Week 9 - Cyber Risk Assessment and Threat Modelling Flashcards

Learn about how organisations assess threats and their risks to the systems and defend against these threats.

1
Q

What is threat modeling?

A

The structured process of determining the threat landscape for a given context. This context could be an application, a system etc..

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a threat landscape?

A

The possible range of attacks that can be present within a context.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why is the threat modelling approach better than the ad hoc approach?

A

Threat modelling is a lot more structured, and ad hoc is more likely to miss particular threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 4 parts of the process of threat modelling?

A

Diagram - what are we building?
Identify threats - what can go wrong?
Mitigate - what will we do about it?
Validate - how did we do?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What might you do during the Diagram step of threat modelling?

A

Exploring a system, understanding it and explaining it and it’s functionality. You might make diagrams of the system, like class diagrmad or data flow diagrams.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What do you do during the identify threats step of threat modelling?

A

You brainstorm the the type of potential threats that might target your system and it vulnerabilities. You might use a framework to structure discussions about threats around, Frameworks like Stride, Cyber Kill Chains, Attack trees etc..

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What do you do during the mitigate step of threat modelling?

A

Consider the mitigation techniques that you could implement to prevent the treats, and priorotize and implement them into the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What happens during the validation step of threat modelling?

A

You reflect and review the fixes deployed in the mitigation step and evulate their effectiveness. You might revise these mitigations and add new ones if they are not working as well as intended.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the STRIDE framework do?

A

It helps developers determine common types of potential attacks for their system. These common threats can be found in the words of the acronym STRIDE.
It is a proactive process of determining potential attacks and does not help analyse attacks that have happened.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does STRIDE stand for?

A
Spoofing
Tampering
Repudiation
Information disclosure 
Denial of service
Elevation or escalation of privilege
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define Spoofing in terms of STRIDE e.g. Name the treat, property, definition and an example.

A

Threat - Spoofing
Property - Authentication
Definition - Masquerading as something or someone else
Example - Phishing website or email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the data we look at for a given threat using STRIDE?

A

The threat, the property it affects, the definition of the threat, and an example of the threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define Tampering in terms of STRIDE e.g. Name the treat, property, definition and an example.

A

Threat - Tampering
Property - Integrity
Definition - Unauthorised modification of data
Example - Unauthorised modification of salary in a database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define Repudiation in terms of STRIDE e.g. Name the treat, property, definition and an example.

A

Threat - Repudiation
Property - Non-Repudiation
Definition - Refusal to accept responsibility for an action
Example - An individual claiming that an email sent from their address was not sent by them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define Information Disclosure in terms of STRIDE e.g. Name the treat, property, definition and an example.

A

Threat - Information Disclosure
Property - Confidentiality
Definition - Exposure of confidential information to unauthorised parties
Example - Password leaks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define Denial of Service in terms of STRIDE e.g. Name the treat, property, definition and an example.

A

Threat - Denial of Service
Property - Availability
Definition - Service unavailable to legitimate users when it should be available
Example - Service request floods such as on HTTPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Define Escalation of Privilege in terms of STRIDE e.g. Name the treat, property, definition and an example.

A

Threat - Escalation of Privilege
Property - Authorisation
Definition - Individual or process capable of actions they do not have authorisation for
Example - User with read only permissions escalates to write capability

18
Q

How do you apply STRIDE to systems?

A

Consider the potential attacks under each element of the STRIDE model in terms of a system e.g. Could an attacker Spoof this part of the system, are Denial of service attacks possible on this system server etc..

Record any details of threats as you progress.

Record any assumptions.

19
Q

How might you mitigate Repudiation?

A

Ensure Non-Repudiation protocol that provide assurance that an individual cannot deny responsibility for an action through authentication and digital signatures.

20
Q

How should you mitigate Spoofing?

A

Ensure appropriate authentication.

21
Q

How should you mitigate Tampering?

A

Ensure secure data protection and security policies for integrity of data.

22
Q

How might you mitigate Information Disclosure?

A

Ensure confidentiality of data using methods such as data encryption or cryptographic hashes or perhaps air gapped machines that aren’t connected to the network.

