Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001.

Slides:

Advertisements

Similar presentations

EC Admin Functionality Enhancements December 2001 Release

Advertisements

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.

SE Name SE Title Blackboard Training: Approaches and Opportunities.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.

March 2007 Mi Kyung Lee National Assembly Library of Korea.

Cultural Heritage in REGional NETworks REGNET Project Meeting Content Group

17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.

Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.

Modern Systems Analyst and as a Project Manager

Presented by Brad Jacobson The Publisher on the Web Exploiting the new online sales channels.

Chapter 1 Data Communications and NM Overview 1-1 Chapter 1

IS 376 NOVEMBER 5, DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.

WebCafé Slide No:1 World Cyber Cafe Association Brings to You Webcafe A Cyber Café Management Software A Software That Will Boost Your Efficiency For Managing.

© 2005 AT&T, All Rights Reserved. 11 July 2005 AT&T Enhanced VPN Services Performance Reporting and Web Tools Presenter : Sam Levine x111.

1 ITSS This overview deck contains two sections. Please use the links below to navigate –How to Register for ITSS Application AccessHow to Register for.

CMPT 275 Software Engineering

Chapter 10 Software Testing

Executional Architecture

Macromedia Dreamweaver MX 2004 – Design Professional Dreamweaver GETTING STARTED WITH.

International Opportunities

Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.

The tool that could change everything 1 The Tool that could for Employees Change Everything.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

Student Application System SNA Step 3 Attacker Profiles and Scenarios

OV 2- 1 Copyright © 2005 Element K Content LLC. All rights reserved. Security Threats  Social Engineering  Software-based Threats  Hardware-based Threats.

A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Taxonomy of Computer Security Incidents Yashodhan Fadnavis.

Extranet for Security Professionals Intrusion Scenarios Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Nov. 14, 2000.

Distance Education Team 2 Security Architectures and Analysis.

Distance Education Team 2 Security Architectures and Analysis.

11/14 SNA Presentation 3 Survivable Network Analysis Oracle Financial System SNA step 3 Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian.

Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.

Distance Education Team 2 Security Architectures and Analysis.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Extranet for Security Professionals (ESP)

Distance Education SNA step 1. Team members Step 1 experts  Adrian Sia  Xavier Appé Step 2 experts  Anoop Georges  Salvador Gonzales Step 3 experts.

Oracle Financial System Project Team: Xuegong Wang Jun Lu ZhengChun Mo Patrick Zhu Thomas Verghese Weicheng Wong Date : 14 th November, 2001 Step 3.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2013 Lecture 3 09/03/2013 Security and Privacy in Cloud Computing.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.

# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

Lesson 2 Computer Security Incidents Taxonomy. Need an accepted taxonomy because... Provides a common frame of reference If no taxonomy, then we: Can’t.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.

Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

Malicious Software.

Computer Security By Duncan Hall.

Understand Malware LESSON Security Fundamentals.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

IT Ess I v.4x Chapter 1 Cisco Discovery Semester 1 Chapter 8 JEOPADY Q&A by SMBender, Template by K. Martin.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© SYBEX Inc All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”

Computer Security Incidents

Instructor Materials Chapter 7 Network Security

Threats By Dr. Shadi Masadeh.

What Makes a Network Vulnerable?

Computer Security Incidents

Intro Cyber Security Labs on GENI

Intro Cyber Security Labs on GENI

Presentation transcript:

Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001

Overview Project Progress Essential Services & Assets Client Security Concerns Relevant Attacker Profile, Level of Attack, and Probability of Attack Attack Scenarios Compromisable Components Next Step

