TEAM Threat Operational Threat & Risk Information Sharing and Analytics.
14 threat risk modeling.pptx
-
Upload
rap-payne -
Category
Technology
-
view
109 -
download
0
description
Transcript of 14 threat risk modeling.pptx
Threat Risk Modeling
How do I know what threats I should protect from?
Threat risk modeling focuses you on what is really important
Which method you choose isn’t important. Just make sure you plan before you start hardening
How we protect ourselves
1: Identify security objectives
What do we want to protect?
o Identity o Repudiation o Financial o Privacy o Regulatory o Availability
o Laws o Regulations o Standards o Legal
agreements o Information
security policy
How do we decide what to protect?
2: Application overview
Next, get a deep understanding of the architecture of the app
• Components • Data flows • Trust boundaries
3: Decompose the application
o Every part that involves security must be broken down even further
o Example: Authentication mode • How does data enter? • How does each module validate that data? • How does each module process that data? • Between which modules does the data flow? • Where is the data stored? • How does it get into and out of the data store? • What decisions are made by each module based on
the authentication?
5: Identify vulnerabilities
After finding and prioritizing threats, we identify our security holes and fix them
We'll choose these methods for the sake of discussion
Methodology Purpose
STRIDE Threat identification
Threat trees Vulnerability identification
DREAD Prioritization of each threat
STRIDE is for identifying threats
o Spoofing identity
o Tampering with data
o Repudiation
o Information disclosure
o Denial of service
o Elevation of privilege
STRIDE: Spoofing identity
o Must not be able to impersonate another user
o Pretending to be a user • [email protected], sn00ki
o Pretending to be a server • facebook.com
o Pretending to be a binary • SomeProg.exe, SomeLibrary.dll
STRIDE: Tampering with data
o Changing form fields on the client-side • Cookies • HTTP Headers
o Changing a file on the disk • Programs • DLLs
o Changing data in mid-stream • TCP/IP packets
o Don’t use sensitive data that is persisted in this way.
STRIDE: Repudiation
o Proof that a transaction occurred • "I've never logged on to that server" • "I've never modified that file" • "What?!? I didn't order that iPad" • "But honey, I'd never visit a website like that!"
o Access logs o Audit trails
STRIDE: Information disclosure
o Browsers may expose personal data o Error messages can leak data
STRIDE: Denial of service
o Crashing a website by flooding it with requests • Minimize or eliminate • File downloads • Database transactions • Time-consuming actions • Provide unique links per user that can be ignored
by the server.
STRIDE: Elevation of
privilege
o Breaking into a server's OS
o Attackers can’t become admin users
Threat trees are for deeper analysis
o You can only document known threats.
DREAD is for prioritization
o Damage potential
o Reproducibility
o Exploitability
o Affected users
o Discoverability Each aspect gets a score. The scores are
added for each threat and allows us to decide which one(s) to tackle first.
DREAD: Damage potential
o If the threat is realized, how much damage is caused? • None à 0 • One user’s data is compromised à 5 • Entire database is compromised à 10
DREAD: Reproducibility
o How easy is it reproduce? • Very hard for elevated users à 0 • Couple of steps for a logged-in user à 5 • Needs just an anonymous user and an address
bar à 10
DREAD: Exploitability
o What do you need to have to exploit the threat? • Super-developer skills and special tools à 0 • Tools can be found easily à 5 • Just a browser à 10
DREAD: Affected users
o How many users will be affected? • Zero à 0 • Some users, but
not all à 5 • All users à 10
DREAD: Discoverability
o How easy is the vulnerability found? • Very hard or impossible à 0 • Could guess by watching network traffic à 5 • Can be found by Googling à 9 • It’s in the address bar à 10
Summary
o Don’t just start protecting code • Expensive • Incomplete
o Threat risk modeling brings focus o STRIDE helps to identify threats o Threat trees help to identify vulnerabilities o DREAD helps to prioritize threats
Further study
o OWASP page from which this was taken: • https://www.owasp.org/index.php/
Threat_Risk_Modeling o MSDN STRIDE article:
o http://bit.ly/MSDNSTRIDE