\section{Part 2: Attack Tree} \subsection{Baum} Siehe Abbildung \ref{tree:Attack tree} \begin{sidewaysfigure} \begin{forest} for tree={ draw, minimum height=1cm, anchor=parent, align=center, child anchor=parent }, [{Unauthorized Access to DB Data}, name=AD [{No local authenti-\\cation on server}, angle below, color=red [{Access to server room}, color=red, angle below [{Unsupervised\\in building}, color=red] [{Access to\\the building}, color=teal [{Bribe\\security\\guard\\100.000€}, color=teal] [{Disguise yourself\\as fireman\\1.000€}, angle below, color=red [{Steal\\fireman\\clothes}, color=red] [{Activate\\firealarm}, color=teal] [{firealarm\\disables\\locks}, color=red] ] [{Break into\\building}, color=red [{Hire crew\\for heist}, color=red] ] ] ] ] [{Harddrives unencrypted}, color=red, angle below [{Unsupervised\\near harddrives}, color=red] [{Access to the harddrives}, color=teal [{Collect harddrives\\for cleansing}, angle below, color=teal [{Get company\\to hire you\\50.000€}, color=teal] [{Work in\\data cleansing}, color=teal] ] ] ] [{Access to db terminal}, color=teal [{Access to\\SSH Keys}, color=red [{Access to\\Key storage}, angle below, color=red [{Employee uses\\bad password}, color=teal] [{Access to\\employee laptop\\10.000€}, color=teal] ] ] [{Flaw in\\Authentication}, color=teal [{MITM\\1.000€}, color=teal] [{Spoofing\\10.000€}, color=teal] ] ] ] \end{forest} \caption{Attack tree} \label{tree:Attack tree} \end{sidewaysfigure} \subsection{Kosten des günstigsten Angriffs} Der günstigste Angriff kann bei einer Sicherheitslücke in der Authentifizierung ein Man in the Middle Attack oder Spoofing sein. Dabei können je nach Aufwand und Dauer Kosten entstehen. (1.000-10.000€)