Steps of Disaster Recovery

Planning: Threat Modelling

Lecture 3 & 4
2024 Abdulsalam S. Mustafa (Ph.D.)
 Last Lecture
• Principles and Planning
• Contingency Plan Components

• Agency Response Procedures and Continuity of Operations

• Planning Processes
• Continuity and Recovery Function
Lecture Outline
 Threat Environment Graphic – MSS

Threat Environment
Types of attackers and attacks faced

◼ Cyberthreat: attempt to damage or disrupt a

computer network or system.

◼ Vulnerabilities: Network, Software, Hardware

◼ Threat Modelling (STRIDE, DREAD, Threat

Trees etc.)
Security Measures: Recap
1. Asset – Valuable Resources
2. Vulnerability – An exploitable weakness
3. Threat- Can cause harm:
Intentional VS Accidental
Automated VS Manual
Chosen VS Indiscriminate
4. Risk- likelihood threat will cause harm
Threat Probability + Vulnerability Severity
5. Counter Measure- Control that reduce risk to
an acceptable level
Virtual Private Network (VPN)…
Intrusion Detection System (IDS)
Network Operations Centre (NOC)
Identifying Vulnerability (Assessment)

◼ Security Testing has become inevitable to safeguard an organization’s

sensitive and confidential data.
◼ It ensures that the data is not subjected to any breach.

I. Penetration Test (Pen Test)

II. Black Box Scan (System Test)
III. White Box Scan (Unit/ Integration Testing)
IV. Source Code Analysis (Static and Dynamic State)
Penetration Testing
Vulnerability Assessment
◼ A vulnerability assessment is a process that identifies and
prioritizes security weaknesses in an organization's IT systems.
◼ A health check for cybersecurity defenses
◼ To identify weaknesses
◼ Provide guidance for developers creating threat solutions
1,090 Vulnerability Management Icon ...

◼ Usually 4 Processes
 Scanning
 Penetration Testing
 Classification
 Remediation
Assessment
Vulnerability Assessment Process
Vulnerability Assessment
 Responding to the Threats
◼ Do Nothing
◼ Warn the User
◼ Remove the Problem
◼ Fix the Problem
◼ Reboot?
◼ Shutdown?
Responding to Threats: Doing Something

◼ Mobilise the incident response team (CERT)

◼ Secure systems and ensure business continuity
◼ Conducting a thorough investigation
◼ Address legal and regulatory requirements
◼ Incur liability
◼ STRIDE and DREAD
 STRIDE and DREAD
◼ Threat modelling frameworks
◼ STRIDE is simple and suitable for small organizations
◼ DREAD is quantitative and for advanced security practices
◼ A combination of these frameworks may be used for more
effective and comprehensive threat modelling.
STRIDE
Threat #1

◼ A malicious user views or tampers with personal profile data en-

route from the Web server to the client or from the client to the
Web server.
Tampering with data/Information disclosure
Threat #2

◼ A malicious user views or tampers with personal profile data

enroute from the Web server to the Component Object Model
(COM) or from the component to the Web server.
Tampering with data/Information disclosure
Threat #3

◼ An attacker denies access to the profile database server

computer by flooding it with TCP/IP packets.
(DoS)
Threat #4

◼ A malicious user views the Lightweight Directory Access Protocol

(LDAP) authentication packets and learns how to reply to them so
that he can act "on behalf of" the user.
Spoofing identity
Information disclosure
Elevation of privilege
Threat #5

An attacker deletes or modifies the audit logs.

Tampering with data
Repudiation
DREAD
Damage Potential
Reproducibility
Exploitability
Affected users
Discoverability

DREAD is a classification scheme for quantifying, comparing and

prioritizing the amount of risk presented by each evaluated threat

Risk_DREAD = (DAMAGE + REPRODUCIBILITY +

EXPLOITABILITY + AFFECTED USERS +
DISCOVERABILITY) / 5
DREAD
DREAD
Risk_DREAD = (DAMAGE + REPRODUCIBILITY +
EXPLOITABILITY + AFFECTED USERS +
DISCOVERABILITY) / 5
Case Study: Star Wars
◼ Long, long ago in a galaxy far, far away…
◼ A critical infrastructure object, the Death Star, measured about 120
kilometers in diameter
◼ Hosting about 1 million of staff (including 25,984 troopers and 342,953 of
fleet personnel)
◼ Was destroyed in the battle of Yavin.
◼ Due to this incident, the Galactic Empire sustained considerable losses,
including a massive reputational damage, which led to its eventual downfall.
Case Study: Star Wars…

