SHARE
SPREAD
HELP

The Tradition of Sharing

Help your friends and juniors by posting answers to the questions that you know. Also post questions that are not available.

To start with, Sr2Jr’s first step is to reduce the expenses related to education. To achieve this goal Sr2Jr organized the textbook’s question and answers. Sr2Jr is community based and need your support to fill the question and answers. The question and answers posted will be available free of cost to all.

The pleasure of all reading is doubled when one lives with another who shares the same. -Katherine Mansfield

 

#
Authors:
William Stallings
Chapter:
Computer And Network Security Concepts
Exercise:
Problems
Question:7 | ISBN:9781292158587 | Edition: 7

Question

Develop an attack tree for gaining access to the contents of a physical safe.

TextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbookTextbook

Answer

Attack trees are graphical representations of potential attack scenarios, starting from the main goal and branching out into various subgoals and attack paths. Here's an attack tree for gaining access to the contents of a physical safe:

  1. Main Goal: Gain access to the contents of the physical safe.

  2. Subgoal: Bypass the physical lock mechanism.

    • Subgoal: Pick the lock.
      • Attack Path: Skillful lock picking techniques.
      • Attack Path: Use lock picking tools.
    • Subgoal: Obtain the combination.
      • Attack Path: Brute force the combination.
      • Attack Path: Guess the combination (based on weak security practices, social engineering, or previous knowledge).
      • Attack Path: Obtain the combination through observation or eavesdropping.
    • Subgoal: Obtain a duplicate key.
      • Attack Path: Steal the original key.
      • Attack Path: Create a duplicate key through impressioning or casting techniques.

  3. Subgoal: Bypass the physical barrier.

    • Subgoal: Break or cut the safe.
      • Attack Path: Use brute force tools like drills, grinders, or explosives.
    • Subgoal: Bypass or disable secondary security features.
      • Attack Path: Manipulate or disable alarms, surveillance cameras, or motion detectors.
      • Attack Path: Exploit vulnerabilities in the safe's electronic or biometric security systems.
      • Attack Path: Gain access to override codes or passwords through social engineering or hacking.

  4. Subgoal: Obtain the contents through indirect means.

    • Subgoal: Obtain the combination or key from authorized personnel.
      • Attack Path: Social engineering techniques to manipulate authorized personnel.
      • Attack Path: Theft of authorized personnel's credentials or physical keys.
    • Subgoal: Obtain the contents during authorized access.
      • Attack Path: Coerce or deceive authorized personnel to gain access during authorized activities (e.g., maintenance, cleaning).

It's important to note that this attack tree is a general representation, and specific attack paths and techniques may vary depending on the actual safe's security features, physical environment, and organizational practices. Additionally, the attack tree does not endorse or encourage illegal activities and is presented for educational purposes only.

0 0

Discussions

Post the discussion to improve the above solution.