• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Fendley how secure is your e learning

Fendley how secure is your e learning






Total Views
Views on SlideShare
Embed Views



3 Embeds 127

http://bryanfendley.com 125
http://www.slideshare.net 1
http://www.linkedin.com 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Fendley how secure is your e learning Fendley how secure is your e learning Presentation Transcript

    • How Secure Is Your E-learning Environment?
      step by step process for developing a threat profile of your environment
    • Bryan FendleyDirector of Academic Computing University of Arkansas at Monticello
      Instructor for network security courses
      Blackboard Certified Unix Administrator, Blackboard Certified Trainer
      SANS Certifications: Penetration Testing, Incident Handling, Web Application Security, and Computer Law, Reverse Engineering Malware
    • Agenda
      Basics of Threat Modeling
      Review of Threat Modeling Processes
      Threat Modeling Tools
    • What’s the Big Deal?
      Majority of hacker attacks occur on web applications
      E-learning lives on the web
    • Top Ten Web Vulnerabilities
      Cross-Site Scripting (XSS)
      Broken Authentication and Session Management
      Insecure Direct Object References
      Cross-Site Request Forgery (CSRF)
      Security Misconfiguration
      Insecure Cryptographic Storage
      Failure to Restrict URL Access
      Insufficient Transport Layer Protection
      Invalidated Redirects and Forwards
    • Why would anyone even want to hack a CMS?
      Accidental discovery
      Automated malware
      The Curious attacker
      Script Kiddies
      The Motivated Attacker
      Organized Crime
    • Advantages of Threat Modeling
      Understand application architecture
      Identify what needs to be protected
      Identify vulnerabilities associated with each part of your system
      Develop mitigation strategies
    • Basics of Threat Modeling
    • Basic Steps that most Threat Models have in common
      Gather Information
      Decompose App
      Data Flow Diagrams
      Identify Risk
      Use Cases
      Attack Trees
    • Gather Information
      Ask questions
      Learn how your system is being is used
      It’s what you don’t know that can hurt you
    • Decompose App
      List and describe system components
      Presentation Layer
      Business Logic
    • DFDs
      Data flow diagrams (DFDs) examine flow from process view
      A data-flow diagram (DFD) is a graphical representation of the "flow" of data through an information system.
    • Determine Risk
      Determine major data types and corresponding classification
      Classification based on business risk, will vary by organization
    • Use Cases
      Using threat modeling systemically define attack vectors and threat risk for each use case
      Generally time is limited so you’ll need to limit your analysis to those use cases with the most sensitive data
    • Determining Risk
      This is where application security-specific domain knowledge is required
      Risk= Likelihood x Impact
      Lots of great resources
      Open Web Application Security Project (OWASP) has a list of known attacks (http://www.owasp.org/index.php/Category:Attack)
      An even more comprehensive resource is the Common Weakness Enumeration by MITRE (http://cwe.mitre.org/). Many of these also come with likelihood
    • Review of Threat Modeling Processes
    • 6 Threat modeling processes/classification schemes
      Microsoft’s Threat Modeling Process
      STRIDE (classification scheme)
      AS/NZ 4360
      CVSS (classification scheme)
    • This will give you ideas for which approach works best for you, and to adopt the most appropriate threat modeling tools for your organization
    • Notable Threat Models
      Microsoft Threat Modeling Process
      AS/NZS 4360:2004 Risk Management
    • Microsoft Threat Modeling Process
    • 1. Identify Security Objectives
      What needs to be protected?
      Privacy and regulatory
      Microsoft Threat Modeling Process
    • 2. Application Overview
      How does your app work?
      Once the security objectives have been defined, analyze the application design to identify the components, data flows, and trust boundaries
      Microsoft Threat Modeling Process
    • 3. Decompose Application
      Once the application architecture is understood then decompose it further, to identify the features and modules with a security impact that need to be evaluated
      Microsoft Threat Modeling Process
    • 4. Identify Threats
      What are the most likely threats to your system?
      Microsoft Threat Modeling Process
    • 5. Identify Vulnerabilities
      Where are your weaknesses
      Microsoft Threat Modeling Process
    • Notable Threat Models
      Microsoft Threat Modeling Process
      AS/NZS 4360:2004 Risk Management
    • STRIDE
      Classification scheme for characterizing known threats according to the kind of exploit used
      STRIDE acronym is formed from the first letter of each of the following categories
      Spoofing Identity
      Tampering with Data
      Information Disclosure
      Denial of Service
      Elevation of Privilege
    • Spoofing Identity
      Key risk for applications with many users
      Provides single execution context at the application and database level
      Users should not be able to become or assume the attributes of any other user
    • Tampering with Data
      Users can change data, return data, and manipulate client-side validation
    • Repudiation
      Users may dispute transactions if there is insufficient auditing or recordkeeping
    • Information Disclosure
      Users are rightfully wary of submitting private details to a system
    • Denial of Service
      Application designers should be aware that their applications may be subject to a denial of service attack
    • Elevation of Privilege
      If an application provides distinct user and administrative roles, then it’s vital to ensure that the user cannot elevate their role to a higher privilege one
