Cyber-Attack Analysis of a School Computer Network

摘要

Cyber attacks on higher education institutions have been on the increase, particularly because, in contrast to targets like banks and financial institutions, college and university computer networks have historically been as open and inviting as their campuses. Such institutions are vulnerable to security breaches that may expose them to losses and other risks. There is a need to determine which paths are most vulnerable to attacks so as to implement ways of reducing the vulnerability. Sections on the school's network system for possible cyber-attacks include the Database server, Mail server, VOIP, Library/resources and Administrative server. Other sections include the firewalls and devices that connect the Internet to the schools local area network (LAN). In this paper, the attack tree modeling techniques of quantifying cyber-attacks for a school network system is presented. Attack trees are developed by decomposing the path in the network system to where attacks are plausible. This work focuses on possible attacks by external adversary on a database server because of the sensitivity of the information on the database. The vulnerabilities on the network system were represented by nodes on the Attack Tree. Two possible attack paths were constructed for the system. One attack path represents attacks through the internet, and the other represents attacks through the wireless access points in the school vicinity. The probability of success of the event, the attack payoff and the commitment of the attacker to intrude is estimated for the leaf nodes and this is used to calculate the Return on Attack up the attack tree. A Return on Attack (R) value was then calculated for the root node. Countermeasures were then implemented and a modified network system obtained. The R values for the nodes were observed to decrease, after upgrading the network security systems with these countermeasures. The knowledge of the possible attacks allows the system administrators to provide adequate defenses against cyber attack scenarios.