Distance Education Team 2 - PowerPoint PPT Presentation

About This Presentation

Title:

Distance Education Team 2

Description:

Distance Education Team 2 Security Architectures and Analysis – PowerPoint PPT presentation

Number of Views:44

Avg rating:3.0/5.0

Slides: 29

Provided by: MISM154

Learn more at: https://www.andrew.cmu.edu

Category:

more less

Transcript and Presenter's Notes

Title: Distance Education Team 2

1
Distance EducationTeam 2

Security Architectures and Analysis

2
Distance Education

Team Members
Chris Rush Team Leader, Step 1
Mike Gazdus A/V Expert, Step 1
Ron Banerjee Tech Analyst, Step 2
Russ Griffith Tech Analyst, Step 2
Scott Currie Scribe, Step 3
Chris Ameter Tech Analyst, Step 3
Jack Pickett Tech Analyst, Step 3
Raman Rangswamy Tech Analyst, Step 4
Ayman Lugman Tech Analyst, Step 4

3
Topics for Discussion

Step 1 Recap
DE User Categories
DE Architecture
Step 2 Recap
Essential Services and Assets
Essential Scenarios Trace
Essential Components
Step 3 Goals
Relevant Attacker Profiles
Likely Levels of Attack
Representative Attack Scenarios
Identify Compromisable Components
Step 4 Next

4
Step 1 Recap

DE Organization Mission
To offer the same high quality MSE courses
currently available to resident students,
through the use of on-line, Computer Based
Training (CBT), and two-way audio
two-way video through Distance Education.
Mel Rosso-Llopart
Director, Distance Education

5
DE User Categories

Student
Admin Staff
Technical Support Staff
Web Support Staff
Director Associate Director

6
DE Architecture
Director AssocDirector
Student
DE Student Client (browser)
DE Admin Client (Win32)
Admin Staff
Web App (Perl Scripts)
Admin App (VB)
E-mail
Apache Server
Web Support
Admin DB (Oracle)
Product DB (MySQL)
Admin Server (Win NT)
Product Server (Linux)
Tech Support
7
Step 2 Recap

Essential services and assets
Essential scenarios trace
Essential components

8
Essential Services Assets
Essential Services

Tech support updates My SQL database
Student access to web application
Web support(Courseware specialist) perform
maintenance
on web applications.

Essential Assets

Student data
Web contents
Calendars
Class assignments
Files
Assigned readings

9
Essential Scenarios Trace
Director AssocDirector
Student
DE Student Client (browser)
DE Admin Client (Win32)
Admin Staff
Web App (Perl Scripts)
Admin App (VB)
E-mail
Apache Server
Web Support
Admin DB (Oracle)
Product DB (MySQL)
Admin Server (Win NT)
Product Server (Linux)
Tech Support
10
Essential Components

My SQL database
Web Application
Apache Server
Product Server

11
Step 3 Goals

Attacker Profiles
- Internal Threat
- External Threat
Levels of Attack
- Target of opportunity
- Intermediate
- Sophisticated

12
Step 3 Goals Cont.

Describe intrusion scenarios
- steps in attacker usage scenarios
Identify compromisable components
- parts of architecture accessible by intrusion
scenarios

13
General Attacker Profiles

Recreational Hacker
Current/Past Students
Current/Past Admin Support Staff
External Hacker
Disgruntled Employee / User
Current/Past Students
Current/Past Admin Support Staff
Activist
Not Likely
Industrial Spy
Not Likely
Nation State
Not Likely

14
Attacker Attributes
Attacker Resources Time Tools Risk Access Objectives
Recreational Hacker External (i.e.. Script Kiddie) -Range, but generally limited. -Lots of time, very patient. -Generally available scripts and tools. -Little knowledge of potential risks. -Likely to be risk averse. -External web access. -Fun, status.
Disgruntled Employee/User Current or past Admin Support staff Current or past students -Moderate. CS students, and skilled support staff. -Varies, but generally cannot devote long hours. -Existing access, knowledge of programming and system architecture. -Likely to be risk averse. Jobs and/or enrollment status at risk. -Internal, or external with a knowledge of internal network structure. -Payback, revenge, havoc, chaos. -Theft of financial info.
Activists Not Likely Not Likely Not Likely Not Likely Not Likely Not Likely
Industrial Spy Not Likely Not Likely Not Likely Not Likely Not Likely Not Likely
Nation State Not Likely Not Likely Not Likely Not Likely Not Likely Not Likely
15
Attack Patterns

