Distance Education Team 2 - PowerPoint PPT Presentation

About This Presentation
Title:

Distance Education Team 2

Description:

Distance Education Team 2 Security Architectures and Analysis – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 29
Provided by: MISM154
Category:

less

Transcript and Presenter's Notes

Title: Distance Education Team 2


1
Distance EducationTeam 2
  • Security Architectures and Analysis

2
Distance Education
  • Team Members
  • Chris Rush Team Leader, Step 1
  • Mike Gazdus A/V Expert, Step 1
  • Ron Banerjee Tech Analyst, Step 2
  • Russ Griffith Tech Analyst, Step 2
  • Scott Currie Scribe, Step 3
  • Chris Ameter Tech Analyst, Step 3
  • Jack Pickett Tech Analyst, Step 3
  • Raman Rangswamy Tech Analyst, Step 4
  • Ayman Lugman Tech Analyst, Step 4

3
Topics for Discussion
  • Step 1 Recap
  • DE User Categories
  • DE Architecture
  • Step 2 Recap
  • Essential Services and Assets
  • Essential Scenarios Trace
  • Essential Components
  • Step 3 Goals
  • Relevant Attacker Profiles
  • Likely Levels of Attack
  • Representative Attack Scenarios
  • Identify Compromisable Components
  • Step 4 Next

4
Step 1 Recap
  • DE Organization Mission
  • To offer the same high quality MSE courses
    currently available to resident students,
    through the use of on-line, Computer Based
    Training (CBT), and two-way audio
  • two-way video through Distance Education.
  • Mel Rosso-Llopart
  • Director, Distance Education

5
DE User Categories
  • Student
  • Admin Staff
  • Technical Support Staff
  • Web Support Staff
  • Director Associate Director

6
DE Architecture
Director AssocDirector
Student
DE Student Client (browser)
DE Admin Client (Win32)
Admin Staff
Web App (Perl Scripts)
Admin App (VB)
E-mail
Apache Server
Web Support
Admin DB (Oracle)
Product DB (MySQL)
Admin Server (Win NT)
Product Server (Linux)
Tech Support
7
Step 2 Recap
  • Essential services and assets
  • Essential scenarios trace
  • Essential components

8
Essential Services Assets
Essential Services
  • Tech support updates My SQL database
  • Student access to web application
  • Web support(Courseware specialist) perform
    maintenance
  • on web applications.

Essential Assets
  • Student data
  • Web contents
  • Calendars
  • Class assignments
  • Files
  • Assigned readings

9
Essential Scenarios Trace
Director AssocDirector
Student
DE Student Client (browser)
DE Admin Client (Win32)
Admin Staff
Web App (Perl Scripts)
Admin App (VB)
E-mail
Apache Server
Web Support
Admin DB (Oracle)
Product DB (MySQL)
Admin Server (Win NT)
Product Server (Linux)
Tech Support
10
Essential Components
  • My SQL database
  • Web Application
  • Apache Server
  • Product Server

11
Step 3 Goals
  • Attacker Profiles
  • - Internal Threat
  • - External Threat
  • Levels of Attack
  • - Target of opportunity
  • - Intermediate
  • - Sophisticated

12
Step 3 Goals Cont.
  • Describe intrusion scenarios
  • - steps in attacker usage scenarios
  • Identify compromisable components
  • - parts of architecture accessible by intrusion
    scenarios

13
General Attacker Profiles
  • Recreational Hacker
  • Current/Past Students
  • Current/Past Admin Support Staff
  • External Hacker
  • Disgruntled Employee / User
  • Current/Past Students
  • Current/Past Admin Support Staff
  • Activist
  • Not Likely
  • Industrial Spy
  • Not Likely
  • Nation State
  • Not Likely

14
Attacker Attributes
Attacker Resources Time Tools Risk Access Objectives
Recreational Hacker External (i.e.. Script Kiddie) -Range, but generally limited. -Lots of time, very patient. -Generally available scripts and tools. -Little knowledge of potential risks. -Likely to be risk averse. -External web access. -Fun, status.
Disgruntled Employee/User Current or past Admin Support staff Current or past students -Moderate. CS students, and skilled support staff. -Varies, but generally cannot devote long hours. -Existing access, knowledge of programming and system architecture. -Likely to be risk averse. Jobs and/or enrollment status at risk. -Internal, or external with a knowledge of internal network structure. -Payback, revenge, havoc, chaos. -Theft of financial info.
Activists Not Likely Not Likely Not Likely Not Likely Not Likely Not Likely
Industrial Spy Not Likely Not Likely Not Likely Not Likely Not Likely Not Likely
Nation State Not Likely Not Likely Not Likely Not Likely Not Likely Not Likely
15
Attack Patterns
  • User Access
  • Current Student Privilege Escalation
  • Current Access to Damage the Database
  • External Attacker Gaining Account Level Access
    Through a Remote Exploit
  • Component Access
  • Port Flood / DOS Attack
  • Application Content
  • PERL Script Exploits
  • Buffer Overflows
  • OS / Application Vulnerabilities

