01 Dive In and Threat Model Flashcards
Why do we threat model?
Threat modeling is about using models to find security problems. Using a model means abstracting away a lot of details to provide a look at a bigger picture, rather than the code itself.
You model because it enables you to find issues in things you haven’t built yet, and because it enables you to catch a problem before it starts. Lastly, you threat model as a way to anticipate the threats that could affect you.
What are the four key questions to threat model?
Four key questions are:
1. What are you building?
2. What can go wrong?
3. What should you do about the things that can go wrong?
4. Did you do a decent job of analysis?
What are the four activities of threat modeling?
- Building a diagram
- Finding threats
- Addressing them
- Checking your work
Which is the most important diagram in threat modeling?
Data flow diagram
How can you improve a diagram?
A simple way to improve the diagram is to add boundaries. Adding boundaries shows who controls what.
These boundaries are called trust boundaries. You should draw boundaries wherever different people control different things.
What are some examples of trust boundaries?
- Account (UIDs on unix system, or SIDS on windows)
- Network interfaces
- Different physical computers
- Virtual machines
- Organizational boundaries
- Almost anywhere you can argue for different privileges
What is an attack surface?
An attack surface is a trust boundary and a direction from which an attacker could launch an attack.
What is the purpose of labeling your diagram?
As the diagram gets larger and more complex, it becomes easy to miss a part of it, or to become confused by labels on the data flows. Therefore, it can be very helpful to number each process, data flow, and data store in the diagram.
What does STRIDE stand for?
STRIDE stands for:
Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege
What is Spoofing?
Spoofing is pretending to be something or someone you’re not.
What is Tampering?
Tampering is modifying something you’re not supposed to modify. It can include packets on the wire/wireless, bits on disk, or the bits in memory.
What is Repudiation?
Repudiation means claiming you didn’t so something (regardless of whether you did or not).
What is Information Disclosure?
Information Disclosure is about exposing information to people who are not authorized to see it.
What is Denial of Service?
Denial of Service are attacks designed to prevent a system from providing service, including by crashing it, making it unusably slow, or filling all its storage.
What is Elevation of Privilege?
Elevation of Privilege is when a program or user is technically able to do things that they’re not supposed to do.
What are a few tips to keep in mind that helps in identifying threats?
- Start with external entities.
- Never ignore a threat because it’s not what you’re looking for right now.
- Focus on feasible threats.
What are the four actions you can take against each threat?
- Mitigate it
- Eliminate it
- Transfer it
- Accept it
What is mitigating threats?
Mitigating threats is about doing things to make it harder to take advantage of a threat.
What is eliminating threats?
Eliminating threats is almost always achieved by eliminating features.
What is transferring threats?
Transferring threats is about letting someone or something else handle the risk.
What is accepting the risk?
Accepting the risk is the final approach to addressing threats.
What are the mitigation strategy and technique for addressing “spoofing of a person”?
Mitigation strategy:
* Identification and authentication (usernames and something you know/have/are)
Mitigation technique:
* Username, real names, or other identifiers (Password, tokens, biometrics)
* Enrollment/maintenance expiry
What are the mitigation strategy and technique for addressing “spoofing a file on disk”?
Mitigation strategy:
* Leverage the OS
Mitigation technique:
* Full paths, Checking ACLs, Ensuring that pipes are created properly
—
Mitigation strategy:
* Cryptographic authenticators
Mitigation technique:
* Digital signatures or authenticators
What are the mitigation strategy and technique for addressing “spoofing a network address”?
Mitigation strategy:
* Cryptographic
Mitigation technique:
* DNSSEC, HTTPS/SSL, IPSec
What are the mitigation strategy and technique for addressing “spoofing a program in memory”?
Mitigation strategy:
* Leverage the OS
Mitigation technique:
* Many modern operating systems have some form of application identifier that the OS will enforce
