This article is introduces about the possible harm for company and it stand for by the attack tree diagram. In the company have six computer and inside server. Each computer is using Microsoft window 7. They are employing the Disc to store the back up and the router is default setting up. Each employee has the email address. Firstly, I will strike the workstation, try to obtain the password illegally and strike the security such as install pathogen, Trojan, worm and DOS harm. After that, I will attack the movie to receive the dvd and do some harmful action. Obtain the DVD can through the staff, such as bribe or threaten. Destructive action will install the threats into the DVD and propagate to other computer when they are employing the backup. Then, we will attack the router which is change the WEP or filter the macintosh personal computer address to cause the computer cannot hook up to the network. We also can using threats through the router to install into the system, e. g plashing, pharming, DNS cache poisoning and spoofing. However, I'll harm the server using the inner threats and external dangers, such as ask a person to disguise a person to get the information from company, or ask the temporarily customer to be a spy to do some harmful action. Moreover, strike the email using the security risks like phishing, email spam, trojan and spam. Then, have the email security password from the target. Finally, strike the window 7 using hacking tools to kill the host document from the machine and using physical invasion to the system and obtain quite data or change the data to make a major lose for the company. All of these problems will discuss in this record.
Introduction and scope
Attack tree helps one to understand security issue better, from the stand point of an attacker. Attack trees and shrubs are a graphical and mathematical construct used to recognize the majority of the assault that may cause the greatest risk to the defender, determine effective strategies reduce the risk in a appropriate level for the defender, identify the potential harm between your adversary and the defender, provide a communication mechanism for security experts, capture what's known and assumed about the system and its own adversaries, and store the information in a diagram that may be grasped for the consequently defenders. Though it is very hard to identify the entire possible factor that contributes to intuition, it is based on the activities and the ability to extrapolate how the activities apply on the new situation. For example, the potency of internet security, network security, bank operating system security, set up and employees security may all be modelled using invasion trees. The ideal of invasion tree is that an equipment, software, process could have vulnerabilities that when successful, they could bargain the complete system.
There are six computer systems and one inside server and each computer encompasses Microsoft Screen 7 and Microsoft Office 2007. Each workstation has been patched with all improvements of March 25, 2010. They are employing ADSL 2+ connection. The server and workstation backup is store in a DVD. All the employees have email addresses and there show the document by way of a D-Link DNS-323 NAS. The router is utilising default settings and involves a D-Link DSL G604t. Each workstation is utilising Microsoft Windows Malicious Software Removal Tool.
-The room houses the server is not locked or well safeguarded with access key.
-The router is not modified with the latest patches and establish the default setting.
-The workstations are not created with individual login account.
-No legal antivirus software is installed.
Attack tree for reducing availability
Due do the workstation don't have any legal antivirus software, so the security of the workstation is fragile. We can use different hazards to attack the workstation. We will set up spy ware to the workstation through email, when the employee clicks on the email. Spyware will collect some information after that without their knowledge. It is hard to find, unless the user mount the anti spyware and adware software. We also use the same manner to install the Trojan, computer virus and worm in to the workstation. Trojan will format the hard drive when the user runs it. Pathogen will spread in one device to another, when they are joining to some other computer or device. A lot of the virus will demolish the info or cause the computer keep reboot. Worm will use the computer resources and perhaps shutting down the system. Install the DOS (Denial of service) invasion to prevent the consumer to access information or service, such as gain access to email, website, etc.
Get security password from employee
Find written password
Obtain login password illegally
Use widely known password
The other way to assault the workstation is have the administrator login password illegally. To begin with, we can try to guess the password or use the well known password, because the majority of the users usually use the security password to easy stories. From then on, we can also learn the security password such as find the written security password from an individual. We also can get the password from the employee. There are numerous methods for getting from them. Firstly, we can threaten the staff, like find out some magic formula from the employees. However, we can bribe the employees to provide them some advantages, such as money or something they like. Finally, we can take from the worker, like install remote control security password stealer computer and have the security password through email.
The back up of company is store in a Disc, so there are many possible ways to get the DVD. Firstly, we can use another DVD to switch with the Dvd movie backup, so they cannot find out any issue before they use the Disc. After that, we can also steal the Dvd movie or replicate the Disc. Finally, we can bribe the worker or blackmail the worker to let him have the DVD.
