Dailydave mailing list archives
Re: Mathematical Model for assessing Intentional Attacks
From: Konrads Smelkovs <konrads.smelkovs () gmail com>
Date: Tue, 2 Feb 2016 21:31:49 +0000
I skim read the book and have some initial thoughts. For sake of this list, the TL;DR version of it is (in my poor paraphrasing): Take network, plot a graph, give nodes score based on connectedness, estimated attacker value sort by PageRank which gives you the most nodes-at-risk which then suggests where to concentrate defence efforts. The Risk formula is adjusted as per the attached png. I think this is an overall interesting approach and the authors consider multiple types of attackers - e.g. authorised users exceeding privileges and ghosts in the network, but I would find the application of this model in the Real World [tm] problematic for the following reasons: * value of node for its owner vs value for an attacker differs depending on the type of attacker (I wish Authors would have used Intel's TARA); organisations find it problematic to put a value on the asset themselves. * connectedness matters when you consider inbound connections, but (unless I misunderstood), it sort of makes endpoints either super-connected (each surf session to facebook.com makes the node much, much more connected than anything else inside the network) or connected very little - perhaps only to nearest management system. * the value of secrets on a system is quite important as an intermediary target, for example, a management system in a NOC which has all those RW SNMP strings is priceless and a big target and stepping stone. * finally, I think not all nodes are made equal as they have different "hardness", e.g. something running an ERP probably is a softer target than a patched and locked down DC. Regardless, I think this is a good foray into the topic and I wish authors luck in following revisions. -- Konrads Smelkovs Applied IT sorcery
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Mathematical Model for assessing Intentional Attacks Victor Chapela (Feb 02)
- Re: Mathematical Model for assessing Intentional Attacks Konrads Smelkovs (Feb 04)
- Re: Mathematical Model for assessing Intentional Attacks Darkpassenger (Feb 04)
- Re: Mathematical Model for assessing Intentional Attacks Konrads Smelkovs (Feb 04)