distance education team 1
DESCRIPTION
Distance Education Team 1. Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin. SNA Step 3. November 14, 2001. Overview. Project Progress Essential Services & Assets Client Security Concerns - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/1.jpg)
Distance Education Team 1
Adrian SiaXavier AppéAnoop GeorgesSalvador GonzalesAugustine AniZijian CaoJoe Ondercin
SNA Step 3
November 14, 2001
![Page 2: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/2.jpg)
OverviewProject ProgressEssential Services & AssetsClient Security ConcernsRelevant Attacker Profile, Level of Attack, and Probability of AttackAttack ScenariosCompromisable ComponentsNext Step
![Page 3: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/3.jpg)
Project ProgressOne meeting every two weeks at 1PM on Saturday09/15/01 1st project meeting – step 1 discussion (completed)09/20/01 client interview with Mel Rosso (completed)09/22/01 2nd project meeting – step 1 presentation dry run (completed)09/25/01 client interview with Michael Carriger (completed)09/26/01 Step 1 presentation (completed)10/13/01 3rd project meeting – step 2 discussion (completed)10/27/01 4th project meeting – step 2 presentation dry run (completed)10/31/01 Step 2 presentation (completed)11/10/01 5th project meeting – step 3 presentation dry run (completed) 11/14/01 Step 3 presentation11/24/01 6th project meeting – step 4 and final report discussion12/1/01 7th project meeting – step 4 presentation dry run12/5/01 Step 4 presentation12/12/01 Project report submittalNote: additional client interview(s) may be conducted when deemed necessary.
![Page 4: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/4.jpg)
Essential Services & Assets
CS Network
Apache Web Server
IMeet Chat Server
MySql
Admin App
OracleIn
tern
etE-MailServer
Hub
CMU Network
Tech Staff
Instructor
Admin Staff
Admin Server
Product Server
Essential Services•Course Web Site Access
•Chat
Essential Assets
![Page 5: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/5.jpg)
Potential AttackersRecreational Hackers Script Kiddies Vandals
DE StudentsDisgruntled Employee Current Former
Intellectual Property SpyTransit Seeker
![Page 6: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/6.jpg)
Attacker AttributesResourcesTimeToolsRiskAccessObjectives
![Page 7: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/7.jpg)
Attacker ProfileRecreational Hackers Varied skills, knowledge levels, support No particular time constraints Distributed Tool, toolkit, script Not averse, may not understand risk External/Internet access Status, thrills and challenges
Level: Target-of-OpportunityProbability: High
![Page 8: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/8.jpg)
Attacker ProfileDE Students Varied skills, knowledge of process Immediate needs Distributed tool, toolkit, script Risk averse Internal access via Internet Spy on other students’ homework,modify
records and browse unregistered courses Level: Target-of-opportunityProbability: Low/Medium
![Page 9: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/9.jpg)
Attacker ProfileDisgruntled Employee Knowledge of process, depends on personal skills Very patient and wait for chance Physical attack, toolkit, self-created program Risk averse Internal/external, LAN, dialup, or Internet Personal gain, get even, embarrass organization
Level: IntermediateProbability: High
![Page 10: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/10.jpg)
Attacker ProfileIntellectual Property Spy Medium to expert skills, knowledge and
experience Current desire to access the information Customized tool, tap Very risk averse External, Internet Measurable gains
Level: SophisticatedProbability: Low
![Page 11: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/11.jpg)
Attacker ProfileTransit Seekers Medium to expert skills, knowledge and
experience Patience depends on mission User commands, customized tool,
autonomous tool, social engineering Risk averse External, Internet Gain access to other CMU network
Level: intermediate/SophisticatedProbability: Low
![Page 12: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/12.jpg)
Client Security ConcernsWeb page access to student infoGrades online through blackboardWork submission onlineStudent assignmentsBilling information
![Page 13: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/13.jpg)
Attack Scenarios
![Page 14: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/14.jpg)
IUS1 – Denial of ServiceComponent Based AttackPossible Attackers Recreational Hacker Disgruntled employee
Instigating Network Traffic and Connection Request Distributed denial of service SYN flood Ping of death
Compromise the Availability of the System
![Page 15: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/15.jpg)
Tracing IUS1
CS Network
Apache Web Server
IMeet Chat Server
MySql
Admin App
OracleIn
tern
etE-MailServer
Hub
CMU Network
Tech Staff
Instructor
Admin Staff
Admin Server
Product Server
Essential Assets
Apache Web Server
HACKER
![Page 16: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/16.jpg)
IUS2 – Unauthorized Access
User Access Based AttackPossible Attackers DE student Disgruntled employee
Using Incomplete or Improperly Assigned Access Rights to View or Modify Information Privilege escalation Password sniffing Brute force
Compromise the Privacy and/or Integrity of Information
![Page 17: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/17.jpg)
Tracing IUS2
CS Network
Apache Web Server
IMeet Chat Server
MySql
Admin App
OracleIn
tern
etE-MailServer
Hub
CMU Network
Tech Staff
Instructor
Admin Staff
Admin Server
Product Server
Essential Assets
Apache Web Server
Disgruntled Emp
Student
![Page 18: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/18.jpg)
IUS3 – Data CorruptionUser Access/Application Content Based AttackPossible Attackers Disgruntled employee Recreational HackerLogic Bombs and Data Corruption Privilege escalation Attachment to email Virus or scriptingCompromise Data Integrity and Availability
![Page 19: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/19.jpg)
Tracing IUS3
CS Network
Apache Web Server
IMeet Chat Server
MySql
Admin App
OracleIn
tern
etE-MailServer
Hub
CMU Network
Tech Staff
Instructor
Admin Staff
Admin Server
Product Server
Essential Assets
Former Staff
hacker
![Page 20: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/20.jpg)
IUS4 – Backdoor/Trojan Attack
User Access/Application Content Based AttackPossible Attackers Disgruntled employee Recreational hacker Intellectual property spy Transit seeker
Possible Upload of Malicious Code Attachment to email Virus or scripting Salami Buffer overflow
Compromise Privacy, Integrity and Availability
![Page 21: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/21.jpg)
Tracing IUS4CMU Network
CS Network
Apache Web Server
IMeet Chat Server
MySql
Admin App
OracleIn
tern
etE-MailServer
Hub
Tech Staff
Instructor
Admin Staff
Admin Server
Product Server
Essential Assets
Former Staff
hacker
IP Spy/Transit
![Page 22: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/22.jpg)
Next StepIdentify SoftspotsBrief Existing Strategies for 3 R’sPresent Survivability Map Recommendations
![Page 23: Distance Education Team 1](https://reader035.vdocuments.mx/reader035/viewer/2022070419/56815b7b550346895dc97799/html5/thumbnails/23.jpg)
Questions?