Threat_Modeling.pdf

Transcript

1. THREAT MODELING By Tracy Magoma

2. WHOAMI Senior Officer, Cybersecurity Assurance at Safaricom PLC Volunteer –

   ISACA Kenya Chapter, SheHacksKE CTF Player Nature lover Foodie Books

3. TOPICS TO BE COVERED 1. Threat, Vulnerability and Risk 2.

   The Software Development Life Cycle 3. Introduction to Threat Modeling 4. Threat Modeling Process 5. Threat Modeling Methodologies 6. Sample Threat Model

4. THREAT, VULNERABILITY AND RISK A threat is anything that has

   the potential to cause harm to an asset (something valuable), such as data, systems, or people. A vulnerability is a weakness or flaw in a system or its defenses that could be exploited by a threat to cause harm. Risk is the likelihood or possibility that a threat will exploit a vulnerability, leading to a negative impact or consequence.

5. THE SOFTWARE DEVELOPMENT LIFE CYCLE Threat modeling happens here!

6. INTRODUCTION TO THREAT MODELING What is threat modeling? • It

   is a systematic approach of identifying, prioritizing, and addressing potential security threats and vulnerabilities to a system Why should we do a threat model? • Understand what threats and vulnerabilities to guard against for various system touchpoints and the mitigation controls to be explored • Develop proactive security measures • It is an integral part of a Secure SDLC

7. INTRODUCTION TO THREAT MODELING Who should build a threat model?

   • All the project stakeholders e.g., cybersecurity, architects, developers, product owner etc. When should a threat model be created? • It is advisable to conduct a threat model during the design stage of a project Where should a threat model live? • Threat models should be put with other project documentation in a well-known location. • If there are any architecture changes being made, threat models should be updated accordingly in line with product versions

8. THREAT MODELING PROCESS 1. Asset Identification Document the different components

   that make up your system Identify the importance of each asset based on the information it handles, such as customer data, financial information etc. 2. Identify Threats Figure out the various ways in which your assets can be compromised and who the potential attackers are. 3. Analyze Vulnerabilities and Prioritize Risks Analyze the vulnerabilities based on the potential impact of identified threats in conjunction with assessing the existing security controls Risk = Probability x Impact

9. THREAT MODELING PROCESS 4. Mitigate Recommend the security controls to

   address the identified risks, such as implementing access controls, applying system updates 5. Validate Ensure that all threats have been mitigated and check if all vulnerabilities have been addressed

10. THREAT MODELING METHODOLOGIES 1. STRIDE 2. Trike 3. Vast (Visual,

    agile, and simple threat) 4. Attack trees 5. CVSS (Common vulnerability scoring system) 6. PASTA (Process for Attack Simulation and Threat Analysis)

11. THREAT MODELING METHODOLOGIES Threat Threat Definition Property Violated S Spoofing

    Identity Pretending to be something or someone other than yourself Authentication T Tampering Unauthorized modification or manipulation of data Integrity R Repudiation Ability to deny having acted, typically due to insufficient auditing or logging Non-repudiation I Information Disclosure Unauthorized access to sensitive information, such as personal or financial data Confidentiality D Denial of Service Disruption of the system's availability, preventing legitimate users from accessing it Availability E Elevation of Privilege Unauthorized elevation of access privileges, allowing threat actors to perform unintended actions Authorization

12. SAMPLE THREAT MODEL

13. SAMPLE THREAT MODEL Threat Severity Mitigation T1: Use of vulnerable

    components High Regularly check for updates and stay up to date with the latest versions of components T2: Brute forcing attacks High Ensure MFA is enabled and enforce strong password policies T3: Unrestricted resource consumption High Limit how often a single API client/user can execute a single operation within a defined timeframe T4: Excessive/Sensitive data in the responses High Ensure that the API responses return only legitimate data and do not return excessive or sensitive data T5: Missing patches High Ensure patching is done in a timely manner T6: Excessive permissions High Access should be granted on least privilege basis T7: Security misconfigurations on the Database High Ensure that the database does not have any default accounts

14. THANK YOU