Lecture 3: Threat Modeling Concepts and Methodologies PDF

LECTURE 3: UNDERSTAND AND APPLY THREAT MODELING CONCEPTS AND METHODOLOGIES DICTIONARY ASSET ▪ An asset is any element ahs a value for organization. ▪ a resource, process, product, computing infrastructure, and so forth that an organization has determined must be protected. THREAT ▪ The presence of any potential event that causes an unwanted impact on the organization ▪ ATTACK ▪ The presence of any actual event that causes an unwanted impact on the organization. VULNERABILITY ▪ The absence of safeguard OR a system weakness might be used by threat to cause a damage to the system. THREAT AGENT ▪ The entity ( a person or process) initiates the threat. EXPLOIT ▪ if the vulnerability found by threat agent and threat initiated. DICTIONARY CONTROL/ COUNTERMEASURE/ SAFEGUARD ▪ Any step/action to prevent the threat exploiting the vulnerability. ▪ (OR): Minimize the damage of the exploit RISK ELEMENTS ❑ A risk is the possibility or likelihood that a threat will exploit a vulnerability resulting in a loss such as harm to an asset. ❑ Risk management attempts to reduce or eliminate vulnerabilities or reduce the impact of potential threats by implementing controls or countermeasures. ❑ Risk elements are: ❑ Threat ❑ Vulnerability ❑ Asset ❑ Damage THREAT MODELING ▪Threat modeling is the security process where potential threats are: ❑ identified, ❑ categorized, and ❑ analyzed. ▪Threat modeling can be performed as: ❑a proactive measure during design and development or ❑ a reactive measure once a product has been deployed. THREAT MODELING ▪A PROACTIVE APPROACH to threat modeling is known as a defensive approach. ▪ This method is based on predicting threats and designing in specific defenses during the coding and crafting process, rather than relying on post-deployment updates and patches. ▪A REACTIVE APPROACH to threat modeling takes place after a product has been created and deployed. This type of threat modeling is also known as the adversarial approach. IDENTIFYING THREATS ▪Focused on Assets This method uses asset valuation results and attempts to identify threats to the valuable assets ▪Focused on Attackers Some organizations are able to identify potential attackers and can identify the threats they represent based on the attacker’s goals. ▪Focused on Software If an organization develops software, it can consider potential threats against the software. IDENTIFYING THREATS The three primary steps are as follows: 1. Identify all of the technologies involved. 2. Identify attacks that could be targeted at each element of the diagram. Keep in mind that all forms of attacks should be considered, including logical/technical, physical, and social. 3. Prevention measures. STRIDE THREAT MODEL ❑ In order to assess the security of a system, we must therefore look at all the possible threats. ❑ The STRIDE model is a useful tool to help us classify threats. ❑ To categorize a threat, it is often helpful to use a guide or reference to do so, a well-known guide is known as STRIDE. Think like hackers ❑ STRIDE is a threat categorization Predict the issues scheme developed by Microsoft. before they happen STRIDE THREAT MODEL – CONT. 1. Spoofing: gaining access through falsified identity 2. Tampering: unauthorized changes or manipulation of data 3. Repudiation: Ability to deny having performed an action/activity 4. Information disclosure: Revelation or distribution of private, confidential, or controlled information to unauthorized entities 5. Denial of service (DoS): Prevent authorized use of a resource. This can be done through connection overloading or traffic flooding 6. Elevation of privilege: A limited user account is transformed into an account with greater privileges, powers, and access. Although STRIDE is typically used to focus on application threats, it is applicable to other situations, such as network threats Other attacks may be more specific to network, such as sniffing. STRIDE Threat Property Example Mitigation Approach/ Violated Countermeasures Spoofing Authentication Pretending to be any of Bill Gates, Digital signatures, Active Paypal.com or ntdll.dll directory, LDAP Passwords, crypto tunnels Tampering Integrity Modifying a DLL on disk or DVD, or a Hashing, Digital signatures, packet as it traverses the network ACLs/permissions, crypto tunnels Repudiation Non-repudiation “I didn’t send that email,” “I didn’t Digital Signatures, Customer modify that file,” “I certainly didn’t visit history risk management, that web site, dear!” Logging Information Confidentiality Allowing someone to read the Encryption, Access Control Disclosure Windows source code; publishing a list Lists, PGP (for emails), of customers to a web site. SSL/TLS Denial of Availability Crashing Windows or a web site, Load Balancers, more Service sending a packet and absorbing capacity seconds of CPU time, or routing packets into a black hole Elevation of Authorization Allowing a remote internet user to run Isolation, Input Validation, Privilege commands is the classic example, but Firewalls, Sandboxing going from a limited user to admin STRIDE THREAT MODEL EXAMPLE APPLY CYS CONCEPTS TO THE SUPPLY CHAIN ▪A SUPPLY CHAIN IS A NETWORK BETWEEN A COMPANY AND ITS SUPPLIERS TO PRODUCE AND DISTRIBUTE A SPECIFIC PRODUCT TO THE FINAL BUYER. ▪A SUPPLY CHAIN is the concept that most computers, devices, networks, and systems are not built by a single entity. APPLY CYS CONCEPTS TO THE SUPPLY CHAIN ▪A SECURE SUPPLY CHAIN is one in which all of the vendors or links in the chain are reliable, trustworthy, reputable organizations that disclose their practices and security requirements to their business partners. ▪ The goal of a secure supply chain is: ▪ to ensure that the finished product is of sufficient quality, meets performance and operational goals, and provides stated security mechanisms, and ▪ that at no point in the process was any element counterfeited or subjected to unauthorized or malicious manipulation or sabotage. APPLY CYS CONCEPTS TO THE SUPPLY CHAIN ▪ Integrating security assessments when working with external entities is just as important as ensuring a product was designed with security in mind. APPLY CYS CONCEPTS TO THE SUPPLY CHAIN CYS