Transcript Scenario1: Network Attack from Internet

Physician Reminder
System
SNA Step 3
Earl Crane
Hap Huynh
Jeongwoo Ko
Koichi Tominaga
11/14/2000
Overview
Attacker Profiling
Vulnerabilities
Existing Mediation Strategies
Attack Scenarios which attackers will mount
Attack Traces
Compromiseable components
Soft spots(*)
Next Steps
Attacker Profiling
Type of
Attacker
Attack
Objective
Motivation
Attack Methods
“Hacker”
Hospital network
and PRS Server
General curiosity; need to
cause mischief
Social engineering,
malicious code, or
IP sniffing to capture
client passwords
Hospital network
and PRS server;
denial of service
Likely to be highly
motivated to demonstrate
provider’s weak security
Social engineering,
malicious code, or
IP sniffing to capture
client passwords
Access to patient
information;
corruption; denial
of service
Motivation from curiosity to
financial gain
Range from
unauthorized
commands to
sophisticated attacks
involving spoof attack
and data integrity
attack
Competitor
Insider (current
or former
employees)
Attacker Profiling
Most Likely Attacker
1. Insider:
• High probability due to current policies and PRS
configuration
• Mode of attack will be within the Hospital network
2. Hacker:
• Medium probability if attack is outside of the Hospital
network because the network is closed
• PRS will not be its primary target since it does not perform
critical functions.
3. Competitor:
• Low probability because repercussions will be more
damaging than potential gain
Vulnerabilities
Hospital network works under a trusted group
model
PRS clinic policy allows for all users to view
patient information
PRS system does not have real-time
notification of unauthorized access by users
PRS system does not have an intelligent way
of auditing user activity
Back-door installed from the inside network
Modem dial-in pool
Existing Mediation Strategies
Tracking by “Audit trail”
Security policy education to the staffs


Password policy
Virus checks
Firewall implementation
In the process of eliminating modem
pool
Types of Attacks & Related
Intrusion Usage Scenarios (IUS)
1. Internal Network Access:


IUS(1) Unauthorized use of PRS
IUS(2) Spoofing/man-in-middle
2. External Network Access:


IUS(3) Malicious code
IUS(4) Intrusion via modem pool
Intrusion Usage Scenarios for
Type 1: Internal Network Attack
IUS(1) Unauthorized use of PRS via access
to confidential patient information

Who is the attacker


What are at stake



Insider (Disgruntled employee, former employee, or
corporate spy)
View or modify private patient information
Disclosure of patient information to embarrass and
harm the hospital
How does it happen

Abuse of legitimate access rights
Tracing of IUS 1
PRS System
Hospital Information System
Modem pool
PRS Client
Email
Browser
PRS Client
Program
Intruder’s
Machine
Firewall
Email Server
Other Client
Web Server
Affinity
System
(Registration)
Eclypsis
PRS Server
Database
Interface
Engine
LAB
Intrusion Usage Scenarios for
Type 1: Internal Network Attack
IUS(2): Access to the PRS server/client via sniffing,
man-in-middle, and spoof-the-server.

Who is the attacker


What are at stake




•
Insider (Curious employee, Disgruntled employee, former
employee, or corporate spy)
Compromise the availability of the system
Denial of service
View or modify patient information
Disclosure of patient information to embarrass and harm the
hospital
How does it happen
•

Illegitimately obtain passwords
Abuse of legitimate access rights
Tracing of IUS 2
PRS System
Hospital Information System
Modem pool
PRS Client
Email
Browser
PRS Client
Program
Intruder’s
Machine
PRS Server
X
Database
Firewall
Email Server
Other Client
Web Server
Affinity
System
Intruder’s
Machine
X
(Registration)
Eclypsis
Interface
Engine
LAB
Intrusion Usage Scenarios for
Type 2: External Network Attack
IUS(3): Malicious Code

Who is the attacker
 Hacker
 Competitor

What are at stake
 Data integrity, privacy, and availability.
 Limit or deny access to the PRS

How does it happen
 Client machines intentionally/unintentionally download
malicious code from outside the network.
Tracing of IUS 3
PRS System
Public
network
Hospital Information System
Modem pool
PRS Client
Email
Browser
PRS Client
Program
Firewall
Email Server
Other Client
Web Server
Affinity
System
(Registration)
Eclypsis
PRS Server
Database
Interface
Engine
LAB
Intrusion Usage Scenarios for
Type 2: External Network Attack
IUS(4): Intrusion via modem pool

Who is the attacker
 Hacker
 Competitor

What are at stake
 Data integrity, privacy, and availability

How does it happen
 Attacker locates modem pool to bypass hospital
security system.
Tracing of IUS 4
PRS System
Public
network
Hospital Information System
Modem pool
PRS Client
Email
Browser
PRS Client
Program
Firewall
Email Server
Other Client
Web Server
Affinity
System
(Registration)
Eclypsis
PRS Server
Database
Interface
Engine
LAB
All Compromisable
Components
PRS System
PRS Client
Email
Browser
PRS Client
Program
Public
network
Hospital Information System
Firewall
Email Server
Other Client
Web Server
Affinity
System
(Registration)
Eclypsis
PRS Server
Database
Interface
Engine
LAB
Public
network
Soft Spots
Soft Spots
PRS System
PRS Client
Email
Browser
PRS Client
Program
Hospital Information System
Firewall
Email Server
Other Client
Web Server
Affinity
System
(Registration)
Eclypsis
PRS Server
Database
Interface
Engine
LAB
Next Step
Identification of Soft Spots (with WPH staffs)
Confirmation of existing strategies for
resistance, recognition, and recovery
More detailed Analysis of intrusion scenarios
Presentation of Survivable map for the
architecture, suggested policy changes, cost
estimate, and recommended timeline for
implementation