A Threat-Driven Approach to Modeling a Campus Network Security

Naagas, Marlon A.; Palaoag, Thelma D.

doi:10.1145/3193092.3193096

Cited by 6 publications

(4 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Borges (2021) lists malware (viruses, rogue software, trojans, spyware, worms), DoS attacks, phishing, rootkits, SQL injections and MitM attacks as the most prevalent threats to a system. Naagas and Palaoag (2018) compiled a comprehensive list of threats to an information system that can be applied here. Whitman (2004) also provides a list of threats and additionally names protection mechanisms that were employed -of which 100% of survey respondents used passwords.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Christelle Steyn and Dewald Blaauw Naagas and Palaoag (2018) provide the following equation to calculate DREAD risk scores: rst=(D+R+E+A+D)/5. A risk level of 7-10 is considered high, while 4-6 is medium and 1-3 is low.…”

Section: Figure 10: Poach Animal Attack Treementioning

confidence: 99%

“…Table 4 helps to determine that the class of Denial of Service and Elevation of Privilege are tied at 9/10 for highest risk. With regards to these classes, Naagas and Palaoag (2018) recommend Intrusion Detection Systems (IDS) to combat DoS attacks, and Maayan (2021) recommends a reliable antivirus, regular monitoring, the avoidance of phishing and up to date software as mitigations for rootkits, the main attack vector here for Elevation of Privilege. Due to the nature of the simulation, attacks falling under the Repudiation class could not be performed here.…”

Section: Figure 10: Poach Animal Attack Treementioning

confidence: 99%

See 2 more Smart Citations

Towards a Critical Review of Cybersecurity Risks in Anti-Poaching Systems

Steyn

Blaauw

2023

iccws

View full text Add to dashboard Cite

Anti-poaching operations increasingly make use of a wide variety of technology for intelligence and communications. These technologies introduce cybersecurity risk, and they need to be secured to provide greater protection to the information and people involved in anti-poaching operations, ultimately protecting vulnerable animals better. A hypothetical network of anti-poaching technologies was simulated in Graphical Network Simulator 3 (GNS3), consisting of various field devices identified in the literature, and a main control room with relevant hardware devices. A virtual Kali Linux machine was connected to the network and played the role of a digital attacker or intruder. Several cyber-attacks were carried out, to show the risks inherent to such an interoperable and socio-technical network. These attacks included Man in the Middle (MitM) and Denial of Service (DoS) attacks. These attacks were then mitigated via system configurations. Further risks and threat considerations were identified in the literature. Using the STRIDE, DREAD and Attack Tree threat models, the risks to an anti-poaching network were classified and calculated. The most prevalent threats and the attacks performed in the simulation were all calculated to have a high risk level, posing a great threat to an unsecured network. The STRIDE classes of Denial of Service and Elevation of Privilege posed the most risk to the system, both having a calculated average risk score of 9 out of 10. Mitigations to general network threats and those identified in the simulation are mentioned. Additionally, authentication for such a system was investigated, as improper authentication practices were deemed a risk and provides a foothold for further risks in the network. Recommendations made, include the proper configuration of network devices, especially the router and switch, and the use of anti-virus, firewalls, and intrusion detection systems, as well as having an external audit performed annually. Multi-factor authentication, with a password/fingerprint combination, is recommended.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Figure 10: Poach Animal Attack Treementioning

confidence: 99%

Section: Figure 10: Poach Animal Attack Treementioning

confidence: 99%

See 1 more Smart Citation

Towards a Critical Review of Cybersecurity Risks in Anti-Poaching Systems

Steyn

Blaauw

2023

iccws

View full text Add to dashboard Cite

show abstract

“…A model used to describe the impact of threats is the DREAD (Damage Potential, Reproducibility, Exploitability, Affected Users, Discoverability) model. DREAD is a mnemonic for risk rating using five categories (Naagas & Palaoag, 2018). This modeling technique assesses the likelihood of an attack is and the damage it would cause.…”

Section: Review Of Literaturementioning

confidence: 99%

Applying Mathematics and Engineering Techniques to Cyber Security

Easttom

2021

Actas Del Congreso Internacional De Ingeniería De Sistemas

View full text Add to dashboard Cite

While there are many approaches to cybersecurity, it is common for those approaches to be somewhat ad hoc or subjective. Cybersecurity needs a rigorous mathematical and engineering approach, which can be applied to address security issues, evaluate security controls, and investigating security breaches. The current paper maps the use of engineering and mathematical tools for cybersecurity purposes.

show abstract

Systematic analysis of automated threat modelling techniques: Comparison of open-source tools

Granata

Rak

2023

Software Qual J

View full text Add to dashboard Cite

Companies face increasing pressure to protect themselves and their customers from security threats. Security by design is a proactive approach that builds security into all aspects of a system from the ground up, rather than adding it on as an afterthought. By taking security into account at every stage of development, organizations can create systems that are more resistant to attacks and better able to recover from them if they do occur. One of the most relevant practices is threat modelling, i.e. the process of identifying and analysing the security threat to an information system, application, or network. These processes require security experts with high skills to anticipate possible issues: therefore, it is a costly task and requires a lot of time. To face these problems, many different automated threat modelling methodologies are emerging. This paper first carries out a systematic literature review (SLR) aimed at both having an overview of the automated threat modelling techniques used in literature and enumerating all the tools that implement these techniques. Then, an analysis was carried out considering four open-source tools and a comparison with our threat modelling approach using a simple, but significant case study: an e-commerce site developed on top of WordPress.

show abstract

A Threat-Driven Approach to Modeling a Campus Network Security

Cited by 6 publications

References 4 publications

Towards a Critical Review of Cybersecurity Risks in Anti-Poaching Systems

Towards a Critical Review of Cybersecurity Risks in Anti-Poaching Systems

Applying Mathematics and Engineering Techniques to Cyber Security

Systematic analysis of automated threat modelling techniques: Comparison of open-source tools

Contact Info

Product

Resources

About