Analysing the ACME example model

The ACME corp. ICT infrastructure

In the below Figure the made-up ACME corp. ICT infrastructure is presented. It consists of three network zones; office, staging, and production. In the networks there are a few hosts with established communication between them. Overall, we want to protect the company’s customer record database from an attacker we assume has compromised an office work station.

The ACME model

When launching securiCAD for the first time, you will see a greeting window with some useful information and then you will be prompted to put in your e-mail address and the simulation key from the e-mail you got when fetching securiCAD.

When this information has been put in and verified, securiCAD will start with a model of the ACME infrastructure automatically loaded.

The ACME model consists of objects with connections between them. Objects represent hardware and software artefacts in reality like for instance networks, routers, hosts, user accounts, and services. In our example, we have one network object called Office and one called Staging Infra. The Office and Staging infra networks are connected via a router object GW1. The connections carry specific meanings. A host connected to a network states that that host is reachable from the connected network, a service-connected to a host states that the service is run by this particular host and so on.

If you navigate around a little bit in the model you find other objects representing the other things from the above infrastructure. In addition, there are some objects not directly detailed in the specification, like an RDP session between a host in the Office network and a host in the Staging infra network. We also assume that all hosts and services have an AccessControl and that each one of them has an UserAccount.

Objects have different types of attack steps and defenses associated to them. An attack step is something harmful that an attacker can accomplish and defenses are countermeasures that will make the attack steps more difficult or “expensive” to succeed with. Attack steps and defenses are different depending on what type of object is selected.

For instance, if we select the Office network object, we find the attack steps ARPCachePoisoning, Compromise, DNSSpoof and DenialOfService and the defense mechanisms DNSSec, PortSecurity and StaticARPTables.

Finally the model also contains an Attacker object defining the attack scenario. In our case we assume that the attacker has compromised Workstation 1.


What’s Next