Threat modeling is a procedure for optimizing network security by identifying vulnerabilities, identifying their risks, and defining countermeasures to prevent or mitigate the effects of the threats to the system. It addresses the top threats that have the greatest potential impact to an organization.
Threat modeling is an iterative process; it should be started when designing a system or solution and should be performed throughout the system or solution lifecycle. The reason for multiple passes is that it is impossible to identify all of the possible threats in a single pass. In addition, the infrastructure, system, or solution is always changing, and new threats are found.
The steps to perform threat modeling are:
Identify assets. Identify the valuable assets that the systems must protect.
Create an architecture overview. Gather simple diagrams and related information that show how the systems are connected, both physically and logically. Documentation should include a system, trust boundaries, and data flow.
Decompose the security components and applications. Break down the architecture of the systems and application, including the underlying network and host infrastructure design, security profiles, implementation, as well as the deployment configuration of the systems and applications.
Identify the threats. By examining the current architecture, system, applications, and potential vulnerabilities, identify the threats that could affect the systems and applications.
Document the threats. Document each threat using a common threat template that shows the attributes of each threat.
Rate the threats. Prioritize and address the most significant threats first. The rating process weighs the probability of the threat against the damage that could result should an attack occur. Certain threats might not warrant any action when comparing the risk posed by the threat with the resulting mitigation costs.
One easy way to calculate a total risk score is to assign numeric values to the likelihood and impact. For example, rank likelihood and impact on a scale from 1 to 5, where 1 equals low likelihood or low probability, and 5 equals high likelihood or high impact. Then, multiply the likelihood and impact together to generate a total risk score. Sorting from high to low provides an easy method to initially prioritize the risks. Next, review the specific risks to determine the final order in which to address them. At this point, external factors, such as cost or available resources, might affect the priorities.
STRIDE is an acronym for a threat modeling system that originated at Microsoft.
STRIDE is also a mnemonic tool for security threats; it consists of six different categories, as shown in Table 1.1.
TabLe 1.1 STRIDE acronym
Element of STRIDE
That Can Reduce
Something or someone that pretends to be something that they are not. For example, an attacker could masquerade as a legitimate user or an email can be sent under another domain name or email address.
Attackers modify or interfere with legitimate data.
The user denies performing a certain action, which could be illegal and harmful.
A data breach and access to private information occurs, and too much information about a system and its data is
A service is brought down intentionally or unintentionally resulting in disruptions of applications or services.
|Elevation of Privilege||A user gains privilege access greater than that for which he was approved, potentially accessing restricted data or performing restricted tasks.||Authorization|
Use DREAD to measure and rank the threats risk level:
Damage Potential How much damage can be inflicted on our system?
Reproducibility Can the attack be reproduced easily?
Exploitability How much effort and experience are necessary?
Affected users If the attack occurs, how many users will be affected?
Discoverability Can the threat be easily discovered?
Rank the threat level on a scale of 0 through 3 or 0 through 10, where the larger the number indicates the greater the threat.
In my blog, you learned:
- Before starting to secure an environment, a fundamental understanding of the standard concepts of security is needed.
- CIA (an acronym for Confidentiality, Integrity, and Availability) refers to the core goals of an information security program.
- Confidentiality deals with keeping information, networks, and systems secure from unauthorized access.
- One of the goals of a successful information security program is to ensure integrity or that the information is protected against any unauthorized or accidental changes.
- Availability is defined as a characteristic of a resource being accessible to a user, application, or computer system when required.
- Threat and risk management is the process of identifying, assessing, and prioritizing threats and risks.
- A risk is generally defined as the probability that an event will occur.
- After prioritizing risks, there are four generally accepted responses to these risks:
- Avoidance, Acceptance, Mitigation, and Transfer.
- The Principle of Least Privilege is a security discipline that requires that a user, system, or application be given no more privilege than necessary to perform its function or job.
- An attack surface consists of the set of methods and avenues an attacker can use to enter a system and potentially cause damage. The larger the attack surface of an environment, the greater the risk of a successful attack.
- The key to thwarting a social engineering attack is through employee awareness. If employees know what to look out for, an attacker will find little success.
- Physical security uses a defense-in-depth or a layered security approach that controls who can physically access resources of an organization.
- Physical premises can be divided into three logical areas: the external perimeter, the internal perimeter, and secure areas.
- Computer security consists of the processes, procedures, policies, and technologies used to protect computer systems.
- Mobile devices and mobile storage devices are one of the largest challenges facing many security professionals today, because of their size and portability.
- A keylogger is a physical or logical device used to capture keystrokes.
- Threat modeling is a procedure for optimizing network security by identifying vulnerabilities, identifying their risks, and defining countermeasures to prevent or mitigate the effects of the threats to the system.