losshofhsupporthservices Datahcenters
Coolinghoutages Cablehbreaks
FailureshorhdisruptionshofhcommunicationhlinkshBcommunicationhnetworksG
Networkhoutages Cablehcuts
Power
IdentityhthefthBidentityhfraud)accounthorhservice(sessionhhijackingG
Failureshorhdisruptionshofhmainhsupply Cooling
Unsolicitedhe(mail
Failures)Malfunctions Water
Viruses
FailureshofhdisruptionshofhservicehprovidershBsupplyhchainG
Worms
Failureshorhdisruptionshofhthehpowerhsupply
Trojans
Linecards
Rootkits Malfunctionshofhpartshofhdevices
Malwarehandhviruses Connectors
Botnets
Networkhdevices
Spyware
Malfunctionshofhdeviceshorhsystems Servers
Scareware
Datahcenters
Rogueware
Softwarehbugs
Adware
Potentiallyhunwantedhsoftware Configurationherrors Misconfigurations
Greyware
Abusehofhinformationhleakages
CompromisinghconfidentialhinformationhBdatahbreachesG
DigiNotar SSLhCAhinfiltration
Generationhandhusehofhroguehcertificates Informationhleakage)sharing
NationalhInformaticshCenterhBIndiaG ImproperlyhissuedhSSLhcertificates
Erroneoushusehorhadministrationhofhdeviceshandhsystems
Manipulationhofhhardwarehandhsoftware
Usinghinformationhfromhunreliablehsources
Falsificationhofhrecords
Unintentionalhchangeshofhdatahinhanhinformationhsystems
AddresshspacehhijackinghBIPhprefixesG Routinghtablehmanipulations
UnintentionalhdamageshBaccidentalG Inadequatehspecifications
DNShpoisoning DNShspoofing DNShmanipulations Manipulationhofhinformation Inadequatehusability
Falsificationhofhconfigurations
Inadequatehdesignshandhplanninghorhlackhofhadaptions InsecurehinterfaceshBAPIsG
AShhijacking Threats
AShmanipulation Policy)procedurehflaws
Misusehofhinformation)informationhsystems Designherrors
Abusehofhauthorizations
Abusehofhpersonalhdata
Unauthorisedhusehofhadministrationhofhdeviceshandhsystems
IMPIhProtocol
Unauthorisedhaccesshtohinformationhsystems)networks Internalhcases
DNShRegistrarhHijacking Damagehcausedhbyhahthirdhparty
Unauthorisedhactivities Externalhcases Shiphcollideshwithhcable
Unauthorisedhchangeshofhrecords
Damageshresultinghfromhpenetrationhtesting
Unauthorisedhinstallationhofhsoftware
Losshofhinformation
Unauthorisedhusehofhsoftware
LosshofhBintegrityhofGhsensitivehinformation
NTP
Sybilhattacks
DNS
Unfairhratings
SNMP
Playbooks
NetBios Nefarioushactivity)Abuse
Discriminations
SSDP
Losshofhreputation Collusions
CharGen
Amplification)reflection Proliferation
QOTD
Damage)LosshBIThassetsG Reputationhlaghexploitations
BitTorrent
Volume Re(entries
Kad
Valuehimbalancehexploitations
Steam
Devices
QuakehNetworkhProtocol
DenialhofhservicehattackshBDoS)DDoSG Storagehmedia
ZAvx Loss
Cables
Spoofing
Documents
UDP
DestructionhofhrecordsDhdeviceshorhstoragehmedia
ICMPhBPingG Flooding
Powerhsurges
Slowloris
Rats
PinghofhDeath
Wildlife Sharks
XDoS Applications
Mice
WinNuke
TCP(SYN
Protocolhexploitations
PushCAck
IPhaddresshoptions Malformedhpackethattacks
Largehscalehscans)probes Interceptionhcompromisinghemissions
Timescales
Targetedhattacks)advancedhpersistenththreats Nationhstatehespionage
Espionage
Pretexting)hoax Corporatehespionage
Interceptionhofhinformation
Spearhphishing Roguehhardware
Socialhengineering
Whaling Phishing Softwarehinterceptions
Eavesdropping)Interception)Hijacking Interferinghradiations
Baiting
Domainhnamehcollision Replayhofhmessages
Intendedhsimilarityhofhidentifiers
Typosquatting Routehleaks

RemotehactivitieshBexecutionG Manhinhthehmiddle)sessionhhijacking BGPhsessions

Kernelhflaws Networkhinjection

Designhflaws Repudiationhofhactions

Bufferhoverflows
Racehconditions Exploitationhofhsoftwarehbugs
SQLhinjections
Input
CrosshsitehscriptinghBXSSG Validation Violationhofhlawshorhregulations)breachhofhlegislation
Crosshsitehrequesthforgery Authentication Legal Judiciaryhdecisions)courthorders No(IPhMicrosofthdomainshseizure
Brutehforce Failurehtohmeethcontractualhrequirements