1 / 18

Student Application System

Student Application System. SNA Step 3 Attacker Profiles and Scenarios. 11.14.2001. Student Application System. Timothy Mak (Team Leader) James Zujie Chi Dali Wang Maria Stattel Andy Teng Hyoungju Yun John Rinderie Ron Urwongse. Team Activities. Project Timeline.

rowena
Download Presentation

Student Application System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Student Application System SNA Step 3 Attacker Profiles and Scenarios 11.14.2001

  2. Student Application System • Timothy Mak (Team Leader) • James Zujie Chi • Dali Wang • Maria Stattel • Andy Teng • Hyoungju Yun • John Rinderie • Ron Urwongse

  3. Team Activities

  4. Project Timeline

  5. Roles played for Part III

  6. Essential Services and Assets • Marketing and Recruiting • Student Application for Admission • Acceptance Notification • Financial Aid • Billing • E-Grades • Graduation Eligibility Verification • Degree Certification • Academic Audit

  7. Attacker Profiles (1 of 2)

  8. Attacker Profiles (2 of 2)

  9. Intrusion Usage Scenarios • Legal login by unauthorized user • Unauthorized access by insider • Unauthenticated access by outsider • Malicious code attack

  10. IUS1: Legal Login by unauthorized user • How to attack • An unauthorized user logins using password by sniffing or social engineering and then views, modifies or deletes private student data • Who is the attacker • Employees, CMU students, Hackers, Non-CMU students • What are their objectives • View, modify or delete private student data • Category of attack pattern • User access

  11. Web server 2 Web server 1 Architecture Node Attacker Trace Communication Link Compromised Component IUS1: Legal Login by unauthorized user Web browser Acceptance Notification Student Application Degree Certification Authentication Server Financial Aid Marketing and Recruiting Academic Audit E-Grades Graduation Eligibility Verification Billing Terminal Firewall Database server Database server

  12. IUS2: Unauthorized access by insider • How to attack • Inside intruder accesses servers (Web/Database) physically to view, modify or delete the data • Inside intruder accesses servers via system administrator access rights to view, modify or delete data • Who is the attacker • Insider (employees, specifically those holding system administrator rights) • What are their objectives • View, modify or delete private student data • Category of attack pattern • User access

  13. Web server 2 Web server 1 Architecture Node Attacker Trace Communication Link Compromised Component IUS2: Unauthorized access by insider Web browser Acceptance Notification Student Application Degree Certification Authentication Server Financial Aid Marketing and Recruiting Academic Audit E-Grades Graduation Eligibility Verification Billing Terminal Firewall Database server Database server

  14. IUS3: Unauthenticated access by outsider • How to attack • An outsider intruder accesses SA servers by sending loads of improper requests • Who is the attacker • Outsider (hackers, students from competitive universities) • What are their objectives • To bring down the servers and applications via overloading them and crashing them • Disclose private student data to embarrass and obtain the personal gain • Category of attack pattern • Component access

  15. Web server 2 Web server 2 Web server 1 Web server 1 Architecture Node Attacker Trace Communication Link Compromised Component IUS3: Unauthenticated access by outsider Web browser Acceptance Notification Student Application Degree Certification Authentication Server Authentication Server Financial Aid Marketing and Recruiting Academic Audit E-Grades Graduation Eligibility Verification Billing Terminal Firewall Database server

  16. IUS4: Malicious code attack • How to attack • Users download malicious code (e.g. trojan horses, viruses, worms) from outside the network accidentally or intentionally • Intruder installs malicious code directly • Who is the attacker • Employees, CMU students, Hackers, Non-CMU students • What are their objectives • Break data integrity, privacy and availability • Category of attack pattern • Application content

  17. Coming up next… • SNA Step 4 • Softspots • Resistance, Recognition, Recovery • Survivability Map

  18. Questions...

More Related