16
Potential Attacker Profiles
  • Internal Threat Existing DE Student
  • Privilege Escalation
  • Modification of registration/payment info
  • Internal Threat Administrators/Student Support
  • Read/Write Access to DBs
  • Accidental/Intentional DB Corruption
  • Theft of Financial Information
  • Co-opt System resources (game/file server, DDOS)
  • External Attacker
  • Vandalism
  • Theft of course material
  • Theft of student financial information
  • DDOS Platform

17
Levels of Attack
  • Target of Opportunity
  • External Attacker Script Kiddie
  • Intermediate
  • Existing Student
  • Admin/Support Staff
  • External Attacker
  • Sophisticated
  • Existing Student
  • Admin/Support Staff
  • External Attacker

18
Potential Attacker Profiles
  • Internal Threat Existing DE Student
  • Privilege Escalation
  • Modification of registration/payment info
  • Internal Threat Administrators/Student Support
  • Read/Write Access to DBs
  • Accidental/Intentional DB Corruption
  • Theft of Financial Information
  • Co-opt System resources (game/file server, DDOS)
  • External Attacker
  • Vandalism
  • Theft of course material
  • Theft of student financial information
  • DDOS Platform

19
Attack ScenariosPrivilege Escalation
Director AssocDirector
Student
DE Student Client (browser)
DE Admin Client (Win32)
Admin Staff
Web App (Perl Scripts)
Admin App (VB)
E-mail
Apache Server
Web Support
Admin DB (Oracle)
Product DB (MySQL)
Admin Server (Win NT)
Product Server (Linux)
Tech Support
20
Potential Attacker Profiles
  • Internal Threat Existing DE Student
  • Privilege Escalation
  • Modification of registration/payment info
  • Internal Threat Administrators/Student Support
  • Read/Write Access to DBs
  • Accidental/Intentional DB Corruption
  • Theft of Financial Information
  • Co-opt System resources (game/file server, DDOS)
  • External Attacker
  • Vandalism
  • Theft of course material
  • Theft of student financial information
  • DDOS Platform

21
Attack ScenariosTheft of Financial Information
Director AssocDirector
Student
DE Student Client (browser)
DE Admin Client (Win32)
Admin Staff
Web App (Perl Scripts)
Admin App (VB)
E-mail
Apache Server
Web Support
Admin DB (Oracle)
Product DB (MySQL)
Admin Server (Win NT)
Product Server (Linux)
Tech Support
22
Potential Attacker Profiles
  • Internal Threat Existing DE Student
  • Privilege Escalation
  • Modification of registration/payment info
  • Internal Threat Administrators/Student Support
  • Read/Write Access to DBs
  • Accidental/Intentional DB Corruption
  • Theft of Financial Information
  • Co-opt System resources (game/file server, DDOS)
  • External Attacker
  • Vandalism
  • Theft of course material
  • Theft of student financial information
  • DDOS Platform

23
Attack ScenariosDDOS Platform
Director AssocDirector
Attacker
Student
DE Student Client (browser)
DE Admin Client (Win32)
Admin Staff
Web App (Perl Scripts)
Admin App (VB)
E-mail
Apache Server
Web Support
DDOS Application
DDOS Application
Admin DB (Oracle)
Product DB (MySQL)
Admin Server (Win NT)
Product Server (Linux)
Tech Support
24
Compromisable Components
  • Admin Server
  • Possible DDOS platform
  • DB Contains Student Financial Info.
  • Production Server
  • Web Server
  • No encrypted Authentication
  • Password Lists in DB

25
CompromisableComponents
Director AssocDirector
Student
DE Student Client (browser)
DE Admin Client (Win32)
Admin Staff
Web App (Perl Scripts)
Admin App (VB)
E-mail
Apache Server
Web Support
Admin DB (Oracle)
Product DB (MySQL)
Admin Server (Win NT)
Product Server (Linux)
Tech Support
26
Whats Next
  • Step 4
  • Identify softspots
  • Existing Mitigation Strategies
  • Recommended Mitigation Strategies
  • Survivability Map Suggested Changes

27
Conclusion
  • Reviewed the DE Architecture
  • Reviewed the user categories
  • Reviewed the architecture
  • Reviewed the essential services and assets
  • Reviewed the essential usage scenarios
  • Reviewed the essential components
  • Discussed Relevant Attacker Profiles
  • Discussed Likely Levels of Attack
  • Discussed Possible Attack Scenarios
  • Identified Compromisable Components
  • Briefly showed where we are going next.

28
Questions?
Write a Comment
User Comments (0)
About PowerShow.com