diff --git a/Lab05/documentation/part2/part2.tex b/Lab05/documentation/part2/part2.tex index 92170e7..d148896 100644 --- a/Lab05/documentation/part2/part2.tex +++ b/Lab05/documentation/part2/part2.tex @@ -6,10 +6,11 @@ Siehe Abbildung \myref{tree:Attack tree} \subsection{Kosten des günstigsten Angriffs} -Der günstigste Angriff kann bei einer Sicherheitslücke in der Authentifizierung ein Man in the Middle Attack oder Spoofing sein. Dabei können je nach Aufwand und Dauer Kosten entstehen. (1.000-10.000€) +Der günstigste Angriff kann bei einer Sicherheitslücke in der Authentifizierung ein Man in the Middle Attack oder Spoofing sein. Dabei können je nach Aufwand und Dauer Kosten entstehen. (500€ + 500€ + 10.000€ = 11.000€) \begin{rotatepage} \begin{sidewaysfigure} +\begin{adjustbox}{width=0.95\textheight} \begin{forest} for tree={ draw, @@ -19,45 +20,42 @@ Der günstigste Angriff kann bei einer Sicherheitslücke in der Authentifizierun child anchor=parent }, [{Unauthorized Access to DB Data}, name=AD - [{No local authenti-\\cation on server}, angle below, color=red - [{Access to server room}, color=red, angle below - [{Unsupervised\\in building}, color=red] - [{Access to\\the building}, color=teal + [{Break local authentication on server\\10.000€}, angle below, color=red + [{Access to server room\\100€}, color=red, angle below + [{Get unsupervised\\in building\\1.000€}, color=red] + [{Access to\\the building\\100€}, color=teal [{Bribe\\security\\guard\\100.000€}, color=teal] [{Disguise yourself\\as fireman\\1.000€}, angle below, color=red - [{Steal\\fireman\\clothes}, color=red] - [{Activate\\firealarm}, color=teal] - [{firealarm\\disables\\locks}, color=red] - ] - [{Break into\\building}, color=red - [{Hire crew\\for heist}, color=red] + [{Steal fire-\\man clothes\\1.000€}, color=red] + [{Activate\\firealarm\\100€}, color=teal] + [{firealarm disables\\locks\\10.000€}, color=red] ] + [{Break into\\building with force}, color=red] ] ] ] - [{Harddrives unencrypted}, color=red, angle below - [{Unsupervised\\near harddrives}, color=red] - [{Access to the harddrives}, color=teal - [{Collect harddrives\\for cleansing}, angle below, color=teal - [{Get company\\to hire you\\50.000€}, color=teal] - [{Work in\\data cleansing}, color=teal] + [{Unencrypt Harddrives\\100.000€}, color=red, angle below + [{Get unsupervised\\near harddrives\\1.000€}, color=red] + [{Get access to harddrives\\1.000€}, color=teal + [{Collect harddrives\\for cleansing\\5.000€}, angle below, color=teal + [{Get company\\to hire company\\50.000€}, color=teal] + [{Bribe Person in\\data cleansing\\10.000€}, color=teal] ] ] ] - [{Access to db terminal}, color=teal - [{Access to\\SSH Keys}, color=red - [{Access to\\Key storage}, angle below, color=red - [{Employee uses\\bad password}, color=teal] - [{Access to\\employee laptop\\10.000€}, color=teal] - ] + [{Get access to db terminal\\500€}, color=teal + [{Get access to\\SSH Key storage\\50.000€}, angle below, color=red + [{Steal employees\\password\\1.000€}, color=teal] + [{Access to\\employee laptop\\10.000€}, color=teal] ] - [{Flaw in\\Authentication}, color=teal - [{MITM\\1.000€}, color=teal] - [{Spoofing\\10.000€}, color=teal] + [{Use flaw in\\Authentication\\500€}, color=teal + [{MITM\\Attack\\10.000€}, color=teal] + [{Spoofing\\Attack\\10.000€}, color=teal] ] ] ] \end{forest} +\end{adjustbox} \caption{Attack tree} \label{tree:Attack tree} \end{sidewaysfigure}