\section{Part 2: Attack Tree} \subsection{Baum} Siehe Abbildung \myref{tree:Attack tree} \subsection{Kosten des günstigsten Angriffs} Der günstigste Angriff kann bei einer Sicherheitslücke in der Authentifizierung ein Man in the Middle Attack oder Spoofing sein. Dabei können je nach Aufwand und Dauer Kosten entstehen. (500€ + 500€ + 10.000€ = 11.000€) \begin{rotatepage} \begin{sidewaysfigure} \begin{adjustbox}{width=0.95\textheight} \begin{forest} for tree={ draw, minimum height=1cm, anchor=parent, align=center, child anchor=parent }, [{Unauthorized Access to DB Data}, name=AD [{Break local authentication on server\\10.000€}, angle below, color=red [{Access to server room\\100€}, color=red, angle below [{Get unsupervised\\in building\\1.000€}, color=red] [{Access to\\the building\\100€}, color=teal [{Bribe\\security\\guard\\100.000€}, color=teal] [{Disguise yourself\\as fireman\\1.000€}, angle below, color=red [{Steal fire-\\man clothes\\1.000€}, color=red] [{Activate\\firealarm\\100€}, color=teal] [{firealarm disables\\locks\\10.000€}, color=red] ] [{Break into\\building with force}, color=red] ] ] ] [{Unencrypt Harddrives\\100.000€}, color=red, angle below [{Get unsupervised\\near harddrives\\1.000€}, color=red] [{Get access to harddrives\\1.000€}, color=teal [{Collect harddrives\\for cleansing\\5.000€}, angle below, color=teal [{Get company\\to hire company\\50.000€}, color=teal] [{Bribe Person in\\data cleansing\\10.000€}, color=teal] ] ] ] [{Get access to db terminal\\500€}, color=teal [{Get access to\\SSH Key storage\\50.000€}, angle below, color=red [{Steal employees\\password\\1.000€}, color=teal] [{Access to\\employee laptop\\10.000€}, color=teal] ] [{Use flaw in\\Authentication\\500€}, color=teal [{MITM\\Attack\\10.000€}, color=teal] [{Spoofing\\Attack\\10.000€}, color=teal] ] ] ] \end{forest} \end{adjustbox} \caption{Attack tree} \label{tree:Attack tree} \end{sidewaysfigure} \end{rotatepage}