Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oracle Financial System Project Team: Xuegong Wang Jun Lu ZhengChun Mo Patrick Zhu Thomas Verghese Weicheng Wong Date : 14 th November, 2001 Step 3.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Oracle Financial System Project Team: Xuegong Wang Jun Lu ZhengChun Mo Patrick Zhu Thomas Verghese Weicheng Wong Date : 14 th November, 2001 Step 3."— Presentation transcript:

1 Oracle Financial System Project Team: Xuegong Wang Jun Lu ZhengChun Mo Patrick Zhu Thomas Verghese Weicheng Wong Date : 14 th November, 2001 Step 3

2 6/29/2015Survivable Network Analysis2 AGENDA Review User Scenarios Attacker Profiles Intrusion Scenarios Compromisable Components

3 6/29/2015Survivable Network Analysis3 Current Architecture Fire Wall Chinook DSL service Public network CMU DOMAIN kerberos Form User Light Client ADI/Data Query Oracle Net 8 Web Server Form ServerDB Mistral.cmu.edu acis.as.cmu.edu RC40 Mellon Bank Security FTP Batch process Email Server… SSL Proxy

4 6/29/2015Survivable Network Analysis4 Essential Components Oracle Database Web Server Form Server Firewall Kerberos Authentication System

5 6/29/2015Survivable Network Analysis5 Who are the attackers CMU Student Hackers Activists Former employee /Disgruntled employee

6 6/29/2015Survivable Network Analysis6 Intrusion 1 – Attacker Profile CMU Student Hackers – Attacker: Recreational hacker – Resources: limited – Time: Not have much free time as a CMU student, look for opportunity. – Tools: Readily available tool kit. – Access: External to system but inside the CMU domain – Risk: May not understand risk, but highly risk averse. – Objective: To develop hacking skills.

7 6/29/2015Survivable Network Analysis7 Intrusion 1 – Level of Attack Target-of-Opportunity Attack – The attacker has limited knowledge of internal system – The attacker uses readily available tools to scan and probe systems to take advantage of know vulnerabilities – There is a high frequency of these attacks

8 6/29/2015Survivable Network Analysis8 Intrusion Scenario 1: Denial of Service Fire Wall CMU DOMAIN Student Hacker Oracle Net 8 Web Server Form ServerDB Mistral.cmu.edu acis.as.cmu.edu RC40 Email Server… SSL Proxy

9 6/29/2015Survivable Network Analysis9 Intrusion 2 – Attacker Profile Activist – Attacker: political/ethical activist – Resources: limited, but could have expert/internal help. – Time: Patient, may target specific events. – Tools: Readily available tool kit – Access: External to system but somehow illegally get into the the CMU domain. – Risk: Understand risk and don’t care. – Objective: To impact CMU policy./To make specific target unhappy.

10 6/29/2015Survivable Network Analysis10 Intrusion 2 – Level of Attack Intermediate Attack – The attacker may have some knowledge of internal system. – The attacker uses readily available tools to scan and probe systems to take advantage of know vulnerabilities. – Higher level of success. – There is a medium frequency of these attacks.

11 6/29/2015Survivable Network Analysis11 Intrusion Scenario 2: Fire Wall CMU DOMAIN Activist Hacker Oracle Net 8 Web Server Form ServerDB Mistral.cmu.edu acis.as.cmu.edu RC40 Email Server… SSL Proxy

12 6/29/2015Survivable Network Analysis12 Intrusion 3– Attacker Profile Former employee of CMU – Attacker: Former/Disgruntled Employee – Resources: Have knowledge of process. – Time: Usually in a short period after being fired, also can be very patient. – Tools: Use customized system program. – Access: Easily get into the the CMU domain. Connect to the system through pre-setup laptop. – Risk: Understand risk – Objective: To get some money/To screw up the system.

13 6/29/2015Survivable Network Analysis13 Intrusion 3 – Level of Attack Sophisticated Attack – The attacker familiar with the internal system – May already setup security loopholes in the system. – There is a very low frequency of these attacks

14 6/29/2015Survivable Network Analysis14 Intrusion Scenario 3: Compromise Database Fire Wall CMU DOMAIN Hacker Oracle Net 8 Web Server Form ServerDB Mistral.cmu.edu acis.as.cmu.edu RC40 Email Server… SSL Proxy

15 6/29/2015Survivable Network Analysis15 Compromisable Components Oracle Database Web Server Form Server Firewall

16 6/29/2015Survivable Network Analysis16 Questions?

Download ppt "Oracle Financial System Project Team: Xuegong Wang Jun Lu ZhengChun Mo Patrick Zhu Thomas Verghese Weicheng Wong Date : 14 th November, 2001 Step 3."

Similar presentations

Securing Network – Wireless – and Connected Infrastructures

Securing Network – Wireless – and Connected Infrastructures
Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001.

Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001.
Oracle Financial System Project Team: Aseem Gupta Jeng Toa Lee Jun Lu Kevin Patrick Zhu Thomas Verghese Weicheng Wong Xuegong Wang ( Jeff ) Date : 26 th.

Oracle Financial System Project Team: Aseem Gupta Jeng Toa Lee Jun Lu Kevin Patrick Zhu Thomas Verghese Weicheng Wong Xuegong Wang ( Jeff ) Date : 26 th.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Student Application System SNA Step 3 Attacker Profiles and Scenarios 11.14.2001.

Student Application System SNA Step 3 Attacker Profiles and Scenarios
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
Firewalls CS-455 Dick Steflik. Firewalls Sits between two networks –Used to protect one from the other –Places a bottleneck between the networks All communications.

Firewalls CS-455 Dick Steflik. Firewalls Sits between two networks –Used to protect one from the other –Places a bottleneck between the networks All communications.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Extranet for Security Professionals Intrusion Scenarios Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Nov. 14, 2000.

Extranet for Security Professionals Intrusion Scenarios Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Nov. 14, 2000.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Distance Education Team 2 Security Architectures and Analysis.

Distance Education Team 2 Security Architectures and Analysis.
11/14 SNA Presentation 3 Survivable Network Analysis Oracle Financial System SNA step 3 Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian.

11/14 SNA Presentation 3 Survivable Network Analysis Oracle Financial System SNA step 3 Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian.
Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.

Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.
Extranet for Security Professionals (ESP)

Extranet for Security Professionals (ESP)
Student Application System Essential Services and Assets Timothy Mak - Team Leader James Zujie Shi Dali Wang Maria Stattel Andy Teng Hyoungju Yun John.

Student Application System Essential Services and Assets Timothy Mak - Team Leader James Zujie Shi Dali Wang Maria Stattel Andy Teng Hyoungju Yun John.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 12/12/2000 Physician Reminder System: Survivability Network Analysis Step 4.

Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 12/12/2000 Physician Reminder System: Survivability Network Analysis Step 4.

Similar presentations

Ads by Google