Secure Architecture Flashcards
Threat Modelling
A team exercise undertaken to identify and mitigate threats. Typically planned early in the lifecycle. Steps:
1. Identify Security Objectives: Legal, compliance requirements.
2. System Decomposition: Data Flow diagrams (Consider data stores, function calls, trust boundaries [VMs, user privileges, networks]).
3. Threat Identification: DFD creation may identify threats. STRIDE is another way.
4. Threat Mitigation: Strategies - Re-design to mitigate (most preferred), apply std mitigation, invent a new mitigation (costly and time consuming), accept and ignore. Use Attack Tree model.
Threat Modeling - STRIDE for threat identification.
Spoofing (Authentication),
Tampering (Integrity),
Repudiation (non-Repudiation),
Information Disclosure (Confidentiality),
Denial of Service ( Availability),
Escalation of privilege (Authorization).
Threat Modeling - Threat Mitigation - Attack tree
An attack tree is a graphical representation of an attack, beginning with the attack objective as the root node. From this node, a hierarchical tree-like structure of necessary conditions is listed.
Threat Modeling - Threat Mitigation - Assessing Priority-How?
- Multiply probability with Risk/loss.
- DREAD - Damage Potential, Reproducibility, Exploitability, Affected Users and Discoverability. Assign 0 to 5 for each, sum and divide by 5 to arrive at a score from 0 to 10.
Attack Surface Evaluation and minimization
Determined by all the features implemented. Measured by Attack Surface Quotient (ASQ). Disabling unused features, minimizing privileges, env hardening helps. Evaluation happens as the product is updated, typically undertaken during Design phase to avoid rework later.
Threat Intelligence
Threat intelligence is the actionable information about malicious actors, their tools, infrastructure, and methods.
Threat Hunting
An iterative process of proactively searching out threats inside the network, typically by forming hypothesis and testing them. E.g. “an adversary is using stolen credentials to mimic authorized users during nonworking hours.”. Verify logs to check if this true.
Security Controls
Classes: Administrative, Technical and Physical
For each Class 4 Types: Preventive, Detective, Corrective, Compensating
NIST Special Publication 800-145
The NIST Definition of Cloud Computing
Trusted Platform Module (TPM)
A chip exists on motherboard, includes a unique RSA key burned into it, which is used for asymmetric encryption. Additionally, it can generate, store, and protect other keys used in the encryption and decryption process.
Hardware Security Module
Typically attached via USB or network connections used to manage and store cryptographic keys.
OCTAVE model
Operational Critical Threat, Asset and Vulnerability Evaluation
PASTA
Process for Attack simulation and Threat Analysis
NIST SP 800 30
Has a list of threats in its appendices
