Distance Education Team 1

Adrian SiaXavier AppéAnoop GeorgesSalvador GonzalesAugustine AniZijian CaoJoe Ondercin

SNA Step 3

November 14, 2001

Overview

Project ProgressEssential Services & AssetsClient Security ConcernsRelevant Attacker Profile, Level of Attack, and Probability of AttackAttack ScenariosCompromisable ComponentsNext Step

Project ProgressOne meeting every two weeks at 1PM on Saturday09/15/01 1st project meeting – step 1 discussion (completed)09/20/01 client interview with Mel Rosso (completed)09/22/01 2nd project meeting – step 1 presentation dry run (completed)09/25/01 client interview with Michael Carriger (completed)09/26/01 Step 1 presentation (completed)10/13/01 3rd project meeting – step 2 discussion (completed)10/27/01 4th project meeting – step 2 presentation dry run (completed)10/31/01 Step 2 presentation (completed)11/10/01 5th project meeting – step 3 presentation dry run (completed) 11/14/01 Step 3 presentation11/24/01 6th project meeting – step 4 and final report discussion12/1/01 7th project meeting – step 4 presentation dry run12/5/01 Step 4 presentation12/12/01 Project report submittalNote: additional client interview(s) may be conducted when deemed necessary.

Essential Services & Assets

CS Network

Apache Web Server

IMeet Chat Server

MySql

Admin App

Oracle

Inte

rnet

E-MailServer

Hub

CMU Network

Tech Staff

Instructor

Admin Staff

Admin Server

Product Server

Essential Services

•Course Web Site Access

•Email

•Chat

Essential Assets

Potential AttackersRecreational Hackers Script Kiddies Vandals

DE StudentsDisgruntled Employee Current Former

Intellectual Property SpyTransit Seeker

Attacker Attributes

ResourcesTimeToolsRiskAccessObjectives

Attacker Profile

Recreational Hackers Varied skills, knowledge levels, support No particular time constraints Distributed Tool, toolkit, script Not averse, may not understand risk External/Internet access Status, thrills and challenges

Level: Target-of-OpportunityProbability: High

Attacker ProfileDE Students Varied skills, knowledge of process Immediate needs Distributed tool, toolkit, script Risk averse Internal access via Internet Spy on other students’ homework,modify

records and browse unregistered courses

Level: Target-of-opportunityProbability: Low/Medium

Attacker Profile

Disgruntled Employee Knowledge of process, depends on personal

skills Very patient and wait for chance Physical attack, toolkit, self-created program Risk averse Internal/external, LAN, dialup, or Internet Personal gain, get even, embarrass organization

Level: IntermediateProbability: High

Attacker ProfileIntellectual Property Spy Medium to expert skills, knowledge and

experience Current desire to access the information Customized tool, tap Very risk averse External, Internet Measurable gains

Level: SophisticatedProbability: Low

Attacker ProfileTransit Seekers Medium to expert skills, knowledge and

experience Patience depends on mission User commands, customized tool,

autonomous tool, social engineering Risk averse External, Internet Gain access to other CMU network

Level: intermediate/SophisticatedProbability: Low

Client Security Concerns

Web page access to student infoGrades online through blackboardWork submission onlineStudent assignmentsBilling information

Attack Scenarios

IUS1 – Denial of ServiceComponent Based AttackPossible Attackers Recreational Hacker Disgruntled employee

Instigating Network Traffic and Connection Request Distributed denial of service SYN flood Ping of death

Compromise the Availability of the System

Tracing IUS1

CS Network

Apache Web Server

IMeet Chat Server

MySql

Admin App

Oracle

Inte

rnet

E-MailServer

Hub

CMU Network

Tech Staff

Instructor

Admin Staff

Admin Server

Product Server

Essential Assets

Apache Web Server

HACKER

IUS2 – Unauthorized Access

User Access Based AttackPossible Attackers DE student Disgruntled employee

Using Incomplete or Improperly Assigned Access Rights to View or Modify Information Privilege escalation Password sniffing Brute force

Compromise the Privacy and/or Integrity of Information

Tracing IUS2

CS Network

Apache Web Server

IMeet Chat Server

MySql

Admin App

Oracle

Inte

rnet

E-MailServer

Hub

CMU Network

Tech Staff

Instructor

Admin Staff

Admin Server

Product Server

Essential Assets

Apache Web Server

Disgruntled Emp

Student

IUS3 – Data CorruptionUser Access/Application Content Based AttackPossible Attackers Disgruntled employee Recreational Hacker

Logic Bombs and Data Corruption Privilege escalation Attachment to email Virus or scripting

Compromise Data Integrity and Availability

Tracing IUS3

CS Network

Apache Web Server

IMeet Chat Server

MySql

Admin App

Oracle

Inte

rnet

E-MailServer

Hub

CMU Network

Tech Staff

Instructor

Admin Staff

Admin Server

Product Server

Essential Assets

Former Staff

hacker

IUS4 – Backdoor/Trojan Attack

User Access/Application Content Based AttackPossible Attackers Disgruntled employee Recreational hacker Intellectual property spy Transit seeker

Possible Upload of Malicious Code Attachment to email Virus or scripting Salami Buffer overflow

Compromise Privacy, Integrity and Availability

Tracing IUS4CMU Network

CS Network

Apache Web Server

IMeet Chat Server

MySql

Admin App

Oracle

Inte

rnet

E-MailServer

Hub

Tech Staff

Instructor

Admin Staff

Admin Server

Product Server

Essential Assets

Former Staff

hacker

IP Spy/Transit

Next StepIdentify SoftspotsBrief Existing Strategies for 3 R’sPresent Survivability Map Recommendations

Questions?