Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001.

Similar presentations


Presentation on theme: "Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001."— Presentation transcript:

1 Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001

2 Overview Project Progress Essential Services & Assets Client Security Concerns Relevant Attacker Profile, Level of Attack, and Probability of Attack Attack Scenarios Compromisable Components Next Step

3 Project Progress One meeting every two weeks at 1PM on Saturday 09/15/01 1 st project meeting – step 1 discussion (completed) 09/20/01 client interview with Mel Rosso (completed) 09/22/01 2 nd project meeting – step 1 presentation dry run (completed) 09/25/01 client interview with Michael Carriger (completed) 09/26/01 Step 1 presentation (completed) 10/13/01 3 rd project meeting – step 2 discussion (completed) 10/27/01 4 th project meeting – step 2 presentation dry run (completed) 10/31/01 Step 2 presentation (completed) 11/10/01 5 th project meeting – step 3 presentation dry run (completed) 11/14/01 Step 3 presentation 11/24/01 6 th project meeting – step 4 and final report discussion 12/1/01 7 th project meeting – step 4 presentation dry run 12/5/01 Step 4 presentation 12/12/01 Project report submittal Note: additional client interview(s) may be conducted when deemed necessary.

4 Essential Services & Assets CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Services Course Web Site Access Chat Essential Assets

5 Potential Attackers Recreational Hackers Script Kiddies Vandals DE Students Disgruntled Employee Current Former Intellectual Property Spy Transit Seeker

6 Attacker Attributes Resources Time Tools Risk Access Objectives

7 Attacker Profile Recreational Hackers Varied skills, knowledge levels, support No particular time constraints Distributed Tool, toolkit, script Not averse, may not understand risk External/Internet access Status, thrills and challenges Level: Target-of-Opportunity Probability: High

8 Attacker Profile DE Students Varied skills, knowledge of process Immediate needs Distributed tool, toolkit, script Risk averse Internal access via Internet Spy on other students homework,modify records and browse unregistered courses Level: Target-of-opportunity Probability: Low/Medium

9 Attacker Profile Disgruntled Employee Knowledge of process, depends on personal skills Very patient and wait for chance Physical attack, toolkit, self-created program Risk averse Internal/external, LAN, dialup, or Internet Personal gain, get even, embarrass organization Level: Intermediate Probability: High

10 Attacker Profile Intellectual Property Spy Medium to expert skills, knowledge and experience Current desire to access the information Customized tool, tap Very risk averse External, Internet Measurable gains Level: Sophisticated Probability: Low

11 Attacker Profile Transit Seekers Medium to expert skills, knowledge and experience Patience depends on mission User commands, customized tool, autonomous tool, social engineering Risk averse External, Internet Gain access to other CMU network Level: intermediate/Sophisticated Probability: Low

12 Client Security Concerns Web page access to student info Grades online through blackboard Work submission online Student assignments Billing information

13 Attack Scenarios

14 IUS1 – Denial of Service Component Based Attack Possible Attackers Recreational Hacker Disgruntled employee Instigating Network Traffic and Connection Request Distributed denial of service SYN flood Ping of death Compromise the Availability of the System

15 Tracing IUS1 CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Apache Web Server HACKER

16 IUS2 – Unauthorized Access User Access Based Attack Possible Attackers DE student Disgruntled employee Using Incomplete or Improperly Assigned Access Rights to View or Modify Information Privilege escalation Password sniffing Brute force Compromise the Privacy and/or Integrity of Information

17 Tracing IUS2 CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Apache Web Server Disgruntled Emp Student

18 IUS3 – Data Corruption User Access/Application Content Based Attack Possible Attackers Disgruntled employee Recreational Hacker Logic Bombs and Data Corruption Privilege escalation Attachment to Virus or scripting Compromise Data Integrity and Availability

19 Tracing IUS3 CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Former Staff hacker

20 IUS4 – Backdoor/Trojan Attack User Access/Application Content Based Attack Possible Attackers Disgruntled employee Recreational hacker Intellectual property spy Transit seeker Possible Upload of Malicious Code Attachment to Virus or scripting Salami Buffer overflow Compromise Privacy, Integrity and Availability

21 Tracing IUS4 CMU Network CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet Server Hub Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Former Staff hacker IP Spy/Transit

22 Next Step Identify Softspots Brief Existing Strategies for 3 Rs Present Survivability Map Recommendations

23 Questions?


Download ppt "Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001."

Similar presentations


Ads by Google