Attack Tree Of Computer Security

Attack Tree Of Computer Security This report is introduces about the possible attack for company and it represent by the attack tree diagram. In the company have six computer and internal server. Each computer is using Microsoft window 7. They are using the DVD to store the backup and the router is default setting. Each employee has the email address. Firstly, I will attack the workstation, try to obtain the password illegally and attack the security such as install virus, Trojan, worm and DOS attack. After that, I will attack the dvd to get the dvd and do some malicious action. Obtain the DVD can through the employee, such as bribe or threaten. Malicious action will install the threats into the DVD and spread to other computer when they are using the backup. Then, we will attack the router which is change the WEP or filter the mac address to cause the computer cannot connect to the network. We also can using threats through the router to install into the system, e.g plashing, pharming, DNS cache poisoning and spoo fing. However, I will attack the server using the internal threats and external threats, such as ask a person to disguise a customer to get the information from company, or ask the temporarily customer to be a spy to do some malicious action. Moreover, attack the email using the security threats like phishing, email spam, virus and spam. Then, obtain the email password from the target. Finally, attack the window 7 using hacking tools to destroy the host file from the system and using physical attack to the system and obtain the important data or change the data to make a big lose for the company. All of these attacks will discuss in this report. Introduction and scope Attack tree helps one to understand security issue better, from the stand point of an attacker. Attack trees are a graphical and mathematical construct used to identify most of the attack that will cause the greatest risk to the defender, determine effective strategies decrease the risk in a acceptable level for the de fender, describe the potential attack between the adversary and the defender, provide a communication mechanism for security analysts, capture what is known and believed about the system and its adversaries, and store the information in a diagram that can be understood for the subsequently defenders. Although it is very hard to identify the entire possible factor that leads to intuition, it is based on the experiences and the ability to extrapolate how the experiences apply on the new situation.  For example, the effectiveness of internet security, network security, banking system security, installation and personnel security may all be modelled using attack trees. The ideal of attack tree is that an equipment, software, process could have vulnerabilities that when successful, they could compromise the entire system. Scope There are six computers and one internal server and each computer encompasses Microsoft Window 7 and Microsoft Office 2007. Each workstation has been patched wi th all updates of March 25, 2010. They are using ADSL 2+ connection. The server and workstation backup is store in a DVD. All the employees have email addresses and there share the document through a D-Link DNS-323 NAS. The router is utilising default settings and consists of a D-Link DSL G604t. Each workstation is utilising Microsoft Windows Malicious Software Removal Tool.