Project Progress One meeting every two weeks at 1PM on Saturday 09/15/01 1 st project meeting – step 1 discussion (completed) 09/20/01 client interview with Mel Rosso (completed) 09/22/01 2 nd project meeting – step 1 presentation dry run (completed) 09/25/01 client interview with Michael Carriger (completed) 09/26/01 Step 1 presentation (completed) 10/13/01 3 rd project meeting – step 2 discussion (completed) 10/27/01 4 th project meeting – step 2 presentation dry run (completed) 10/31/01 Step 2 presentation (completed) 11/10/01 5 th project meeting – step 3 presentation dry run (completed) 11/14/01 Step 3 presentation 11/24/01 6 th project meeting – step 4 and final report discussion 12/1/01 7 th project meeting – step 4 presentation dry run 12/5/01 Step 4 presentation 12/12/01 Project report submittal Note: additional client interview(s) may be conducted when deemed necessary.

Essential Services & Assets CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Services Course Web Site Access Chat Essential Assets

Potential Attackers Recreational Hackers Script Kiddies Vandals DE Students Disgruntled Employee Current Former Intellectual Property Spy Transit Seeker

Attacker Attributes Resources Time Tools Risk Access Objectives

Attacker Profile Recreational Hackers Varied skills, knowledge levels, support No particular time constraints Distributed Tool, toolkit, script Not averse, may not understand risk External/Internet access Status, thrills and challenges Level: Target-of-Opportunity Probability: High

Attacker Profile DE Students Varied skills, knowledge of process Immediate needs Distributed tool, toolkit, script Risk averse Internal access via Internet Spy on other students homework,modify records and browse unregistered courses Level: Target-of-opportunity Probability: Low/Medium

Attacker Profile Disgruntled Employee Knowledge of process, depends on personal skills Very patient and wait for chance Physical attack, toolkit, self-created program Risk averse Internal/external, LAN, dialup, or Internet Personal gain, get even, embarrass organization Level: Intermediate Probability: High

Attacker Profile Intellectual Property Spy Medium to expert skills, knowledge and experience Current desire to access the information Customized tool, tap Very risk averse External, Internet Measurable gains Level: Sophisticated Probability: Low

Attacker Profile Transit Seekers Medium to expert skills, knowledge and experience Patience depends on mission User commands, customized tool, autonomous tool, social engineering Risk averse External, Internet Gain access to other CMU network Level: intermediate/Sophisticated Probability: Low

Client Security Concerns Web page access to student info Grades online through blackboard Work submission online Student assignments Billing information

Attack Scenarios

IUS1 – Denial of Service Component Based Attack Possible Attackers Recreational Hacker Disgruntled employee Instigating Network Traffic and Connection Request Distributed denial of service SYN flood Ping of death Compromise the Availability of the System

Tracing IUS1 CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Apache Web Server HACKER

IUS2 – Unauthorized Access User Access Based Attack Possible Attackers DE student Disgruntled employee Using Incomplete or Improperly Assigned Access Rights to View or Modify Information Privilege escalation Password sniffing Brute force Compromise the Privacy and/or Integrity of Information

Tracing IUS2 CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Apache Web Server Disgruntled Emp Student

IUS3 – Data Corruption User Access/Application Content Based Attack Possible Attackers Disgruntled employee Recreational Hacker Logic Bombs and Data Corruption Privilege escalation Attachment to Virus or scripting Compromise Data Integrity and Availability

Tracing IUS3 CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet Server Hub CMU Network Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Former Staff hacker

IUS4 – Backdoor/Trojan Attack User Access/Application Content Based Attack Possible Attackers Disgruntled employee Recreational hacker Intellectual property spy Transit seeker Possible Upload of Malicious Code Attachment to Virus or scripting Salami Buffer overflow Compromise Privacy, Integrity and Availability

Tracing IUS4 CMU Network CS Network Apache Web Server IMeet Chat Server MySql Admin App Oracle Internet Server Hub Tech Staff Instructor Admin Staff Admin Server Product Server Essential Assets Former Staff hacker IP Spy/Transit

Next Step Identify Softspots Brief Existing Strategies for 3 Rs Present Survivability Map Recommendations

Questions?