User Access
Current Student Privilege Escalation
Current Access to Damage the Database
External Attacker Gaining Account Level Access
Through a Remote Exploit
Component Access
Port Flood / DOS Attack
Application Content
PERL Script Exploits
Buffer Overflows
OS / Application Vulnerabilities

16
Potential Attacker Profiles

Internal Threat Existing DE Student
Privilege Escalation
Modification of registration/payment info
Internal Threat Administrators/Student Support
Read/Write Access to DBs
Accidental/Intentional DB Corruption
Theft of Financial Information
Co-opt System resources (game/file server, DDOS)
External Attacker
Vandalism
Theft of course material
Theft of student financial information
DDOS Platform

17
Levels of Attack

Target of Opportunity
External Attacker Script Kiddie
Intermediate
Existing Student
Admin/Support Staff
External Attacker
Sophisticated
Existing Student
Admin/Support Staff
External Attacker

18
Potential Attacker Profiles

Internal Threat Existing DE Student
Privilege Escalation
Modification of registration/payment info
Internal Threat Administrators/Student Support
Read/Write Access to DBs
Accidental/Intentional DB Corruption
Theft of Financial Information
Co-opt System resources (game/file server, DDOS)
External Attacker
Vandalism
Theft of course material
Theft of student financial information
DDOS Platform

19
Attack ScenariosPrivilege Escalation
Director AssocDirector
Student
DE Student Client (browser)
DE Admin Client (Win32)
Admin Staff
Web App (Perl Scripts)
Admin App (VB)
E-mail
Apache Server
Web Support
Admin DB (Oracle)
Product DB (MySQL)
Admin Server (Win NT)
Product Server (Linux)
Tech Support
20
Potential Attacker Profiles

Internal Threat Existing DE Student
Privilege Escalation
Modification of registration/payment info
Internal Threat Administrators/Student Support
Read/Write Access to DBs
Accidental/Intentional DB Corruption
Theft of Financial Information
Co-opt System resources (game/file server, DDOS)
External Attacker
Vandalism
Theft of course material
Theft of student financial information
DDOS Platform

21
Attack ScenariosTheft of Financial Information
Director AssocDirector
Student
DE Student Client (browser)
DE Admin Client (Win32)
Admin Staff
Web App (Perl Scripts)
Admin App (VB)
E-mail
Apache Server
Web Support
Admin DB (Oracle)
Product DB (MySQL)
Admin Server (Win NT)
Product Server (Linux)
Tech Support
22
Potential Attacker Profiles

Internal Threat Existing DE Student
Privilege Escalation
Modification of registration/payment info
Internal Threat Administrators/Student Support
Read/Write Access to DBs
Accidental/Intentional DB Corruption
Theft of Financial Information
Co-opt System resources (game/file server, DDOS)
External Attacker
Vandalism
Theft of course material
Theft of student financial information
DDOS Platform

23
Attack ScenariosDDOS Platform
Director AssocDirector
Attacker
Student
DE Student Client (browser)
DE Admin Client (Win32)
Admin Staff
Web App (Perl Scripts)
Admin App (VB)
E-mail
Apache Server
Web Support
DDOS Application
DDOS Application
Admin DB (Oracle)
Product DB (MySQL)
Admin Server (Win NT)
Product Server (Linux)
Tech Support
24
Compromisable Components

Admin Server
Possible DDOS platform
DB Contains Student Financial Info.
Production Server
Web Server
No encrypted Authentication
Password Lists in DB

25
CompromisableComponents
Director AssocDirector
Student
DE Student Client (browser)
DE Admin Client (Win32)
Admin Staff
Web App (Perl Scripts)
Admin App (VB)
E-mail
Apache Server
Web Support
Admin DB (Oracle)
Product DB (MySQL)
Admin Server (Win NT)
Product Server (Linux)
Tech Support
26
Whats Next