62 lines
2.3 KiB
TeX
62 lines
2.3 KiB
TeX
\section{Part 2: Attack Tree}
|
|
|
|
\subsection{Baum}
|
|
|
|
Siehe Abbildung \ref{tree:Attack tree}
|
|
|
|
\begin{sidewaysfigure}
|
|
\begin{forest}
|
|
for tree={
|
|
draw,
|
|
minimum height=1cm,
|
|
anchor=parent,
|
|
align=center,
|
|
child anchor=parent
|
|
},
|
|
[{Unauthorized Access to DB Data}, name=AD
|
|
[{No authentication}, angle below, color=red
|
|
[{Access to\\server room}, color=red, angle below
|
|
[{Unsupervised\\in building}, color=red]
|
|
[{Access to\\the building}, color=teal
|
|
[{Bribe\\security\\guard\\100.000€}, color=teal]
|
|
[{Disguise yourself\\as fireman\\1.000€}, angle below, color=red
|
|
[{Steal\\fireman\\clothes}, color=red]
|
|
[{Activate\\firealarm}, color=teal]
|
|
[{firealarm\\disables\\locks}, color=red]
|
|
]
|
|
[{Break into\\building}, color=red
|
|
[{Hire crew\\for heist}, color=red]
|
|
]
|
|
]
|
|
]
|
|
]
|
|
[{Harddrives unencrypted}, color=red, angle below
|
|
[{Unsupervised\\near harddrives}, color=red]
|
|
[{Access to the harddrives}, color=teal
|
|
[{Collect harddrives\\for cleansing}, angle below, color=teal
|
|
[{Get company\\to hire you\\50.000€}, color=teal]
|
|
[{Work in\\data cleansing}, color=teal]
|
|
]
|
|
]
|
|
]
|
|
[{Access to db terminal}, color=teal
|
|
[{Access to\\SSH Keys}, color=red
|
|
[{Access to\\Key storage}, angle below, color=red
|
|
[{Employee uses\\bad password}, color=teal]
|
|
[{Access to\\employee laptop\\10.000€}, color=teal]
|
|
]
|
|
]
|
|
[{Flaw in\\Authentication}, color=teal
|
|
[{MITM\\1.000€}, color=teal]
|
|
[{Spoofing\\10.000€}, color=teal]
|
|
]
|
|
]
|
|
]
|
|
\end{forest}
|
|
\caption{Attack tree}
|
|
\label{tree:Attack tree}
|
|
\end{sidewaysfigure}
|
|
|
|
\subsection{Kosten des günstigsten Angriffs}
|
|
|
|
Der günstigste Angriff kann bei einer Sicherheitslücke in der Authentifizierung ein Man in the Middle Attack oder Spoofing sein. Dabei können je nach Aufwand und Dauer Kosten entstehen. (1.000-10.000€)
|