Know Your Enemy - An Introduction to Threat Modeling

279 views

Published on

A talk given at ConFoo Vancouver 2016.
Write-up to be posted at https://www.netmeister.org/blog/threat-model-101.html

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
279
On SlideShare
0
From Embeds
0
Number of Embeds
40
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Know Your Enemy - An Introduction to Threat Modeling

  1. 1. @jschauma  ConFoo  Vancouver  2016  
  2. 2. Jerry:  Well,  what  makes  them  think  you're  a  risk  management  expert?   George:  I  guess  it's  on  my  resume.   @jschauma  ConFoo  Vancouver  2016  
  3. 3. @jschauma  ConFoo  Vancouver  2016  
  4. 4. @jschauma  ConFoo  Vancouver  2016  
  5. 5. @jschauma  ConFoo  Vancouver  2016  
  6. 6. @jschauma  ConFoo  Vancouver  2016  
  7. 7. @jschauma  ConFoo  Vancouver  2016  
  8. 8. @jschauma  ConFoo  Vancouver  2016  
  9. 9. @jschauma  https://v.gd/ConFooThreatModel01ConFoo  Vancouver  2016  
  10. 10. @jschauma   Ceci n’est pas un hacker. ConFoo  Vancouver  2016  
  11. 11. @jschauma   Mais ceci oui ce sont des hackers.   dedicated,  human  adversaries   ConFoo  Vancouver  2016  
  12. 12. @jschauma  ConFoo  Vancouver  2016  
  13. 13. @jschauma  ConFoo  Vancouver  2016  
  14. 14. @jschauma  ConFoo  Vancouver  2016  
  15. 15. @jschauma  ConFoo  Vancouver  2016  
  16. 16. https://v.gd/ConFooThreatModel02 Threat Model 101 @jschauma  ConFoo  Vancouver  2016   By  James  Mickens  
  17. 17. •  idenKfy  assets   •  idenKfy  vulnerabiliKes   •  idenKfy  likely  threat  actors          (categorized  by  objecKves  &  capabiliKes)   •  idenKfy  defensive  capabiliKes   •  determine  risk  score   •  rinse  and  repeat   Threat Model 101 @jschauma  ConFoo  Vancouver  2016  
  18. 18. Figure  out  what  you  can  defend   against  whom,  eh?   @jschauma  ConFoo  Vancouver  2016  
  19. 19. Figure  out  what  you  can  defend   against  whom,  eh?   @jschauma  ConFoo  Vancouver  2016  
  20. 20. A  Concept  is  Stronger  than  a  Fact.   -­‐  Charlo)e  Perkins  Gilman   @jschauma  ConFoo  Vancouver  2016  
  21. 21. WWW Webservice WWW WWW Server WWW WWW Server @jschauma  ConFoo  Vancouver  2016  
  22. 22. WWW Webservice Different  /  separate   Threat  Models  @jschauma  ConFoo  Vancouver  2016  
  23. 23. Threat   Property   Spoofing   AuthenKcaKon   Tampering   Integrity   RepudiaKon   Non-­‐RepudiaKon   InformaKon  Disclosure   ConfidenKality   Denial  of  Service   Availability   ElevaKon  of  Privilege   AuthorizaKon   STRIDE   @jschauma  ConFoo  Vancouver  2016  
  24. 24. @jschauma  ConFoo  Vancouver  2016  
  25. 25. @jschauma  ConFoo  Vancouver  2016  
  26. 26. @jschauma  ConFoo  Vancouver  2016  
  27. 27. @jschauma  ConFoo  Vancouver  2016  
  28. 28. DREAD   Damage   How  bad  would  the  a_ack  be?   Reproducability   How  easy  to  recreate  the  a_ack?   Exploitability   How  easy  to  launch  the  a_ack?   Affected  Users   How  many  are  impacted?   Discoverability   How  easy  to  discover  for  a_acker?   @jschauma  ConFoo  Vancouver  2016  
  29. 29. DREAD+D   Damage   How  bad  would  the  a_ack  be?   Reproducability   How  easy  to  recreate  the  a_ack?   Exploitability   How  easy  to  launch  the  a_ack?   Affected  Users   How  many  are  impacted?   Discoverability   How  easy  to  discover  for  a_acker?   DetecKon   How  hard  to  detect  for  defender?   @jschauma  ConFoo  Vancouver  2016  
  30. 30. DREAD+D   @jschauma  ConFoo  Vancouver  2016   https://v.gd/ConFooThreatModel03
  31. 31. •  competing incentives •  industry espionage •  covert operations •  low risk profile •  bound by (some) rules •  married to a supercomputer Know Your Enemy https://v.gd/ConFooThreatModel04 @jschauma  ConFoo  Vancouver  2016  
  32. 32. •  low skill level •  opportunistic •  chaotic, yet predictable •  there may be more than you think •  never wears pants https://v.gd/ConFooThreatModel04 Know Your Enemy @jschauma  ConFoo  Vancouver  2016  
  33. 33. •  specific objective •  targeted attacks •  resourceful •  relentless •  only bound by gravity https://v.gd/ConFooThreatModel04 Know Your Enemy @jschauma  ConFoo  Vancouver  2016  
  34. 34. •  very powerful / resourceful •  may have privileged controls •  operates both clandestine & overt •  may utilize Wile E. Coyote, Mayor Quimby, Fat Tony https://v.gd/ConFooThreatModel04 Know Your Enemy @jschauma  ConFoo  Vancouver  2016  
  35. 35. Understanding  your  adversaries'   moKves  and  capabiliKes  is  criKcal.     @jschauma  ConFoo  Vancouver  2016  
  36. 36. https://xkcd.com/538/ @jschauma  ConFoo  Vancouver  2016  
  37. 37. Also works. https://xkcd.com/538/ @jschauma  ConFoo  Vancouver  2016  
  38. 38. @jschauma  ConFoo  Vancouver  2016  
  39. 39. @jschauma  ConFoo  Vancouver  2016  
  40. 40. @jschauma  ConFoo  Vancouver  2016  
  41. 41. @jschauma  ConFoo  Vancouver  2016  
  42. 42. @jschauma  ConFoo  Vancouver  2016  
  43. 43. @jschauma  ConFoo  Vancouver  2016  
  44. 44. @jschauma  ConFoo  Vancouver  2016  
  45. 45. @jschauma  ConFoo  Vancouver  2016  
  46. 46. Threat  Modeling  Process   •  idenKfy  assets,  assign  values   •  use  STRIDE  to  idenKfy  threats   •  use  DREAD+D  to  derive  threat  score   •  determine  /  recommend  defenses   •  zoom  out  /  zoom  in  &  repeat   @jschauma  ConFoo  Vancouver  2016  
  47. 47. Your  adversaries  are  people,  too.   Understand  their  moKves.   @jschauma  ConFoo  Vancouver  2016  
  48. 48. You  can't  defend  against  all  threats   all  of  the  Kme.     @jschauma  ConFoo  Vancouver  2016  
  49. 49. A_ackers  will  go  for  the  lowest  hanging  fruit.     Raising  the  cost  of  a_ack  –  not  eliminaKng  the   enKre  threat  –  is  frequently  sufficient.   @jschauma  ConFoo  Vancouver  2016  
  50. 50. @jschauma   •  Know  your  enemy.  Understand  their  moKves.   •  Know  your  vulnerabiliKes.  Rank  your  threats.   •  Know  your  defensive  capabiliKes.  Be  realis6c.   PrioriKze  what  ma_ers.   ConFoo  Vancouver  2016  

×