    • Notable threat models
      Microsoft Threat Modeling Process
      AS/NZS 4360:2004 Risk Management
    • DREAD
      Classification scheme for quantifying, comparing and prioritizing the amount of risk presented by each evaluated threat
      DREAD acronym is formed from the first letter of each category below
      Damage Potential
      Affected Users
    • Damage Potential
      If a threat exploit occurs, how much damage will be caused?
      0 =Nothing
      5 = Individual user data is compromised or affected
      10= Complete system or data destruction
    • Reproducibility
      How easy is it to reproduce the threat exploit?
      0 = Very hard or impossible
      5 = One or two steps required
      10 = Just a web browser and the address bar is sufficient
    • Exploitability
      What is needed to exploit this threat?
      0 = Advanced programming and networking knowledge, with custom or advanced attack tools
      5 = Malware exists on the Internet, or an exploit is easily performed
      10 = Just a web browser
    • Affected Users
      How many users will be affected?
      0 = None
      5 = Some users, but not all
      10 = All users
    • Discoverability
      How easy is it to discover this threat?
      0 = Very hard to impossible
      5 = Can figure it out by guessing or monitoring network traces
      9 = Details of faults like this are already in public domain and can be discovered by a search engine
      10 = The information is visible in the web browser address bar or in a form
    • Notable Threat Models
      Microsoft Threat Modeling Process
      AS/NZS 4360:2004 Risk Management
    • Trike
      Identifies areas of importance with assistance from system stakeholders
      (use of automated tools to test results)
      Empower stakeholders to understand and reduce the risks to them and other stakeholders
      Works from a defensive perspective not from the hackers
    • Notable Threat Models
      Microsoft Threat Modeling Process
      AS/NZS 4360:2004 Risk Management
    • AS/NZS 4360:2004 Risk Management
      Australian/New Zealand Standard is the world’s first formal standard for documenting and managing risk
      Does not lock organizations into a particular risk management methodology
    • Five steps of the AS/NZS 4360 process are:
      Establish Context
      Identify the Risks
      Analyze the Risks
      Evaluate the Risks
      Treat the Risks
    • Advantages of AS/NZS 4360
      Works well for organizations that prefer to manage risks in a traditional way, such as just using likelihood and consequences to determine an overall risk
      Works best for business or systematic risks than for technical risks
    • OCTAVE
      The Operationally Critical Threat, Asset and Vulnerability Evaluation
    • OCTAVE
      OCTAVE is a process, not a technology one can purchase.
      OCTAVE requires a cross-functional analysis team to lead the process (executives, managers, workers and IT).
      OCTAVE was developed thru coordination between CERT and Carnegie Mellon Software Engineering Institute.
      OCTAVE is self-directed, flexible and focuses on balancing risk with productivity thru tactical operations, strategic direction and technology.
    • Clearly Define An Asset
      IT personnel may be aware that a large Oracle database is housing student records, but may have no idea what version of Solaris is installed on the server or what version of Oracle is active.
    • Multi-Perspective
      OCTAVE recommends that from a network point of view, each asset is analyzed from multiple perspectives-including from within the network and from outside the network.
      Inspection of an asset from many perspectives ensures that different levels of vulnerability risks are discovered.
    • Scope
      Attempting to manage any security analysis for an entire network presents an unwieldy challenge.
      OCTAVE suggests that an analysis should be scoped according to the parameters set forth by the analysis team.
    • Reference Public Catalogs
      OCTAVE suggests benchmarking a threat against a common directory such as CVE or lists such as BugTraq or the SANS Top 20.
      The OCTAVE process suggests benchmarking against public catalogs of references such as CVE and SANS.
      By utilizing the internal vulnerability databases of these tools, OCTAVE analysts are automatically given the cross-reference information linking to public security catalogs.
    • Design, Implementation and Configuration Vulnerabilities
      Design Vulnerability
      Implementation Vulnerability
      Configuration Vulnerability
    • Limitations of OCTAVE
      Large and complex
      Does not provide a list of “out of the box” practices for assessing and mitigating web application security risks
      But it does come with workbooks!
    • CVSS
      Common Vulnerability Scoring System
      The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities.
      Common Vulnerability Scoring System Version 2 Calculator
    • Threat Modeling Tools
    • Tools
      Microsoft Threat Analysis and Modeling free tool is best bet
      Search for this at msdn.microsoft.com
       Alternative open-source Risk Management tools
      OSMRMARCOCORAS Risk Assessment PlatformISO 17799 Risk Assessment ToolkitEasy Threat Risk AssessmentARMSMinacciaThreatMindOpen Source Requirements Management Tool
    • Applied Threat Modeling Conclusion
      Lots of people talk about threat modeling, few people do it
      Why? It is very time consuming and cumbersome
      ways to reduce workload:
      Keep threat pattern libraries for specific application types
      Concentrate on only highly sensitive data types
      Prioritize attack trees
      Once a threat model has been created it is a living document
    • OWASPThe Open Web Application Security Project
      Where to learn more
    • Too learn more about web vulnerabilities try WebGoat
    • Final Message
      Pick a Method that Works for You
      Make the Effort to do a Formal Vulnerability Assessment!