Please enable JavaScript.

Coggle requires JavaScript to display documents.

Threat Modeling - Coggle Diagram

- - - - Draw the System Diagram (System Design)
    - - Problem finding
        
        Draw and write down the issue on the write board (AWW). All the possible threat
        
        Including What could go wrong (How and type of attack), and Where (element) in detail
        
        Document, and Mark
      - STRIDE Analysis
        
        Spoofing (Violates Authentication)
        
        Define
        
        Acting like something, but is actually not
        
        Attacks
        
        Password BF attack (tool: THC Hydra)
        
        Defense
        
        Exponential freeze time: 2^n
        
        2FA: Google Authenticator (Pitfall: Don’t use SMS, because there are so many way SMS can be hacked, and it could send to a wrong number. Sometimes when phones are in the same cloud network, they could share messages instantaneously)
        
        IP Spoofing
        
        Attack
        
        Attacker using tools or hard code IP packets to alter the IP address to the trusted source and send to server. Then normally what happen after successor fool the server is DDoS or “MITM” (Men-in-the-middle attack)
        
        Defense
        
        Server
        
        2 more items...
        
        Usre
        
        1 more item...
        
        ARP Spoofing
        
        Attack
        
        Fool the Address Resolution Protocol by letting the LAN that use this protocol to connect the MAC (hardware) address with the IP address of the member in the network (cracking the IP address). Once this is done, attacker can gain access to any data sent to that member IP.
        
        Constrains
        
        Only works for the LAN (Local Area Network) that uses ARP (Address Resolution Protocol) protocol.
        
        Follow up
        
        Distributed Denial of Service (DDoS) through the IP that is in the LAN network.
        
        All data to that membre IP address are not on the hand of the attacker (all lost).
        
        Defense (Detection)
        
        In the GNU/Linux system, you can use arp -a to check and see if there is any MAC (Hardware Address) that shares more than one IP in your LAN users. If so, there is a ARP spoofing happening.
        
        DNS Spoofing
        
        Attack
        
        Cache poisoning: keep sending the fake domain name address information to the DNS server, and guess the checksum. Once the the cache is overflow and checksum is correct, the DNS server will access and update it’s DN record to the attackers information.
        
        DDoS the DNS server by rent hourly VM and using them to attack the DNS server together.
        
        Email Spoofing
        
        Attack
        
        Attacker spoof the user name to be trusted company or users, and then send malicious files or scripts to victims.
        
        Defense
        
        Using checksum or unique phrases setup by user, and show them whenever send message to communicate.
        
        Be skeptical about the user name, and double check.
        
        Checking spelling errors of critical informations (organization names, etc.)
        
        Tempering (Violates Integrity
        
        Attacks
        
        Defense (General)
        
        In OS, configurations permission
        
        In Cloud, using the permission they provide
        
        In the network systems, using the cryptographic integrity protection, like what’s included in TLS
        
        Repudiation (Bot/Attacker or Customer)
        
        Attack
        
        Attacker act like a customer and sending email/message to complain about a transaction or bill (etc.) in his/her account is not real/legal/by-itself.
        
        Defense
        
        Clear logs and analysis records are the key, so we gonna be clear about what kind of log and information we should get her from the very beginning to prevent unable to distinguish the use and bot attacker
        
        Diagram approach in System design for repudiation
        
        Customer (Sending Complains to company, and getting Tracking # back)
        
        Company (Receive complain and then start to Investigate)
        
        1 more item...
        
        Information Disclosure (violates Confidentiality)
        
        Attack
        
        Circumvent the access control and gain unauthorized information
        
        Defense
        
        Cryptographe
        
        TLS, or System OS permission tools
        
        Cloud built-in tools
        
        Build by your own (identify an individual who does a specific job, authenticate them, and then proceed to give that individual only the key to the door or workstation that they need access to and nothing more)
        
        Discretionary Access Control (DAC)
        
        The business owner responsible for deciding which people are allowed in a specific location, physically or digitally. (Not very save, more freedom)
        
        Mandatory Access Control (MAC)
        
        Only the top owner and custodian are allowed to build the security guidelines, and other owners don’t have a say.
        
        Role-Based Access Control (RBAC)
        
        Simplify the job assignment by only assigning specific roles to users, which come with the correct set of role for them to use.
        
        Denial of Service (violates Availability)
        
        Attack
        
        Tons of incoming requests to slow down or even take down the servers
        
        Injectecting
        
        Elevation of Privilege (violating All CIAA)
        
        Attacks
        
        Cross Site Scripting (XSS) OWASP
        
        Attacks
        
        Occurs when: the data is included in dynamic content that is sent to a web user without being validated for malicious content.
        
        Gaining browser access to all the cookies, session tokens, or other sensitive information retained by the browser and users with that site.
        
        Occurs when: data enters a web app through untrusted source (web requests)
        
        Rewrite the contents of HTML and spoof the users for more trouble.
        
        Types
        
        Stored Cross Site Scripting (XSS) Type 1 / Persistent
        
        1 more item...
        
        Reflected Cross Site Scripting (XSS) Type 2 / Non-ersistent
        
        1 more item...
        
        DON-Based XSS Type-0 (Due to server side flaw, malicious contents are put in the client browser)
        
        Defense
        
        Prefer using carefully designed whitelist combining with prebuilt blacklist by service provider like built in functions by DB and languages.
        
        Pitfall
        
        1 more item...
        
        Never insert untrusted data except in allowed locations
        
        HTML Escape Before inserting untrusted data into HTML element content
        
        Attribute escape before inserting untrusted data into HTML common attributes
        
        JS escape before inserting untrusted data into JS data values
        
        CSS Escape and strictly validât before inserting untrusted data into HTML style property values
        
        URL Escape
        
        Avoid JS URL
        
        Use HTTOnly cookie flag (no JS)
        
        Injection attacks
        
        SQL Injection
        
        OS Command Injection
        
        Overflow Stack
        
        A * MAX_INT
        
        Avoid using OS call
        
        Defense
        
        Input validation
        
        1 more item...
        
        Stored Procedures
        
        3 more items...
        
        Cross Site Request Forgery (CSRF)
        
        Attack
        
        The malicious scripts or link can be injected through XSS or social engineering. The victim (can be user or admin) will be forced to perform unwanted actions on their authenticated application, such as transferring funds, changing email address, etc. (Identity inheritance is the key, using the user’s session cookie, IP address, credentials, and so forth)
        
        1 more item...
        
        Defence
        
        5 more items...
    - - Is the issue in DMZ (middle part between internal network and public internet)?
      - Can the problem cause data loss?
      - Is this a software or hardware issue?
    - - List all the threat and questions (could be vague).
      - Answering the doubt from others, normally they say “that’s impossible” by just meaning “that’s too complicated to fix”.
      - Test (see if that really cause problem!)