23
Q

How might you mitigate a Denial of Service attack?

A

Ensuring availability of servers using things like Firewalls, and intrusion detection systems that can prevent DoSs from happening.

24
Q

How could you mitigate an escalation of privilege?

A

Ensure appropriate authorisation mechanisms for services and data.

25
Q

What are the advantages of STRIDE?

A

Helps identify common vulnerabilitiesbin systems and processes.

Provides an easy to follow framework to consider possible threats.

26
Q

What are the disadvantages of STRIDE?

A

It is not fully comprehensive itself, the user must go into detail about potential threats themselves.

Only a proactive approach, does not find attacks that have happened or are currently happening.

Only ulincludes the most common attacks, so more novel attacks like Zero Day vulnerabilities may not be considered.

27
Q

What is a Cyber Kill Chain?

A

A sequence of steps required for an attacker to successfully infiltrate a given system
It is also known as the Cyber Instrusion Chain.

28
Q

What are the stages of a Cyber Kill Chain?

A
Reconnaissance
Weaponisation
Delivery
Exploitation
Installation
Comman and Control
Actions on Objective
29
Q

What happens during the reconnaissance stage of the CKC?

A

Reconnaissance is when the attacker tries to gather information about their target. It can either be active or reactive.

Active reconnaissance means that recon is likely to leave a trace that can be used to identify that recon happened. For example, the attackers leaving a digital footprint in a system that they’re are exploring, or speaking to specific individuals for more info on the system that could then identify them.

Passive reconnaissance is recon that includes looking at information already readily available and wouldn’t raise suspicious. For example, looking at data available to the public.

30
Q

Can the Cyber Kill Chain help during security? Why?

A

Yes.
Security teams can use the Cyber Kill Chain model to help identify potential APTs and treats against a system by looking at the steps of the CKC to see vulnerabilities in their security.

31
Q

What happens during the Weaponisation stage of CKC?

A

When the attacker takes the recon gathered from the recon stage to create a piece of malware or devise a malicious incident (DoS) to exploit any vulnerabilities found.

32
Q

What happens during the Delivery stage of CKC?

A

When you take the malware and attempt to delivery it and put it into the target system. This can range from disguising it as a trogan, to using a phishing email, sending it through open insecure ports, using SQL injection etc.

33
Q

What happens during the Exploitation stage of the CKC?

A

This is when the malware or malicious attack is executed on the target system.

34
Q

What happens during the Installation stage of CKC?

A

When the attacker expands through the system, spreading the malware or installing further malware. It increases the attackers foothold in the system.

35
Q

What happens during the Command and Control stage of a CKC?,

A

When the attacker sets up a an easy way in out and out the system by bypassing security with their installed malware. They also set up a feed of information or assets that will go back to the attacker.

36
Q

What happens during the Actions on Objectives in a CKC?

A

These are the final steps that the attacker takes after gaining the information and assets from the system. For example, this could be selling information on the black market or using the information to gain understanding on the targets intellectual properties etc..

37
Q

How can a organisation use the CKC model to identify ataccks that have already happened or are going to happen?

A

They look out for obvious signs of any of the Cyber Kill Chain steps, like phishing emails for delivery or suspicious packets during command and control. If these are noticed organisations can take preventive measures to stop ongoing attacks.

38
Q

What are the steps an organisation can take when they find a Cyber Kill Chain happening?

A

Detect - identifying whether an attacker is in the process of an attack
Deny - preventing disclosure of information and unauthorised access
Disrupt - stop or change outbound traffic going to the attacker
Degrade - provide counterattacks (E.g. Throttling the bandwidth)
Deceive - sending misinformation back to the attacker

39
Q

What can an organisation use to break or prevent CKCs?

A
Intrusion detection and prevention systems
Firewalls
Proper authentication and authorisation
Encryption
Security training for staff
40
Q

What are disadvantages of using the CKC to help with security?

A

It doesn’t consider insider threats.

Attackers are getting through the first couple of stages of CKC very fast so it’s harder to detect attacks in the Inital stages.