Amateur Security Archaeologists, trying not to break things.
To be clear, I don’t want you to raze the Amazon Rainforest here. What I am referring to for this blog post is another visualization technique. Where as DFDs focused on understanding the flow of information through your systems, Attack Trees are another graphical representation to uncover how an attacker might exploit weaknesses in a system to achieve specific malicious objectives.
We’ve talked about Microsoft’s view of threat modeling, but this next one might appeal to folks with a background in software that doesn’t crash – sorry, I jest, i jest! (or do I?) Well in this useful method, we’re all about understanding the flow of data across our systems. We’re talking Data Flow Diagrams (DFDs) used in software engineering and systems analysis.
Continue reading
As you can see in the previous post, the “know yourself” side of the Threat Modeling process is extensive and covers all but one of the steps. While some may be tempted to deal only in knowing the adversary, you must grasp on your organization’s own policies, capabilities, and design to model most effectively. These efforts also feed related activities, such as project planning and roadmap development, business strategy, risk management, and procurement & staffing. Several externally focused frameworks and methodologies map adversary behaviors and their impacts to the environment and should be selected to compliment the skills and capabilities of your organization. Each offers different areas of focus, fidelity, and processes that can be adapted to your organization’s needs.
Continue readingAll of us encounter the use (and misuse) of terms like threat hunting, threat modeling, threat intelligence, and threat picture.
I know this seems like a pretty weak byline, but bear with me. In studying for the GCIH exam I have been finding myself pondering some of the wisdom I have been given by John Strand, the VoD’s recorded instructor. In the course-ware, he stresses the need for an organization to truly understand their environment and patch efficiently, and that the best way to facilitate that might be to standardize on as few platforms as possible.The homogeneity of the environment will both simplify the patching and vulnerability management AND make the environment easier to understand and thus protect. This gets back to a fundamental concept in securing anything: you can’t protect what you aren’t aware of. Continue reading
Mike© 2024 Raiders of the Lost ARP
Theme by Anders Noren — Up ↑