Another way to attack the backup is do destructive action. We are able to destroy Dvd movie, like melt away or break it. We also can put the dangers through email or staff to the workstation, so once they backup the threats also in the DVD. If they use the back-up Dvd movie, the Trojan will mount in the machine, and format the hard drive of the system. Virus will distributed in to the system to destroy the data or make the system error. Spy ware will install in to the system and collects some information from the machine, so we can know very well what is an individual doing in the system.
Filter the macintosh address
Set the WEP
Get in the router
Change router login password
Block the website
Because of the router is using the default setting, so they don't change the login password. So we can enter the router using the default password. From then on, we can change the login security password and established a WEP to disregard the staff using the cordless. However, we can filter the macintosh personal computer address to disable employee's computer to connect internet. Furthermore, we can also block some Link about the business, so the employee cannot access the website.
DNS cache poisoning
There is some security attack to the router. We are able to use the spoofing episode to masquerades as another program to falsifying data and gaining some advantages. Furthermore, DNS cache poisoning will corrupts the DNS desk and cache, so the domain name will assign with a harmful IP address. When the staff use the destructive Ip, the computer will attacked by worm, trojans or spyware. Furthermore, we can also use pharming to strike the router. Pharming is redirecting the website traffic to a bogus website. If the employee enter the web site, pharming will conducted to change the hosts file or exploitation the vulnerability in DNS server software. Finally, phlashing will exploit vulnerability in network based mostly firmware update, it'll entirely disable the hardware by loading corrupted BIOS onto the hardware.
Check for the security protection
Install distant access
There are two interior threats to attack the server. Because of the room of server is do not lock properly, so the temporarily employee may easily get in the area. Temporarily worker maybe is espionage to get the information from the server. They will install remote access to control the server, such as delete the info or destroy the server. They also will assault the security and install trojan, worm and Trojan to exploit the server and cause the server crash. Attacker also will disguise be a customer, to allow them to go directly to the company easily. They could be eavesdrop in the company, and they can look for the security protection of the business, find out the vulnerability, so they may easily get into the company when nobody inside.
Across to the computer room power
Across to the power switch
Turn off security protection
Turn the energy off
Another internal danger is employee. We can bribe the worker, because employees already work in the company for a long time, so we can ask them to take important data or some secret data of the company. However, we can also ask them to turn off the energy of the server room, so some doc have not save will lacking. Employees can across the power switch or across to the computer room power to turn off the energy. Then, turn off the security security in the server, so we can easily to hack into the server. Finally, rename the server and cause all computer cannot connect to the server.
Obtain security password from target
Email will attack by the threats and acquire the password illegally from the prospective. We are able to threaten or blackmail the target to get the e-mail password, so we can send email for others and offer incorrect information to them. There are four types of threats send to the email and bluff the worker to click it, therefore the threats will mount into the system. First, phishing will send by the e-mail and turn out popular website, then your employee go to the website and type in the username and password, their information will obtain by attacker. Additionally, the email spam will send the subject matter to numerous recipients by email, which is unsolicited. However, infections are dangerous because they often deliver extremely dangerous payloads, destroying data, and bringing down entire email systems. Finally, use email installs Trojan to acquire confidential information or gain control of the server.
Attack Microsoft Window 7
Change the document
Destroy web host file
Turn off ability supply
Microsoft window 7 is the widely operating system in the world, so there are many hacking tools to hack into the system. Attacker can pretend be a cleaner, and using the various tools to hack in to the system, after that install the malware to eliminate the host record or change the important report, effects the company process. Then, mount the spyware and adware to spy an individual work in the machine and obtain the login password. Furthermore, we can also demolish the computer such as use normal water or melt away it. Finally, turn off the power resource and cause the system lost the info before the individual save it.
Attack Microsoft Home window 7
Remote gain access to trojan
Crash Win 7
Microsoft screen 7 can also attack physically. Due to the home window 7 is generally use, so attacker are located many security vulnerability. Teardrop episode is a kind of denial of service (DOS) strike, it will exploit the system when the internet protocol requires that a packet too big for another router to handle has to split into fragments. In the teardrop attack, attacker's IP places an strange and challenging offset value in the next fragment or in a fragment thereafter. In case the operating system under the teardrop disorders, the system will crash. Another is security episode, we can ask the staff or using the email to install disease, worm and propagate many of these threats to the entire computer in the company on the network, and make the machine down. Another menace is using distant access Trojan to regulate the system. This type of Trojan creates a backdoor in to the system. We can use your client to regulate the server, this can allow to almost completing control over the patients system.
