This repository has been archived on 2024-10-30. You can view files and clone it, but cannot push or open issues or pull requests.
swb6-it-sec/Lab05/documentation/part1/part1.tex
2022-06-16 13:30:43 +02:00

67 lines
2.3 KiB
TeX

\section{Part 1: Assets and Threats}
\subsection{Liste der Assets}
\begin{table}[ht]
\centering
\begin{adjustbox}{width=1\textwidth}
\small
\begin{tabular}{r|l|l|l|l|l|r|l|l|l|l|l}
\textbf{No} & \textbf{Name} & \textbf{Description} & \textbf{Owner} & \textbf{Maintainer} & \textbf{Location} & \textbf{CIA} & \textbf{PI} & \textbf{Access privs} & \textbf{Category} & \textbf{Asset value} & \textbf{Criticality} \\
\hline
1 & Dashboard & Car dashboard & Driver & A. Name & Car & IA & & & & & \\
\hline
2 & Entertainment & Car entertainment system & Driver & A. Nother & Car & A & & & & & \\
\hline
3 & OTA Server & Server for OTA Updates & IT-Dep & S. Ome & E2, room 44& IA & & & & & \\
\hline
4 & Charging Station & System to handle charging & IT-Dep & B. Ody & Fuel Stations & IA & & & & & \\
\hline
5 & Collaboration & Collaboration code & IT-Dep & T. Is & E2, room 45 & CI & & & & & \\
\hline
6 & Meetings & Online meetings code & Sales/Marketing & I. Sweird & E2, room 46 & CI & & & & & \\
\hline
7 & Online Shop & Buy the car online & Sales/Marketing & A. Ndun & E2, room 47 & IA & & & & & \\
\hline
8 & Client DB & Databas of clients & Sales/Marketing & I. Nspired & E2, room 48 & CIA & & & & & \\
\hline
9 & Service API & Car service API & Service Center & A. Lmost & E2, Car & I & & & & & \\
\hline
10 & Website & Company Website & Sales/Marketing & D. One & E2, room 49 & IA & & & & & \\
\end{tabular}
\end{adjustbox}
\caption{Asset Liste}
\label{tab:Asset Liste}
\end{table}
\subsection{Gefahren für Assets}
8. Client DB:
\begin{enumerate}
\item Diebstahl der Daten aus der Datenbank
\item Denial of Service
\item Löschen der Datenbank
\item Verschlüsselung der Datenbank
\item Änderung der Kundendaten
\item SQL Injection
\item Zugang sperren
\item Falsche Daten liefern
\item Falsche Daten hinzufügen
\item Löschen der Backups
\end{enumerate}
10. Website:
\begin{enumerate}
\item Darstellung falscher Daten
\item Injection, z.B. Kontaktformular
\item Cross-Site Scripting
\item SSRF
\item Diebstal der Logs
\item Zugriff auf das Hostsystem
\item Denial of Service
\item DNS flooding
\item DNS hijacking
\item Domain stehlen
\end{enumerate}