Terms:
- Vulnerability: A flaw or weakness in a systems design implementation or operation and management that could be exploited to violate the systems security policy
- Threat: A Potential for violation of security, which exists when there is a circumstance, capability, action or event that could breach security and cause harm..a threat is a possible danget that might exploit a vulnerability
- Attack: An assault on system security that derives from an intelligent threat to evade security services and violate the security policy of a system
Threat Analysis Process:
1. Threat Modelling (Design centric)2. Exploit the vulnerabilities realted to Threats using a attacker model
Example: Electronic lock in a hotel
- Define sub-Components: lock can be opened by Guest card, Master key
- Define security Objectives
- Allow guest access to the room
- Allow service personnel access
- Prevent unauthorized access
- Every entry should be logged
- Define Work-flow
- Guest is given card and uses it to open or lock the door
- Trust Boundaries
- Central encoder in a secure location
- Card
- Interface between lock and lock encoder
- Security Controls:
- Central encoder is accessible to hotel staff
- Lock encoder is physically hard to modify
- Cards data is encrypted
- Attacker Targets Assets
- Encoding master keys
- Card itself
- lock programmer
- Lock Encoder
- Threats
- Integrity:
- someone steals guest card
- Sneaks into room when door is open
- changing the audit log by physical access
- Break lock
- Confidentiality:
- Exposure of audit log by physically acessing the log
- Availability:
- Central encoder is out of orderm no way to unlock
- Power to the lock is lost and no way to open
- Vulnerabilities
- Accessing encryption keys in lock programmer
- Crypto algorithm/key-size weakness
- Guest card easy to copy
- Lock Physical strength weakness
Threat Quantification:
Threat |Threat consequence |Probability of Theat|Damage of Threat| Attacker level
Steal card| Unauthorized access | Medium | Medium | Loner
Risk Assessment Steps:
1. Define Scope
Identity what is covered and what is not coveredAgreement with senior management
2. Data Collection
Understand policies and procedures currently in place Analysis. Interview key personnel, check documentation, system and service information- -services running
- -Network applications running
- -Physical location of systems
- -Access control permissions
- -Firewall testing
Gather information about specific systems and services:
- Security Focus (www.securityfocus.com) - searchable databases of
- vulnerabilities and relevant news groups.
- Incidents.org (www.incidents.org) - information on current threat activities.
- Packet Storm (packetstormsecurity.org)
- InfoSysSec (www.infosyssec.com)
- SANS (www.sans.org)
3. Analysis of Policies and Procedures
Review and analyze existing policies and procedues and guage compliance level within organizationExample:
- ISO 17799
- BSI 7799
- Common Criteria - ISO 15504
4. Vulnerability Analysis
Test the systems for current exposure, safe guards in terms of confidentiality, integrity and availability. Various tools can be used to identity vulnerabilities in the systems:- Whisker
- Portscan
- IBM AppScan
- Parfait - static analysis tool
- Findbugs
Tests include Penetration testing, Zero-knowledge testing performed by external parties
Provide Rating to the threats by Severity and Exposure- Severity - Minor, Moderate, High
- Exposure - Minor, Moderatem, Hign
5. Threat Analysis
Threat Agents are divided into Human (Hackers, theft, current or former employees, service personnels) and non-human (Floods, Lightling Plumbing, Viruses)6. Analysis of Acceptable Risks
Assess existing policies, procedures and protection items are adequate. Document and inform senior management.References:
- https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
- https://www.sans.org/reading-room/whitepapers/auditing/overview-threat-risk-assessment-76