1 / 24

Survivable Network Analysis

Survivable Network Analysis. Oracle Financial System SNA step 3 Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian Song. Overview. Review Essential Components Attacker profiles Attack Patterns Intrusion Usage Scenarios Compromisable Components Diagram Next Steps.

cormac
Download Presentation

Survivable Network Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Survivable Network Analysis Oracle Financial System SNA step 3 Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian Song 11/14 SNA Presentation 3

  2. Overview • Review Essential Components • Attacker profiles • Attack Patterns • Intrusion Usage Scenarios • Compromisable Components Diagram • Next Steps 11/14 SNA Presentation 3

  3. Essential Components Diagram Mistral (Development) Kerberos Domain Contriller HTTP CITRIX O. Listener Kerberos Secure Directory LPR (print) O. DB O. Forms … SMTP (e-mail) Acis.as. cmu.edu (Sun Sparc Cluster) FTP SSH SQL Net Oracle Connection Mgr. HTTPS CAMPUS NETWORK Chinook (Backup) SSH … SCP O. DB O. Listener O. Forms … HTTP SQL Net CITRIX FIBER Tandem LPR (print) SMTP (e-mail) FTP LPR (print) SMTP (e-mail) SSH SSH Cyert Computer Center 11/14 SNA Presentation 3 6555 Penn Ave

  4. Potential Attacker Profiles • Curious Student Hacker • Student Employee • Disgruntled Full-Time Employee • Academic Spy 11/14 SNA Presentation 3

  5. Attacker Profile #1 • Curious Student Hacker • Member of CMU campus community • Low to Medium level of expertise: • Possible CS, IDS, ECE or other technical background • Accesses system from internal campus LAN • Student attacks system in order to learn from experimentation with hacking tools & concepts • Student’s motivation is for disclosure or modification rather than deletion of data • Level: Target-of Opportunity Attack 11/14 SNA Presentation 3

  6. Attacker Profile #2 • Student Employee • Objective is to steal financial funds • Student employed by department at some point • Has access to passwords & has experience using system interface • Accesses system when superiors are not around • Attack may occur in small increments over a long period of time • Level: Intermediate Attack 11/14 SNA Presentation 3

  7. Attacker Profile #3 • Disgruntled Full-Time Employee • Objective is to wreak havoc upon the system via deletion or modification of data • Low to medium level of technical expertise • High level of experience with system • User has account and password with access to the system • User is trusted and therefore is able to cause damage to mission critical system elements • Level: Intermediate Attack 11/14 SNA Presentation 3

  8. Attacker Profile #4 • Academic Spy • Objective is to steal sensitive information on grants from the University • Medium to High level of technical expertise • Accesses System internally or externally • Primary motivation is disclosure of sensitive information rather than modification or deletion • Level: Sophisticated attack 11/14 SNA Presentation 3

  9. Attack Patterns • Trojan Horse • Application content pattern • Possible upload of malicious code • Feeder system • Excel files • Possible attackers • Disgruntled employees • Academic spies 11/14 SNA Presentation 3

  10. Trojan Horse • Gather information • Identify external applications which integrate into system (Excel, etc) • Evaluate processing of uploaded files via feeder system or application server • Exploit • Attach Visual Basic macro to Excel file • Attach executable code to feeder file • Damage • Possible installation of back door code • Denial-of-serve by insertion of malformed input 11/14 SNA Presentation 3

  11. Attack Patterns • Disclosure of sensitive information • User access attack pattern • Using incomplete or improperly assigned access rights to view information • Potential attackers • Students • Disgruntled employees • Academic spies 11/14 SNA Presentation 3

  12. Disclosure of information • Gather information • Identify components with incomplete access control • Use social engineering to acquire passwords • Identify • Exploit • Normal system use with unauthorized access • Damage • Disclosure of information 11/14 SNA Presentation 3

  13. Intrusion Usage Scenario • IUS1 (Data integrity and Spoofing Attack) • Unauthorized user(part-time worker/student ) • Illegitimately obtain password • View, modify confidential data and steal financial funds 11/14 SNA Presentation 3

  14. Example of IUS1 11/14 SNA Presentation 3

  15. Example of IUS1 11/14 SNA Presentation 3

  16. Intrusion Usage Scenario • IUS2 (Data integrity and insider attack) • Authorized Employee (Disgruntled) • Legitimate access right • Modify data or issue illegal check 11/14 SNA Presentation 3

  17. Example of IUS2 11/14 SNA Presentation 3

  18. Example of IUS2 11/14 SNA Presentation 3

  19. Intrusion Usage Scenario • IUS3 (Availability attack) • Student Hacker • Possible upload of malicious code • Feeder system • Excel files • Destroy or limit access to applications of OFS. 11/14 SNA Presentation 3

  20. Intrusion Usage Scenario • IUS4 (Recovery attack) • Professional Hacker • Directly access database, bypassing the firewall • Corrupt major portions of the DB 11/14 SNA Presentation 3

  21. Intrusion Usage Scenario • IUS5 (Spoofing Attack) • Unauthorized user(Academic Spy) • Spoofing legitimate user • View, modify confidential data and marketable information 11/14 SNA Presentation 3

  22. Compromisable Components Diagram Mistral (Development) Kerberos Domain Contriller HTTP CITRIX O. Listener Kerberos Secure Directory LPR (print) O. DB O. Forms … SMTP (e-mail) Acis.as. cmu.edu (Sun Sparc Cluster) FTP SSH Oracle Connection Mgr. SQL Net HTTPS CAMPUS NETWORK Chinook (Backup) SSH … SCP O. DB O. Listener O. Forms … HTTP SQL Net CITRIX FIBER Tandem LPR (print) SMTP (e-mail) FTP LPR (print) SMTP (e-mail) SSH SSH Cyert Computer Center 11/14 SNA Presentation 3 6555 Penn Ave

  23. Other Potential Issues • Password expiration • Availability: Cross department Worker information • Confidentiality: Remove User Access Right when employee leave 11/14 SNA Presentation 3

  24. Ongoing Steps • Client & Users • 4th client meeting to verify compromisable components • More user meetings to verify IUS.b • Discuss application of SNA method. • Within Our Group • Site visit to 6555 Penn Ave. Backup facility • Describe existing and recommended strategies for resistance, recognition, and recovery • Present the survivability map for the architecture 11/14 SNA Presentation 3

More Related