SHARE
SPREAD
HELP

The Tradition of Sharing

Help your friends and juniors by posting answers to the questions that you know. Also post questions that are not available.

To start with, Sr2Jr’s first step is to reduce the expenses related to education. To achieve this goal Sr2Jr organized the textbook’s question and answers. Sr2Jr is community based and need your support to fill the question and answers. The question and answers posted will be available free of cost to all.

The pleasure of all reading is doubled when one lives with another who shares the same. -Katherine Mansfield

 

#
Authors:
William Stallings
Chapter:
Computer And Network Security Concepts
Exercise:
Review Questions
Question:7 | ISBN:9781292158587 | Edition: 7

Question

Explain the difference between an attack surface and an attack tree.

TextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbook

Answer

Attack Surface:

 

An attack surface consists of the reachable and exploitable weaknesses in a system

Examples are 

  • Open ports on the web servers can be used to access sensitive information.           
  •  An employee with access to sensitive information is susceptible to social engineering attacks.
  • Services available inside the firewall system.
  • Data processing code that processes incoming emails, XML documents, office documents, and industry-specific custom data exchange formats

 

Attack surfaces can be categorized into three types:

 

 1. Network attack surface:

 

This category refers to vulnerabilities in the company's network, or wide area network, or LAN, or the internet itself. such as weakness in protocol system are used for the attack.

 

 2. Software attack surface:

 

It refers to vulnerabilities in the software applications, utilities, or OS itself that are susceptible to attack. Especially web server software.

   

 3. Human attack surface:

 

In this category, vulnerabilities are created by the person or fraud people by using social engineering; human errors, and Trusted people inside the company.

 

 

Attack Tree:

 

Attack tree is a conceptual design or hierarchy of data structure of potential techniques of an attack that might take place( look 1.4 fig)

 

It is presented in such a way that, the goal of the attack is represented as the root of the tree, as it moves up, the tree is further divided into nodes, subnodes, goals, and subgoals. The ways that an attacker may reach his goals iteratively and incrementally are represented as branches and subnodes of the tree.

 

Here are the three components opponents might exploit to attack the system.

 

   1. User terminal and user (UT/U):

 

Smartcards, password generators, or other devices that may be used in these attacks are the target, as well as the actions of the user.

 

   2. Communications channel (CC):

 

Communication links are targeted in this type of attack.

 

   3. Internet banking server (IBS):

 

The Internet banking application servers are targeted by these offline attacks.

 

0 0

Discussions

Mwapemichael

EXPLAIN THE DIFERENCE BETWEEN RISKS AND THREAT

Post the discussion to improve the above solution.