Attack Microsoft Office 2007
Threats of document
The method of assault the Microsoft Office 2007 is threats the report. First of all, we can get the doc from employee or using the Trojan or virus through email send to the system to obtain the document. Then, it will cause the integrity loss and confidential reduction. Inside the integrity loss, we will altered the data and corrupt the data. In the confidential reduction, we will broadcast the data or sell the info to some other company, therefore the secret of the business will know by everyone. These two kind of method will cause big loss for the company.
As you can seem that from the diagram, there are extensive attack come from many various ways such as inner threats, external threats. Internal risks are cause by the worker, customer and the employee in the business. External dangers are cause by the attacker using different method to hack into the system to do malicious action. But comparatively, the attacking from internal is simpler, because the employee is learn about the company and can get the info easily, but that is dangerous, if the company found that, they will get catch. In the other side, the attacking from external is difficult but safe, because they do not know where is the info and also need to all the security protection, if the company discovered that, they is hard to track the attacker. All the diagram above is a few of the possible episode, you may still find have many possible harm. Indeed, with the technical advancements, chances are that the computer risks will emerge in endlessly, so the possible attack should come out increasingly more in the foreseeable future.
Virus- A hidden, self-replicating portion of computer software, usually malicious logic, that propagates by infecting - i. e. , placing a duplicate of itself into and becoming part of - another program. A pathogen cannot run alone; it requires that its sponsor program be set you back make the virus active.
Trojan- A pc program that appears to have a useful function, but also has a concealed and potentially destructive function that evades security mechanisms, sometimes by exploiting reputable authorizations of a system entity that invokes the program.
Worm- A computer program that can run individually, can propagate a whole working version of itself onto other hosts on a network, and may consume computer resources destructively.
Spyware- Spyware and adware is a kind of malware that may be installed on pcs and collects little bits of information at the same time about users without their knowledge. The occurrence of spyware is typically hidden from the user, and can be difficult to discover. Typically, spyware is secretly installed on the user's pc.
Spam-Electronic spam or rubbish newsgroup postings.
Spoofing-Attempt by an unauthorized entity to get access to something by posing as an authorized user.
Pharming-This is a more complex form of MITM invasion. A user's treatment is redirected to a masquerading website. This is attained by corrupting a DNS server on the Internet and pointing a Link to the masquerading website's IP. Virtually all users use a URL like www. worldbank. com rather than the true IP (192. 86. 99. 140) of the website. Changing the hints on a DNS server, the Web address can be redirected to send traffic to the IP of the pseudo website. On the pseudo website, trades can be mimicked and information like login qualifications can be compiled. With this the attacker can gain access to the real www. worldbank. com site and carry out trades using the qualifications of any valid customer on that website.
Phishing-The use of e-mails that appear to originate from a trusted source to trick a individual into coming into valid credentials at a fake website. Typically the e-mail and the website looks like they are part of the bank the user does business with.
Denial of service-The avoidance of authorized usage of a system reference or the delaying of system procedures and functions.
Malware-A universal term for a number of different kinds of malicious code.
DNS cache poisoning-DNS poisoning is also known as DNS cache poisoning, and identifies the problem of DNS furniture and caches so that a domain name issues to a destructive IP address. After the individual is re-directed to the harmful IP address his/her computer can be attacked with worms, viruses, malware etc.
Phlashing- Phlashing is a long lasting denial of service (DoS) assault that exploits a vulnerability in network-based firmware improvements. Such an strike happens to be theoretical but if completed could render the target device inoperable.
Teardrop-Teardrop is a program that sends IP fragments to a machine linked to the Internet or a network. Teardrop exploits an overlapping IP fragment insect present in Windows 95, Windows NT and Glass windows 3. 1 machines. The bug triggers the TCP/IP fragmentation re-assembly code to improperly take care of overlapping IP fragments. This strike is not shown to cause any significant harm to systems, and a simple reboot is the preferred remedy. It should be known, though, that while this harm is known as to be non-destructive, it might cause problems if there is unsaved data in available applications at the time that the machine is attacked. The primary problem with this is a lack of data.