The fundamental approach of cyber security analysis with securiCAD is to simulate potential attacks. These simulations are performed in models of Information and Communication Technology (ICT) infrastructures. This teaching module will use an example model of a fictitious and simplified ICT infrastructure. The example model is bundled with the software. We suggest you run securiCAD in parallel while going forward with this module.
The ACME corp. ICT infrastructure
In the below Figure the made-up ACME corp. ICT infrastructure is presented. It consists of three network zones; office, staging, and production. In the networks there are a few hosts with established communication between them. Overall, we want to protect the company’s customer record database from an attacker we assume has compromised an office work station.
The ACME model
When launching securiCAD for the first time, you will see a greeting window with some useful information and then you will be prompted to put in your e-mail address and the simulation key from the e-mail you got when fetching securiCAD.
When this information has been put in and verified, securiCAD will start with a model of the ACME infrastructure automatically loaded.
The ACME model consists of objects with connections between them. Objects represent hardware and software artifacts in reality like for instance networks, routers, hosts, user accounts, and services. In our example we have one network object called Office and one called Staging Infra. The Office and Staging infra networks are connected via a router object GW1. The connections carry specific meanings. A host connected to a network states that that host is reachable from the connected network, a service connected to a host states that the service is run by this particular host and so on.
If you navigate around a little bit in the model you find other objects representing the other things from the above infrastructure. In addition, there are some objects not directly detailed in the specification, like an RDP session between a host in the Office network and a host in the Staging infra network. We also assume that all hosts and services have an AccessControl and that each one of them have a UserAccount.
Objects have different types of attack steps and defenses associated to them. An attack step is something harmful that an attacker can accomplish and defenses are countermeasures that will make the attack steps more difficult or “expensive” to succeed with. Attack steps and defenses are different depending on what type of object is selected.
For instance, if we select the Office network object, we find the attack steps ARPCachePoisoning, Compromise, DNSSpoof and DenialOfService and the defense mechanisms DNSSec, PortSecurity and StaticARPTables.
Finally the model also contains an Attacker object defining the attack scenario. In our case we assume that the attacker has compromised Workstation 1.
Now, let us move directly to the core of securiCAD. We want to understand: how secure are our customer records? In order to answer that question securiCAD lets you simulate potential attack paths from the attacker to all the assets in our modeled infrastructure by simply clicking the Simulate button.
Simulations then run both in an online cloud service and locally in the securiCAD software. As soon as the simulation is ready, the results will be shown in two ways; the frames of the objects in the model will be given colors based on the attack success rate and the results will also be presented in an online report. The upper half of it is seen below.
Now, we have run our first simulation on the example model.
In the next module, “Simulation Results”, we will take a closer look at what different types of results we get from a simulation.