Hi I used and still using mindman a GOOD tool to do brainstorming or a tree structure. You will start with a MAIN central idea and you build from their. Their site can be found at this URL: http://www.mindjet.com/ I hope this help. I have used the tool for over 2 years and it does what it is suppose to do, yet not that expensive. Peace NtWaK0 -----Original Message----- From: Kruse, Darren (DEH) [mailto:Kruse.Darren2at_private] Sent: Thursday, March 21, 2002 10:00 PM To: 'pen-testat_private' Subject: best tool to draw attack trees ?? I'm puzzling over what is the best way to draw attack trees. Attack trees provide a formal, methodical way of describing the security of systems, based on varying attacks. Basically, you represent attacks against a system in a tree structure, with the goal as the root node and different ways of achieving that goal as leaf nodes. Bruce Schnier's Secrets and Lies - Digital Security in a Networked World http://www.amazon.com/exec/obidos/ASIN/0471253111/qid=1016671800/sr=8-1/ref= sr_8_67_1/002-8209990-0206427 , in particular chapter 21 covers Attack Trees There's also a DDJ article on attack trees http://www.ddj.com/documents/s=896/ddj9912a/9912a.htm (also by Bruce Schnier) that covers virtually the same ground as the book. I'm thinking that it would make a really good motivational tool for management to see what all the threats are against our systems. Having a documented attack tree would also help me in identifying what holes ,and threats I need to worry about RIGHT NOW ! My first thought was to wade in, and start drawing with Visio - making use of the layers feature to distinguish between different sets of values.. Possible / Impossible Cost script kiddie tool released ? etc.. But does anyone know of a more "closely-suited" tool than Visio ? I've done a google search on "attack tree" software, and come up blank. There are cheaper alternatives to Visio - maybe Kivio mp http://www.thekompany.com/products/kivio/faq.php3 ?? Unfortunately, the KDE version (Kivio without the mp suffix) doesn't do layers. :-( Would a web interface be better ? - certainly for navigating between threats, but how about when you want to see a larger part of the tree ? , or the whole attack tree ?? Maybe MS Project ? - it's good at showing inter-related tasks , that have dependancies and costs, and can output to HTML as well. How about when I want to add , or share bits of someone else's attack tree ? It would be cool to be able to download discrete sub-branches, just like you download additional Snort IDS signatures. Darren Kruse CCNP CCDP WAN/LAN Networking Consultant Mobile : (+61) 0407 446 399 mailto://darren_kruseat_private http://www.geocities.com/darren_kruse ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 16:15:03 PST