Include costs
This commit is contained in:
parent
3b06bd75db
commit
3483bb3480
1 changed files with 18 additions and 18 deletions
|
|
@ -15,24 +15,26 @@ Siehe Abbildung \ref{tree:Attack tree}
|
||||||
},
|
},
|
||||||
[{Unauthorized Access to DB Data}, name=AD
|
[{Unauthorized Access to DB Data}, name=AD
|
||||||
[{No authentication}, angle below, color=red
|
[{No authentication}, angle below, color=red
|
||||||
[{Access to\\server room}, color=red]
|
[{Access to\\server room}, color=red, angle below
|
||||||
[{Access to\\the building}, color=teal
|
[{Unsupervised\\in building}, color=red]
|
||||||
[{Bribe\\security\\guard}, color=teal]
|
[{Access to\\the building}, color=teal
|
||||||
[{Disguise yourself\\as fireman}, angle below, color=red
|
[{Bribe\\security\\guard\\100.000€}, color=teal]
|
||||||
[{Steal\\fireman\\clothes}, color=red]
|
[{Disguise yourself\\as fireman\\1.000€}, angle below, color=red
|
||||||
[{Activate\\firealarm}, color=teal]
|
[{Steal\\fireman\\clothes}, color=red]
|
||||||
[{firealarm\\disables\\locks}, color=red]
|
[{Activate\\firealarm}, color=teal]
|
||||||
]
|
[{firealarm\\disables\\locks}, color=red]
|
||||||
[{Break into\\building}, color=red
|
]
|
||||||
[{Hire crew\\for heist}, color=red]
|
[{Break into\\building}, color=red
|
||||||
|
[{Hire crew\\for heist}, color=red]
|
||||||
|
]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
[{Harddrives unencrypted}, color=red, angle below
|
[{Harddrives unencrypted}, color=red, angle below
|
||||||
[{Unsupervised}, color=red]
|
[{Unsupervised\\near harddrives}, color=red]
|
||||||
[{Access to the harddrives}, color=teal
|
[{Access to the harddrives}, color=teal
|
||||||
[{Collect harddrives\\for cleansing}, angle below, color=teal
|
[{Collect harddrives\\for cleansing}, angle below, color=teal
|
||||||
[{Get company\\to hire you}, color=teal]
|
[{Get company\\to hire you\\50.000€}, color=teal]
|
||||||
[{Work in\\data cleansing}, color=teal]
|
[{Work in\\data cleansing}, color=teal]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
@ -41,12 +43,12 @@ Siehe Abbildung \ref{tree:Attack tree}
|
||||||
[{Access to\\SSH Keys}, color=red
|
[{Access to\\SSH Keys}, color=red
|
||||||
[{Access to\\Key storage}, angle below, color=red
|
[{Access to\\Key storage}, angle below, color=red
|
||||||
[{Employee uses\\bad password}, color=teal]
|
[{Employee uses\\bad password}, color=teal]
|
||||||
[{Access to\\employee laptop}, color=teal]
|
[{Access to\\employee laptop\\10.000€}, color=teal]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
[{Flaw in\\Authentication}, color=teal
|
[{Flaw in\\Authentication}, color=teal
|
||||||
[{MITM}, color=teal]
|
[{MITM\\1.000€}, color=teal]
|
||||||
[{Spoofing}, color=teal]
|
[{Spoofing\\10.000€}, color=teal]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
@ -57,6 +59,4 @@ Siehe Abbildung \ref{tree:Attack tree}
|
||||||
|
|
||||||
\subsection{Kosten des günstigsten Angriffs}
|
\subsection{Kosten des günstigsten Angriffs}
|
||||||
|
|
||||||
Wenn der Online-Shop oder die Webseite direkten Zugriff auf Daten per SQL-Injection preisgibt, könnte der günstigste Angriff darüber laufen. Es wird lediglich ein Terminal benötigt und Spuren könnten durch einen VPN verwischt werden. (20€)
|
Der günstigste Angriff kann bei einer Sicherheitslücke in der Authentifizierung ein Man in the Middle Attack oder Spoofing sein. Dabei können je nach Aufwand und Dauer Kosten entstehen. (1.000-10.000€)
|
||||||
|
|
||||||
Außerdem ist ein SSH hijacking denkbar. Allerdings müsste da bei dem ersten Verbindungsaufbau ein Man in the Middle Attack erfolgen. (20€)
|
|
||||||
|
|
|
||||||
Reference in a new issue