Week 8 - Threat Modelling Flashcards
What is threat Modelling?
A systematic and structured
approach to determining the
threat landscape for a given
context
Why is threat modelling important?
helps to identify potential threats, assess their impact, and implement mitigation techniques
What four questions does threat modelling help to answer?
1) What are we building? - explain and explore
2) What can go wrong? - Brainstorm threats (STRIDE, cyber kill chains)
3) What will we do about it? - prioritize and fix
4) How did we do (reflection)? -
What is STRIDE?
A framework for identifying common types of attacks
What does STRIDE stand for?
-Spoofing
- Tampering
- Repudiation
- Information
- Disclosure
- Denial of Service
- Elevation of privilege
What is “Spoofing”?
it is about authentication and occurs when an attacker pretends to be as someone else
e.g
Phishing emails or websites.
What is “Tampering”?
it is about integrity and involves unauthorized modification of data.
e.g
Unauthorized modification of a salary in an HR database.
What is Repudiation?
the rejection of responsibility for an action
e.g
Claiming an email wasn’t sent by the owner of the address.
What is Information Disclosure?
it is about confidentiality and involves
unauthorized release of confidential information.
e.g
Password leaks.
What is Denial of Service?
it is about availability and occurs when legitimate users cannot access a service due to attacks like request floods.
e.g
HTTP floods to take down a website.
What is Escalation of Privilege?
it is about authorisation and occurs when an individual gains unauthorized elevated privileges.
e.g
A user with read-only permissions for a document being able to write to it.
How can devs apply STRIDE?
- assess how these threats might apply to the system
- record details of threats as you progress
- record any assumptions
Mitigation techniques for STRIDE
- Spoofing - Authentication (MFauth)
- Tampering - Data protection (encryption)
- Repudiation - Non-repudiation (digital signatures)
- Information disclosure - Confidentiality (encryption/ hashes)
- Denial of Service - Availability (firewalls)
- Elevation of privileges - Authorisation (appropriate authorization mechanisms)
What is a limitation of the STRIDE framework?
may not cover novel or day-to-day vulnerabilities
and
attacks that occur in large-scale campaigns.
What is a Cyber Kill Chain?
A framework to identify and prevent cyber intrusions
designed with APT in mind
What are the cyber kill chain stages?
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command and control
- actions on objective
What is Reconnaissance?
Identifying information about the system and its security
What is Weaponisation?
attackers create malware or other exploit tools to take advantage of the vulnerabilities identified
What is Delivery?
sending the weaponized malware to the target through methods like phishing emails, social engineering, open ports, or SQL injection.
What is Exploitation?
attacker executes the malicious code to gain unauthorized access.
What is installation?
attacker installs additional malware in the system
What is command and control?
attacker establishes remote access to the target system, often through a backdoor or remote access Trojan,
What is Actions on Objectives?
attacker achieves their goal, such as stealing data,
How can the Cyber Kill Chain be used in defense?
an be used to identify and prevent attacks by monitoring each stage
What are the five (Ds) actions to break the Cyber Kill Chain?
- Detect (identify the attack)
- Deny (prevent unauthorized access),
- Disrupt (interrupt attacker’s communications or data flow)
- Degrade (slow down the attack),
- Deceive (mislead the attacker with false information).
What are some methods used to break the Cyber Kill Chain?
- intrusion detection and prevention systems
- firewalls
- strong authentication and authorization protocols
- encryption
- employee training to mitigate phishing attacks.
