Threat Modeling + Security Mindset

Question 1

Slammer Worm: What is it? When did it happen? Impact?

Answer 1

Computer worm in 2003 that caused denial of service. (Slowed internet traffic around the world within 10 min). It took advantage of a vulnerability/bug from Microsoft SQL Server using a buffer overflow. Mainly for bragging rights.

Question 2

How have the motivations for cybercrime evolved (3 main areas)? What are some examples?

Answer 2

1990s-Early 200s: Bragging rights
Mid 2000s- Today: financially motivated (credit card theft, phishing, identity theft)
2010s: Politically motivated (like espionage, censorship, surveillance, hacktivism)

Question 3

What are the 6 properties we want for security (listed)? (CIAx4)

Answer 3

Confidentiality, Integrity, Availability, Authorization, Authentication, Accountability

Question 4

Security Property: Confidentiality

Answer 4

Ensuring that sensitive information is kept** private**

Question 5

Security Property: Integrity

Answer 5

Ensuring that information has not been tampered with or secretly modified

Question 6

Security Property: Availability

Answer 6

Information is readily accessible when we need it

Question 7

Security Property: Authorization

Answer 7

The correct, authorized entities are accessing the information

Question 8

Security Property: Authentication

Answer 8

Ensuring that information is correct and genuine

Question 10

Security Property: Accountability

Answer 10

We are responsible for past actions

Question 11

What the steps of threat modeling? (5 steps)

Answer 11

Step 1: Define assets to protect
Step 2: Come up with security policies
Step 3: Diagram of the System
Step 4: Adversary Modeling (scope out capabilities of what attackers are going to be doing)
Step 5: Threat Modeling (STRIDE, attack trees)

Question 12

In the context of threat modeling, what are assets?

Answer 12

The stuff we are aiming to protect: information/data, software, hardware, communciation services, etc

Question 13

Threat Modeling: Policies

Answer 13

Common approach: 1) come up with a main functional goal 2) define security policies that will support this goal 3) can categorize these through security properties

Question 14

What does STRIDE stand for?

Answer 14

Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, Escalation of privilege

Question 16

What is Spoofing? Provide an example, and what security property (s) does it violate

Answer 16

Violates authenticity and authorization. When someone falsely impersonates something/someone else. Example: IP Address spoofing when someone modifies their IP address to bypass authentication proceedures (making it seem like they are coming from a trusted/legitimate souce)

Question 17

What is Tampering? What security property does it violate? Give an example.

Answer 17

Violates integrity. Data/code/information is unauthorizidly modified. Ex: without the correct permissions, modifying data

Question 18

What is Repudiation? What security policy does it violate? Give an example

Answer 18

Violates accountability. Denying responsibility for past actions. Ex: After modifying data, denying its modifications

Question 19

What is Information Disclosure? What Security property does it violate? Give an example

Answer 19

Violates confidentiality. The unauthorized disclosure of sensitive information. Ex: Phishing attack to get a user to click on a malicious link to reveal sensitive information (passwords, credit card number, SNN etc)

Question 20

What is Denial of Service? What security property does it violate? Give an example

Answer 20

Violates availability. Impacts availability of resources or services via malicious actions that can cause errors or consume resources. Ex: Slammer worm of 2003 was a denial of service attack that caused major lack of availability on the internet

Question 21

What is Escalation of Privilege? What security property does it violate? Give an example.

Answer 21

Violates Authentication/Authorization. When a user obtains greater privileges to resources. Ex: TOCTOU (time of check, time of use) attack. In between when the file is being checked for permissions, the attacker gains access to it before (privilege escalation) while previously they didn’t have that access