team should inspect the connected systems throughout: ▪ On-Site Assessment Visit the site of the organization to interview personnel and observe their operating habits. ▪ Document Exchange and Review Investigate the means by which datasets and documentation are exchanged as well as the formal processes by which they perform assessments and reviews. ▪ Process/Policy Review Request copies of their security policies, processes/procedures, and documentation of incidents and responses for review. ▪ Third-Party Audit Having an independent third-party auditor SECURITY GOVERNANCE PRINCIPLES Security governance is the collection of practices related to supporting, defining, and directing the security efforts of an organization. Security governance principles are often closely related to and often twisted with corporate and IT governance. Corporate governance is “Doing the right things for the organization and doing things the right way independent of personal interests.” SECURITY GOVERNANCE PRINCIPLES Credibility, Transparency, and Accountability are important concepts in establishing effective governance Credibility: is the quality of being trustworthy or believable. Transparency: is clarity and openness in actions Accountability: being responsible for your actions and able to provide sound reasoning for actions. Accountability vs. Responsibility EVALUATE AND APPLY SECURITY GOVERNANCE PRINCIPLES Many organizations expand and adapt to deal with a global market, So, governance issues become more complex. This is especially problematic when laws in different countries differ or conflict. The organization needs a direction, guidance, and tools to provide sufficient oversight and management to address threats and risks with a focus on eliminating downtime and EVALUATE AND APPLY SECURITY GOVERNANCE PRINCIPLES Security is not and should not be treated as an IT issue only. It is no longer just something the IT staff can handle on their own. Security is a business operations issue. Security is an organizational process Security governance is commonly managed by a governance committee or at least a board of directors whose primary task is to oversee and guide the actions of security and operations for an organization. Security frameworks and governance guidelines include NIST 800-53 or 800-100. NIST guidance is focused on government and military use. It can be used by other types of organization as well. ALIGNMENT OF SECURITY FUNCTION TO BUSINESS STRATEGY, GOALS, MISSION, AND OBJECTIVES ALIGNMENT OF SECURITY FUNCTION ▪ Security management planning ensures proper creation, implementation, and enforcement of a security policy. ▪ Security management planning aligns the security functions to the strategy, goals, mission, and objectives of the organization. ▪ One of the most effective ways to tackle security management planning is to use A TOP-DOWN APPROACH ▪ Upper, or senior, management is responsible for initiating and defining policies for the organization. ▪ Security policies provide direction for all levels of the organization’s hierarchy. THE INFORMATION SECURITY (INFOSEC) TEAM ▪ The team or department responsible for security within an organization should be autonomous. ▪ Chief information security officer (CISO) – the leader of Cybersecurity team, must report directly to senior management. The security management plan include ❑ defining security roles; ❑ prescribing how security will be managed, ❑ who will be responsible for security. ❑ how security will be tested for effectiveness; ❑ developing security policies; ❑ performing risk analysis; and ❑ requiring security education for employees. ▪ These efforts are guided through the development of management plans. DEVELOPING AND IMPLEMENTING A SECURITY POLICY ▪ A security management planning team should develop three types of plans DEVELOPING AND IMPLEMENTING A SECURITY POLICY ▪ A security management planning team should develop three types of plans DEVELOPING AND IMPLEMENTING A SECURITY POLICY STRATEGIC PLAN ▪ It is a long-term plan that is fairly stable. ▪ It defines the organization’s security purpose. ▪ It helps to understand security function and align it to the goals, mission, and objectives of the organization. ▪ It’s useful for about five years if it is maintained and updated annually. ▪ The strategic plan also serves as the planning horizon. ▪ A strategic plan should include a risk assessment. ▪ Security documentation should be concrete, well defined, and clearly stated. DEVELOPING AND IMPLEMENTING A SECURITY POLICY TACTICAL PLAN ▪ It is a midterm plan developed to provide more details on accomplishing the goals set forth in the strategic plan or can be crafted ad hoc based upon unpredicted events. ▪ It is typically useful for about a year and often prescribes and schedules the tasks necessary to accomplish organizational goals. ▪ There are: project plans, acquisition plans, hiring plans, budget plans, maintenance plans, support plans, and system development plans. DEVELOPING AND IMPLEMENTING A SECURITY POLICY OPERATIONAL PLAN ▪ It is a short-term, highly detailed plan based on the strategic and tactical plans. ▪ Operational plans must be updated often (such as monthly or quarterly) to retain compliance with tactical plans. ▪ Operational plans explains how to accomplish the various goals of the organization: resource allotments, budgetary requirements, staffing assignments, scheduling, and step-by- step or implementation procedures. ▪ Operational plans include details on how the implementation processes are in compliance with the organization’s security policy. EXAMPLE ▪ Strategic: ▪ Reach 100% of educated users in 2025 ▪ Tactical: ▪ Ensure 30% of users receive a proper training and awareness by end of 2021. ▪ Operational: ▪ Contract with X company to design the training program (2 months) ▪ Conduct the training in small official classes according to the user's preferences. ( 7 month) ▪ Conduct exam to ensure all the trainees digest the info. (1 month) ▪ Initiate a mock attacks to those who attended the exam to ensure they apply what they learned (1 month) ▪ Finalize and report (1 month)

Lecture 3: Threat Modeling Concepts and Methodologies PDF

Document Details

Tags

Related

Summary

Full Transcript