Distance Education Team 1

1
Distance Education Team 1

• Adrian Sia
• Xavier Appé
• Anoop Georges
• Salvador Gonzales
• Augustine Ani
• Zijian Cao
• Joe Ondercin

SNA Step 3
November 14, 2001
2
Overview

• Project Progress
• Essential Services Assets
• Client Security Concerns
• Relevant Attacker Profile, Level of Attack, and
  Probability of Attack
• Attack Scenarios
• Compromisable Components
• Next Step

3
Project Progress

• One meeting every two weeks at 1PM on Saturday
• 09/15/01 1st project meeting step 1 discussion
  (completed)
• 09/20/01 client interview with Mel Rosso
  (completed)
• 09/22/01 2nd project meeting step 1
  presentation dry run (completed)
• 09/25/01 client interview with Michael Carriger
  (completed)
• 09/26/01 Step 1 presentation (completed)
• 10/13/01 3rd project meeting step 2 discussion
  (completed)
• 10/27/01 4th project meeting step 2
  presentation dry run (completed)
• 10/31/01 Step 2 presentation (completed)
• 11/10/01 5th project meeting step 3
  presentation dry run (completed)
• 11/14/01 Step 3 presentation
• 11/24/01 6th project meeting step 4 and final
  report discussion
• 12/1/01 7th project meeting step 4 presentation
  dry run
• 12/5/01 Step 4 presentation
• 12/12/01 Project report submittal
• Note additional client interview(s) may be
  conducted when deemed necessary.

4
Essential Services Assets
CMU Network
Admin Server
Internet
E-Mail Server
Hub
Essential Assets
Apache Web Server
Admin Staff
MySql

• Essential Services
• Course Web Site Access
• Email
• Chat

Instructor
IMeet Chat Server
Product Server
Tech Staff
CS Network
5
Potential Attackers

• Recreational Hackers
• Script Kiddies
• Vandals
• DE Students
• Disgruntled Employee
• Current
• Former
• Intellectual Property Spy
• Transit Seeker

6
Attacker Attributes

• Resources
• Time
• Tools
• Risk
• Access
• Objectives

7
Attacker Profile

• Recreational Hackers
• Varied skills, knowledge levels, support
• No particular time constraints
• Distributed Tool, toolkit, script
• Not averse, may not understand risk
• External/Internet access
• Status, thrills and challenges
• Level Target-of-Opportunity
• Probability High

8
Attacker Profile

• DE Students
• Varied skills, knowledge of process
• Immediate needs
• Distributed tool, toolkit, script
• Risk averse
• Internal access via Internet
• Spy on other students homework,modify records
  and browse unregistered courses
• Level Target-of-opportunity
• Probability Low/Medium

9
Attacker Profile

• Disgruntled Employee
• Knowledge of process, depends on personal skills
• Very patient and wait for chance
• Physical attack, toolkit, self-created program
• Risk averse
• Internal/external, LAN, dialup, or Internet
• Personal gain, get even, embarrass organization
• Level Intermediate
• Probability High

10
Attacker Profile

• Intellectual Property Spy
• Medium to expert skills, knowledge and experience
• Current desire to access the information
• Customized tool, tap
• Very risk averse
• External, Internet
• Measurable gains
• Level Sophisticated
• Probability Low

11
Attacker Profile

• Transit Seekers
• Medium to expert skills, knowledge and experience
• Patience depends on mission
• User commands, customized tool, autonomous tool,
  social engineering
• Risk averse
• External, Internet
• Gain access to other CMU network
• Level intermediate/Sophisticated
• Probability Low

12
Client Security Concerns

• Web page access to student info
• Grades online through blackboard
• Work submission online
• Student assignments
• Billing information

13
Attack Scenarios
14
IUS1 Denial of Service

• Component Based Attack
• Possible Attackers
• Recreational Hacker
• Disgruntled employee
• Instigating Network Traffic and Connection
  Request
• Distributed denial of service
• SYN flood
• Ping of death
• Compromise the Availability of the System

15
Tracing IUS1
CMU Network
Admin Server
Internet
E-Mail Server
Hub
Essential Assets
Apache Web Server
Apache Web Server
HACKER
Admin Staff
MySql
Instructor
IMeet Chat Server
Product Server
Tech Staff
CS Network
16
IUS2 Unauthorized Access

• User Access Based Attack
• Possible Attackers
• DE student
• Disgruntled employee
• Using Incomplete or Improperly Assigned Access
  Rights to View or Modify Information
• Privilege escalation
• Password sniffing
• Brute force
• Compromise the Privacy and/or Integrity of
  Information

17
Tracing IUS2
CMU Network
Admin Server
Internet
E-Mail Server
Hub
Disgruntled Emp
Essential Assets
Apache Web Server
Apache Web Server
Student
Admin Staff
MySql
Instructor
IMeet Chat Server
Product Server
Tech Staff
CS Network
18
IUS3 Data Corruption

• User Access/Application Content Based Attack
• Possible Attackers
• Disgruntled employee
• Recreational Hacker
• Logic Bombs and Data Corruption
• Privilege escalation
• Attachment to email
• Virus or scripting
• Compromise Data Integrity and Availability

19
Tracing IUS3
CMU Network
Admin Server
Internet
E-Mail Server
hacker
Hub
Essential Assets
Apache Web Server
Former Staff
Admin Staff
MySql
Instructor
IMeet Chat Server
Product Server
Tech Staff
CS Network
20
IUS4 Backdoor/Trojan Attack

• User Access/Application Content Based Attack
• Possible Attackers
• Disgruntled employee
• Recreational hacker
• Intellectual property spy
• Transit seeker
• Possible Upload of Malicious Code
• Attachment to email
• Virus or scripting
• Salami
• Buffer overflow
• Compromise Privacy, Integrity and Availability

21
Tracing IUS4
CMU Network
Admin Server
Internet
E-Mail Server
hacker
Hub
Essential Assets
Apache Web Server
Former Staff
Admin Staff
MySql
Instructor
IP Spy/Transit
IMeet Chat Server
Product Server
Tech Staff
CS Network
22
Next Step

• Identify Softspots
• Brief Existing Strategies for 3 Rs
• Present Survivability Map
• Recommendations

23
Questions?