Abstract
The global network infrastructure spectrum is witnessing its fastest growth since the last decade with concurrent rise in cloud computing, Internet of things (IoT), and edge computing. There has been a multitude of heterogeneous networking devices spanning different configurations and using a variety of access methods. A parallel evolution of the network infrastructure security is happening with increasing attempts to exploit the security vulnerabilities in mission critical cyber-assets of organizations. Several organizations invest heavily in security research using lengthy and cryptic mathematical models while ignoring the practical network implementation situation and focus only on the monetary implications of the attack and defense. Attack tree has evolved as a convenient and cost effective way of plotting the network in which an attack may take place and can also help organizations understand the way it can be defended. Attack trees combined with the MITRE ATT&CK framework are widely used for crown jewels risk assessment globally. However, the major challenge for information security experts using the attack tree methodology lies in manually creating the attack tree and plotting all the crown jewels and perimeter network so that it can be defended from attackers. We propose a test lab setup for simulation and attack tree generation, which can be used in conjunction with the MITRE ATT&CK framework and allow us to create and assess various attack scenarios while providing flexibility in subnet configuration and movement, addition or removal of networking devices. The lab can be cloud hosted with a popular cloud hosting on Microsoft Azure or may be created on a VM within a dedicated high-resource machine to be used as a portable testbed. The results indicate that both services have their own pros and cons based on the hours of usage, and the dedicated resource VM testbed may perform better in a low-risk potential small network while the cloud-based approach is useful for the scalable organizations with high-threat potential.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Herjavecgroup.com Official Annual Cyber Crime Report 2018. [online] Available at: https://www.herjavecgroup.com/wp-content/uploads/2018/12/CV-HG-2019-Official-Annual-Cybercrime-Report.pdf. Accessed 10 Oct 2021
B. Schneier, “Attack trees: modeling security threats,” Dr. Dobb’s Journal, December (1999)
I. Ray, N. Poolsapassit, Using attack trees to identify malicious attacks from authorized insiders. In Proceedings of the 10th European Conference on Research in Computer Security (ESORICS'05) (Springer, Berlin, Heidelberg, 2005), pp. 231–246. https://doi.org/10.1007/11555827_14
S. Mauw, M. Oostdijk, Foundations of attack trees. Lecture Notes Comput. Sci. 3935, 186–198 (2006). https://doi.org/10.1007/11734727_17
J. Stefan, M. Schumacher, Collaborative attack modeling. In Proc. SAC 2002 (ACM, 2002), pp. 253–259
T. Tidwell, R. Larson, K. Fitch, J. Hale, Modeling internet attacks, in Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (2001)
K. S. Edge, G.C. Dalton II, R.A., Raines, R.F., Mills, “Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security” MILCOM 2007 (2007), pp. 1–7
R. Jhawar, B. Kordy, S. Mauw, S. Radomirovic, R. Trujillo-Rasua, Attack trees with sequential conjunction. IFIP Adv. Inf. Commun. Technol. 455 (2015). https://doi.org/10.1007/978-3-319-18467-8_23
S. Noel, S. Jajodia, “Managing attack graph complexity through visual hierarchical aggregation”, in Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security (New York, USA, 2004), pp. 109–118
O. Sheyner, Scenario Graphs and Attack Graphs. Ph.D. thesis, Carnegie Mellon University (2004)
S. Noel, S. Jajodia, “Managing attack graph complexity through visual hierarchical aggregation”, in Proceedings of the workshop on Visualization and data mining for computer security (New York, USA, 2004), pp. 109–118
S. Mauw, M. Oostdijk, Foundations of attack trees, in ICISC 2005. ed. by D.H. Won, S. Kim. LNCS 3935. (Springer, Heidelberg, 2005), pp. 186–198
B. Kordy, S. Mauw, S. Radomirovic, P. Schweitzer, “Foundations of Attack–Defense Trees,” In: LNCS (Springer, Heidelberg, 2010). Available at http://satoss.uni.lu/members/barbara/papers/adt.pdf
Gartner, Gartner Forecasts Worldwide Public Cloud End-User Spending to Grow 18% in 2021 (2020). [online] Available at: https://www.gartner.com/en/newsroom/press-releases/2020-11-17-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-grow-18-percent-in-2021. Accessed 16 Oct 2021]
All prices shown are in US Dollar ($). This is a summary estimate, not a quote. For up to date pricing information please visit https://azure.microsoft.com/pricing/calculator/. This estimate was created at 10/16/2021 6:09:58 AM UTC
Newegg.com. 2021. Newegg—Shopping Upgraded. [online] Available at: https://www.newegg.com/. Accessed 16 Oct 2021
Netgate. 2021. Netgate 5100 pfSense+ Security Gateway. [online] Available at: <https://shop.netgate.com/products/5100-pfsense> [Accessed 16 October 2021].
GitHub, GitHub—telekom-security/tpotce: T-Pot - The All In One Honeypot Platform (2021). [online] Available at: <https://github.com/telekom-security/tpotce>. Accessed 16 Oct 2021
V. Pro, VMware Workstation 16 Pro. [online] Store-us.vmware.com (2021). Available at: https://store-us.vmware.com/vmware-workstation-16-pro-5424176500.html. Accessed 16 Oct 2021
M. Yadav, S. Gupta, Hybrid meta-heuristic VM load balancing optimization approach. J. Inf. Optim Sci. 41(2), 577–586 (2020). https://doi.org/10.1080/02522667.2020.1733190
S. Gupta, B. Gupta, Performance modeling and evaluation of transportation systems using analytical recursive decomposition algorithm for cyclone mitigation. J. Inf. Optim. Sci. 40(5), 1131–1141 (2019). https://doi.org/10.1080/02522667.2019.1638003
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Gupta, S., Gupta, B., Rana, A. (2023). A Comparative Cost Analysis of Organizational Network Security Test Lab Setup on Cloud Versus Dedicated Virtual Machine. In: Zhang, YD., Senjyu, T., So-In, C., Joshi, A. (eds) Smart Trends in Computing and Communications. Lecture Notes in Networks and Systems, vol 396. Springer, Singapore. https://doi.org/10.1007/978-981-16-9967-2_58
Download citation
DOI: https://doi.org/10.1007/978-981-16-9967-2_58
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-9966-5
Online ISBN: 978-981-16-9967-2
eBook Packages: EngineeringEngineering (R0)