What are offensive trees?
attack trees are a way to visually represent the threats of computer security in the branch model to determine which threats are most likely to block threats. Safety expert Bruce Schneier has designed a model of the attack tree and is widely used in a series of settings. Employees and safety consultants of information technology can use this among many methods to find weak points in the system and develop a plan to solve them. This method is used primarily in computer security, but can also be used on other topics such as home security. In a household where something valuable is stored in the bedroom, for example, the attack tree has explored different ways that people should access this item, from the bedroom window to create friendships and use access to dinner to stole the object.
The goal, such as access to intimate ensembles or theft of money, is the root of an offensive tree. Each branch represents a different meFor this goal and branch, they could eliminate in a number of directions, with different options for the enactment of these methods. For example, capturing an e-mail could be made friends with a system manager who has a high level password or to capture an e-mail when they pass through the server.
With graphical representation of possible use of the system, it is possible to assign difficulty values to different items in the graph. Attack trees can help security professionals to determine where the weaknesses lie, versus the area of high security that probably do not need further measures. Costs may also be consideration; The method can be very easy, but so expensive that costs create a significant barrier and THUS, it can be a lower priority than a more difficult but very cheap choice. Attack trees can help security professionals to set priorities in terms of improving security and evolving to remainAly before threats.
Creativity is critical in creating offensive trees. Safety experts must "think outside the box" in terms of exploring possible exploitation that could be used to access the secure system. Lack of anticipation could lead to a missing obvious problem, such as the possibility that someone could enter the unlock room and simply steal a server that contains the required confidential data.