Download presentation
Presentation is loading. Please wait.
Published byNatasha Bromley Modified over 10 years ago
1
Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001
2
Overview Project Progress Essential Services & Assets Client Security Concerns Relevant Attacker Profile, Level of Attack, and Probability of Attack Attack Scenarios Compromisable Components Next Step
3
Project Progress One meeting every two weeks at 1PM on Saturday 09/15/01 1 st project meeting – step 1 discussion (completed) 09/20/01 client interview with Mel Rosso (completed) 09/22/01 2 nd project meeting – step 1 presentation dry run (completed) 09/25/01 client interview with Michael Carriger (completed) 09/26/01 Step 1 presentation (completed) 10/13/01 3 rd project meeting – step 2 discussion (completed) 10/27/01 4 th project meeting – step 2 presentation dry run (completed) 10/31/01 Step 2 presentation (completed) 11/10/01 5 th project meeting – step 3 presentation dry run (completed) 11/14/01 Step 3 presentation 11/24/01 6 th project meeting – step 4 and final report discussion 12/1/01 7 th project meeting – step 4 presentation dry run 12/5/01 Step 4 presentation 12/12/01 Project report submittal Note: additional client interview(s) may be conducted when deemed necessary.
4
Essential Services & Assets CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet E-Mail Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Services Course Web Site Access Email Chat Essential Assets
5
Potential Attackers Recreational Hackers Script Kiddies Vandals DE Students Disgruntled Employee Current Former Intellectual Property Spy Transit Seeker
6
Attacker Attributes Resources Time Tools Risk Access Objectives
7
Attacker Profile Recreational Hackers Varied skills, knowledge levels, support No particular time constraints Distributed Tool, toolkit, script Not averse, may not understand risk External/Internet access Status, thrills and challenges Level: Target-of-Opportunity Probability: High
8
Attacker Profile DE Students Varied skills, knowledge of process Immediate needs Distributed tool, toolkit, script Risk averse Internal access via Internet Spy on other students homework,modify records and browse unregistered courses Level: Target-of-opportunity Probability: Low/Medium
9
Attacker Profile Disgruntled Employee Knowledge of process, depends on personal skills Very patient and wait for chance Physical attack, toolkit, self-created program Risk averse Internal/external, LAN, dialup, or Internet Personal gain, get even, embarrass organization Level: Intermediate Probability: High
10
Attacker Profile Intellectual Property Spy Medium to expert skills, knowledge and experience Current desire to access the information Customized tool, tap Very risk averse External, Internet Measurable gains Level: Sophisticated Probability: Low
11
Attacker Profile Transit Seekers Medium to expert skills, knowledge and experience Patience depends on mission User commands, customized tool, autonomous tool, social engineering Risk averse External, Internet Gain access to other CMU network Level: intermediate/Sophisticated Probability: Low
12
Client Security Concerns Web page access to student info Grades online through blackboard Work submission online Student assignments Billing information
13
Attack Scenarios
14
IUS1 – Denial of Service Component Based Attack Possible Attackers Recreational Hacker Disgruntled employee Instigating Network Traffic and Connection Request Distributed denial of service SYN flood Ping of death Compromise the Availability of the System
15
Tracing IUS1 CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet E-Mail Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Apache Web Server HACKER
16
IUS2 – Unauthorized Access User Access Based Attack Possible Attackers DE student Disgruntled employee Using Incomplete or Improperly Assigned Access Rights to View or Modify Information Privilege escalation Password sniffing Brute force Compromise the Privacy and/or Integrity of Information
17
Tracing IUS2 CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet E-Mail Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Apache Web Server Disgruntled Emp Student
18
IUS3 – Data Corruption User Access/Application Content Based Attack Possible Attackers Disgruntled employee Recreational Hacker Logic Bombs and Data Corruption Privilege escalation Attachment to email Virus or scripting Compromise Data Integrity and Availability
19
Tracing IUS3 CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet E-Mail Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Former Staff hacker
20
IUS4 – Backdoor/Trojan Attack User Access/Application Content Based Attack Possible Attackers Disgruntled employee Recreational hacker Intellectual property spy Transit seeker Possible Upload of Malicious Code Attachment to email Virus or scripting Salami Buffer overflow Compromise Privacy, Integrity and Availability
21
Tracing IUS4 CMU Network CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet E-Mail Server Hub Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Former Staff hacker IP Spy/Transit
22
Next Step Identify Softspots Brief Existing Strategies for 3 Rs Present Survivability Map Recommendations
23
Questions?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.