Week 3 - What do I have or create?




Last week, I mentioned several websites where we can go to look for information.  Now, let’s get started with the first step in threat modeling, know your network (what do I have or create?).  It sounds simple, isn’t it?  At the abstract level, it is indeed simple.  We just lay out what we have.  Well, it is not that straightforward.  What we do in this step directly depends on the type of threat model we choose.  There are a few ways to threat model.  I list each of them with brief descriptions below:

Asset centered method – Focus on assets to find possible threats and to develop protection.  For example, I want to protect my multifunction printer from the thief; what are possible ways that my printer can be stolen or damaged.

 Attacker centered method – Focus on the attacker’s skill, motivation, behavior, and characteristics.  Given the printer is connected to the network inside the home; what type of attackers want my printer? What kind of skill will they need? Why do they want the printer? What can they do with it? How can they steal it?

Software centered method – With today rapid growth in technology and communication. Almost everything gets digitized.  Information is processed, transported, and stored by software.  Software centered threat modeling becomes the new approach for many cases.  If the multifunctional printer is connected to the network, the attacker may target the printer just to get to other target points.  Thus, to protect the printer from the attacker, we need to understand how the printer connects to the network and how information can be transport from and to the printer.

Process centered method – This method looks at the process to achieve a task.  Let’s say I have a safe buried underground in my basement.  To get to the safe, I need to get in the house, the basement, and dig the basement floor.  

I will come back to discuss each method in detail in some future blogs.  In the next few blogs, I will focus on the software centered method for threat modeling.  One commonly used method to draw the diagram is the Data Flow Diagram (DFD).  The DFD is the traditional method used by the engineer in their design process.  It describes the flow of data across all elements between the source and the destination.  Let’s look at a simple web server application containing a browser, cookies, web server, and the database.  The DFD will describe each element in the network; the communication methods between two elements; and other dependencies such as configuration attributes, user interaction, and so on.


Figure 1.  DFD for a simple web application

The purpose of the diagram is to help the threats and vulnerabilities identification process.  A more detailed diagram yields a better result.  To emphasize the point, it makes a difference when the diagram specifies if the protocol from the browser to the web server is HTTP or HTTPS.  HTTP protocol poses threats like the man in the middle (MITM) attack, eavesdropping, and confidentiality while HTTPS may not.  Getting this step thoroughly done eliminates the need to do it again when we reach the last step (Are the problems properly fixed?).

There are many programs support network diagrams like Microsoft Visio, SolarWinds MSP, Lucidchart, and Draw.io.  They generate static network diagrams and some won’t fit well in threat modeling.  Microsoft also created a free program called Microsoft Threat Modeling Tool with a built-in capability to draw network diagrams.  This tool identifies threats automatically and dynamically, which makes the process much easier.  I will talk a little bit more about the threat identification process in my next blog.   

For now, adios



References:

https://threatmodeler.com/2016/04/15/approaches-to-threat-modeling/

Comments

Post a Comment

Popular posts from this blog

Week 10 - STRIDE: Elevation of Privilege

Image
Elevation of Privilege, in a nutshell, is the act of gaining access to information, data, or code that otherwise not allowed under the current user’s privilege.   Every user account has a set of access right assigned to fit the account holder’s function.   Traditionally, user privileges are divided into groups like administrative, operation, and view only.   Each user is assigned to one or more groups and has the privileges assigned to the groups.   In a more sophisticated system, users in the same groups can have different access rights.   There are two types of privilege elevations, vertical privilege elevation, and horizontal privilege elevation.    Vertical privilege elevation is when a user gains the privileges of another user whose access right is higher than himself or herself.   An example of this is the sudo command in Debian Linux systems.   Normal user can perform superuser operation when added to the sudo list....
Read more

Week 7 - STRIDE: Repudiation

Image
In 2000, couple individuals at Signal Lake were sued for $25 million by a man named Suni Munshani.   He alleged that Signal Lake’s officers promised him a large amount of asset.     Munshani provided an email that purportedly sent from the dependents as the proof for his allegation.   The court ordered security professional to investigate and concluded that the plaintiff altered one of the emails the dependent sent to him.   Although this does not relate to repudiation, it brings an important aspect of non-repudiation.   (memecrunch.com) Repudiation, in short, is the denial of any wrongdoing , which is the very first thing anyone would do when they get caught doing something illegal.   Professional hackers learn to cover their track very well.   Likewise, security professionals learn to track.   For the email tampering case I mentioned, the defendant would not win the lawsuit if old emails weren’t available for invest...
Read more

Week 8. Secure Your Credit Cards

In the past few years, online shopping had increased tremendously.  With the growth of online purchase, the risk of credit card theft also grows proportionally.  To protect consumers, major credit card issuers and those involved in the credit card transaction have worked hard to maintain satisfactory security level.   Credit card issuers, today, provides free services that used to come with a membership fee.  One beneficial service is text, email or phone call notification on credit card transaction.  The feature can be activated in card holder's account settings.  Once activated and set to a desired notification preference, the card holder receives notification of the transaction made to the credit card.  The card holder can also receive notification of suspected transactions.  The mechanism works by studying how and where the credit card is being used.  When the card is used outside of the norm, the transaction will be stopped, and the no...
Read more