Company Profile
Name: The Galactic Empire
Size: 26,000 destroyers + auxiliary fleet
Business: Galactic supremacy

The CEO, Emperor Sheev Palpatine, created his Empire on the shards
of the Galactic Republic and the Confederation of Independent Systems,
wallow in corruption and civil wars (in most cases the latter were
orchestrated by the mysterious Darth Sidious, who turned out to be
disguised Palpatine, the Naboo senator and then a chancellor) In the
times of the battle of Yavin the Empire had been around for 19 years and
was the supreme force in the galaxy.
Threat Example: Star Wars
Asset: Death Star Plans
 Asset: Death Star Plans (Threat)

Information Disclosure
Threat Level?
Threat Level?
 Reproducibility

Level= 10
◼ How was the security breach handled?
◼ Threat Mitigation?
Countermeasures: Mitigation
Countermeasures…
Exploitability Level?
End Result?
 Critical security flaws
Flaw Action
The Empire officers could not prevent a
All personnel should attend cybersecurity
data leak, allowing two droids flee in a
trainings
rescue capsule

A ‘Trojan’ starship with hackers on board All incoming communications should be

was brought onto the critical infrastructure limited and controlled by stringent security
object policies

An outsider droid managed to access the A robust multifactor authentication system

station’s systems, data, and select should prevent outsiders from accessing
industrial process controllers the systems
The SCADA (Supervisory Control and
A Jedi powered off all tractor beams on
Data Acquisition System) should instantly
the station, ultimately allowing a starship
alert operators of any changes in power
leave Death Star
systems
Imperial analysts managed to discover The acceptance inspection measures
the vulnerability when it already had been should include detailed modeling of
under attack and could not be fixed threats (ideally, pen testing)
 Star Wars: Lessons Learnt

◼ Limiting Access Controls

◼ Two-Factor Authentication
◼ Encrypting sensitive data
◼ Hiring Security Experts
◼ Staff Welfare and Disgruntled Employees
DREAD Risk Assessment for a Social
Media Platform
◼ Scenario: You are tasked with assessing the security of a social media
platform that allows users to post content, message each other, and share
media.
◼ Task:
◼ Evaluate the security risks of the platform using the DREAD model for one
major threat, such as data leakage.
◼ For each category in DREAD, rate the threat from 1 to 10 (1 = low, 10 = high)
and provide reasoning for the rating.
◼ Calculate the total risk score and provide a recommendation for mitigation.
DREAD Risk Assessment for an IoT
Device
◼ Scenario: You are assessing the security of a smart home IoT device (e.g.,
smart thermostat) that connects to the internet and interacts with other smart
devices in the home..
◼ Task:
◼ Identify a potential security vulnerability (e.g., unauthorized access to device
control).
◼ Using the DREAD model, evaluate the severity and likelihood of this risk, rate
each category, and provide mitigation strategies.
DREAD Risk Assessment for a Cloud-
Based Document Management System
◼ Scenario: Your company uses a cloud-based document management
system that stores sensitive business documents and allows users to access
them remotely.
◼ Task:
◼ Identify a possible vulnerability, such as unauthorized document access due
to weak access control.
◼ Evaluate the risk using the DREAD model, assigning scores, and provide
mitigation recommendations.
References
◼ Kurose J., Ross K., Wesley A., Computer Networking: A
Top Down Approach, 7th edition, Press, 2016.
◼ Andrew S. T., Computer Networks, 5th Edition, Pearson
Press, 2013.
Assignment
◼ Threat #1 An attacker places his own Web
server on the network after killing the real Web
server with a distributed DoS attack.

◼ Threat #2 A malicious user defaces the Web

server by changing one or more Web pages.

◼ Why would a network manager benefit from

having network management tools? Describe
five scenarios