Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001.

Published byNatasha Bromley Modified over 10 years ago

Similar presentations

Presentation on theme: "Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001."— Presentation transcript:

1 Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001

2 Overview Project Progress Essential Services & Assets Client Security Concerns Relevant Attacker Profile, Level of Attack, and Probability of Attack Attack Scenarios Compromisable Components Next Step

3 Project Progress One meeting every two weeks at 1PM on Saturday 09/15/01 1 st project meeting – step 1 discussion (completed) 09/20/01 client interview with Mel Rosso (completed) 09/22/01 2 nd project meeting – step 1 presentation dry run (completed) 09/25/01 client interview with Michael Carriger (completed) 09/26/01 Step 1 presentation (completed) 10/13/01 3 rd project meeting – step 2 discussion (completed) 10/27/01 4 th project meeting – step 2 presentation dry run (completed) 10/31/01 Step 2 presentation (completed) 11/10/01 5 th project meeting – step 3 presentation dry run (completed) 11/14/01 Step 3 presentation 11/24/01 6 th project meeting – step 4 and final report discussion 12/1/01 7 th project meeting – step 4 presentation dry run 12/5/01 Step 4 presentation 12/12/01 Project report submittal Note: additional client interview(s) may be conducted when deemed necessary.

4 Essential Services & Assets CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet E-Mail Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Services Course Web Site Access Email Chat Essential Assets

5 Potential Attackers Recreational Hackers Script Kiddies Vandals DE Students Disgruntled Employee Current Former Intellectual Property Spy Transit Seeker

6 Attacker Attributes Resources Time Tools Risk Access Objectives

7 Attacker Profile Recreational Hackers Varied skills, knowledge levels, support No particular time constraints Distributed Tool, toolkit, script Not averse, may not understand risk External/Internet access Status, thrills and challenges Level: Target-of-Opportunity Probability: High

8 Attacker Profile DE Students Varied skills, knowledge of process Immediate needs Distributed tool, toolkit, script Risk averse Internal access via Internet Spy on other students homework,modify records and browse unregistered courses Level: Target-of-opportunity Probability: Low/Medium

9 Attacker Profile Disgruntled Employee Knowledge of process, depends on personal skills Very patient and wait for chance Physical attack, toolkit, self-created program Risk averse Internal/external, LAN, dialup, or Internet Personal gain, get even, embarrass organization Level: Intermediate Probability: High

10 Attacker Profile Intellectual Property Spy Medium to expert skills, knowledge and experience Current desire to access the information Customized tool, tap Very risk averse External, Internet Measurable gains Level: Sophisticated Probability: Low

11 Attacker Profile Transit Seekers Medium to expert skills, knowledge and experience Patience depends on mission User commands, customized tool, autonomous tool, social engineering Risk averse External, Internet Gain access to other CMU network Level: intermediate/Sophisticated Probability: Low

12 Client Security Concerns Web page access to student info Grades online through blackboard Work submission online Student assignments Billing information

13 Attack Scenarios

14 IUS1 – Denial of Service Component Based Attack Possible Attackers Recreational Hacker Disgruntled employee Instigating Network Traffic and Connection Request Distributed denial of service SYN flood Ping of death Compromise the Availability of the System

15 Tracing IUS1 CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet E-Mail Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Apache Web Server HACKER

16 IUS2 – Unauthorized Access User Access Based Attack Possible Attackers DE student Disgruntled employee Using Incomplete or Improperly Assigned Access Rights to View or Modify Information Privilege escalation Password sniffing Brute force Compromise the Privacy and/or Integrity of Information

17 Tracing IUS2 CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet E-Mail Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Apache Web Server Disgruntled Emp Student

18 IUS3 – Data Corruption User Access/Application Content Based Attack Possible Attackers Disgruntled employee Recreational Hacker Logic Bombs and Data Corruption Privilege escalation Attachment to email Virus or scripting Compromise Data Integrity and Availability

19 Tracing IUS3 CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet E-Mail Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Former Staff hacker

20 IUS4 – Backdoor/Trojan Attack User Access/Application Content Based Attack Possible Attackers Disgruntled employee Recreational hacker Intellectual property spy Transit seeker Possible Upload of Malicious Code Attachment to email Virus or scripting Salami Buffer overflow Compromise Privacy, Integrity and Availability

21 Tracing IUS4 CMU Network CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet E-Mail Server Hub Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Former Staff hacker IP Spy/Transit

22 Next Step Identify Softspots Brief Existing Strategies for 3 Rs Present Survivability Map Recommendations

23 Questions?

Download ppt "Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001."

Similar presentations

EC Admin Functionality Enhancements December 2001 Release www.techdata.comwww.techdata.com.

EC Admin Functionality Enhancements December 2001 Release
Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.
SE Name SE Title Blackboard Training: Approaches and Opportunities.

SE Name SE Title Blackboard Training: Approaches and Opportunities.
© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
March 2007 Mi Kyung Lee National Assembly Library of Korea.

March 2007 Mi Kyung Lee National Assembly Library of Korea.
Cultural Heritage in REGional NETworks REGNET Project Meeting Content Group 2002-06-24 - 2002-06-26.

Cultural Heritage in REGional NETworks REGNET Project Meeting Content Group
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.

17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.

Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.
Modern Systems Analyst and as a Project Manager

Modern Systems Analyst and as a Project Manager
Presented by Brad Jacobson The Publisher on the Web Exploiting the new online sales channels.

Presented by Brad Jacobson The Publisher on the Web Exploiting the new online sales channels.
Chapter 1 Data Communications and NM Overview 1-1 Chapter 1

Chapter 1 Data Communications and NM Overview 1-1 Chapter 1
IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 376 NOVEMBER 5, DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.
ACT User Meeting June 2011. Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.

ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
WebCafé Slide No:1 World Cyber Cafe Association Brings to You Webcafe A Cyber Café Management Software A Software That Will Boost Your Efficiency For Managing.

WebCafé Slide No:1 World Cyber Cafe Association Brings to You Webcafe A Cyber Café Management Software A Software That Will Boost Your Efficiency For Managing.
© 2005 AT&T, All Rights Reserved. 11 July 2005 AT&T Enhanced VPN Services Performance Reporting and Web Tools Presenter : Sam Levine-866-624-2008 x111.

© 2005 AT&T, All Rights Reserved. 11 July 2005 AT&T Enhanced VPN Services Performance Reporting and Web Tools Presenter : Sam Levine x111.
1 ITSS This overview deck contains two sections. Please use the links below to navigate –How to Register for ITSS Application AccessHow to Register for.

1 ITSS This overview deck contains two sections. Please use the links below to navigate –How to Register for ITSS Application AccessHow to Register for.
CMPT 275 Software Engineering

CMPT 275 Software Engineering
Chapter 10 Software Testing

Chapter 10 Software Testing
Executional Architecture

Executional Architecture

Similar presentations

Ads by Google