HW3.docx

Name:

Question 1

Carefully review what you have done in Lab-3. Describe different types of attackers and their characteristics based on the attacks and attackers you have seen in Lab-3. Compare and contrast the possible resources, capabilities, techniques, motivations of these different attacker profiles.

Question 2 

Describe different types of attacks and their characteristics by taking the phases of MITRE’s ATT&CK framework into account.

Question 3 

Describe the following concepts:

A) Attack surface

B) Attack vector

C) Attack tree

Answer the following questions:

1) Which one is a base metric for calculating the CVSS score of a vulnerability? What are the values for the base metric? Explain those possible values.

2) Can an attack tree include attack surface and attack vector information? Explain.

3) Which one has more attack surface for an unprivileged attacker who is in the same network with the target computers? Explain.

a. Ten Windows 7 computers with ports 135, 137, 138, 139, and 445 are open.

b. One Red Hat Enterprise Linux that has 15 ports open, One Windows 2018 server that has 10 ports open.