Professional Documents
Culture Documents
Assignment – 2
(NOTE: SOC, wherever implemented, always constitutes a part of the overall IT structure of any
organization. In order to create a comprehensive and all-encompassing threat modelling report, an
assumption has been made regarding the network architecture of the organization (fig 1). Moreover, in
order to give the report a realistic touch an imaginary firm by the name M/S ABC has been considered.)
1. Introduction. In modern technological era which is represented by revolutions in IT, more and
more organizations become heavily dependent on data and information processing platforms to
sustain their operations. In this backdrop, the security of such data and information platforms
has assumed prime importance, and this security can only be ensured and implemented, by
carrying out an elaborate threat modelling of the IT architecture under consideration. Firm M/S
ABC contacted NUST – IS Department and requested that a threat model of their overall IT
architecture in general and their SOC in particular be evaluated. This report carries out detailed
threat modelling of the firm M/S ABC, taking a holistic view of the overall IT architecture of the
firm and maintaining an acute focus on their SOC facility.
2. Sequence
a. Methodology of Threat Modelling
(1) Overview of different methodologies.
(2) Selected methodology- Reasons for using NIST 800-30
(3) Brief description – NIST 800-30
b. Threat Model Report
(1) Overview of IT Infra under Evaluation
(a) IT Infra diagram
(b) Infra of SOC
(2) Step 1 – System Characterization
(a) Enumeration of Assets
(b) Identification of Critical Assets
(c) Identification of actors
(d) Identification of Attackers
(3) Step 2 – Threat Identification
(a) Identification of Threats
(b) Threat – Asset Mapping
(c) Threat vector Diagram (attack scenarios)
(4) Step 3 – Vulnerability Identification
(a) Identification of security requirements
(b) Identification of vulnerabilities
(5) Step 4 – Control Analysis
(a) Enumeration of existing security controls
(b) Identification of lacking controls
(6) Step 5 - Likelihood Determination - Rating of attacks based on Step 2, 3 and 4
(7) Step 6 – Impact Analysis - Threat impact matrix
(8) Step 7 – Risk determination - Risk Level Matrix
After carrying out the above mentioned nine steps, an organization can obtain a holistic
view of the threats being faced by its IT systems along with a consolidated view of the
existing controls and further mitigation strategies can be ascertained.
b. Infrastructure of SOC
(1) The structure of SOC which exists within the overall IT infrastructure of M/S ABC, is as
per figure 2 as follows:-
CIRT PENTEST
SIEM
SIEM
FORENSICS AUDIT
c. Identification of Actors. All those personells who can become threat actors are enumerated
in table 4, keeping in mind the overall architecture and their roles within it.
Sno Actors Role
1. Administrators Custodian of the IT setup
2. Technicians Technically maintaining the
setup
3. End user (insider employees) User of IT facilities
4. End user (outsiders) User if public IT facilities
5. Hackers/ attackers Currently has no internal
role within the org.
however strives to breach
the internal mechanisms
d. Identification of Attackers. Basing on the shortlisted actors given in table 4, all possible
attackers (internal/ external) who can either intentionally or unintentionally cause harm to
the IT infrastructure as a whole and SOC in particular, have been listed down in table 5
Sno Attackers
1. Hackers/ crackers
2. Computer criminals
3. Terrorists
4. Industrial spies
5. Disgruntled employees
Table 4: Attackers
b. Threat Asset Mapping. The threats enumerated in table 5 have been mapped to the assets
enumerated in table 1 according to the layers on which the assets operate and have been
categorized. The subject threat-asset mapping is as per table 6 as follows:-
c. Threat Vector Diagram. In order to obtain a clear understanding of how these threats can
be executed on the given IT architecture a detailed enumeration of threats and their
corresponding threat actions is given as per table 7. To further clarify the probable locations
of execution of these threat actions a detailed threat vector diagram is given in fig 3, which
consist of each threat action marked on the diagram at the locations at which it can occur.
Sno Layer of Threat Threat Actions
Operation
1. Networks Sniffing of information (man-in- Man in the middle
the-middle) attack,
Impersonation,
IP/ MAC/ DHCP spoofing
Denial of service Session starvation
attack,
Ping flood
Misconfiguration Human negligence
Unauthorized access Password cracking,
Backdoors, viruses,
worms, Trojans,
Key logging,
Attachment of
unauthorized devices
Escalation of privileges Access Token
Manipulation,
Bypassing user access
control,
DLL search order
hijacking,
Accessing shared folders
2. Applications / Data leakage Phishing,
systems Web application attacks,
Viruses/ worms/
Trojans/ backdoors
Unauthorized access Password cracking,
Backdoors, viruses,
worms, Trojans,
Key logging,
Escalation of privileges Access Token
Manipulation,
Bypassing user access
control,
DLL search order
hijacking,
Accessing shared folders
Misconfiguration Human negligence
Hacking (backdoors/ viruses/ Application/ web based
server side attacks) attacks,
Phishing
3. Hardware Physical damage Lack of physical access
Table 7 – Threats and Corresponding Threat Actors
The corresponding threat vector diagram is as per fig 3 as follows: -
Unauthorized access,
Data leakage,
Escalation of privileges,
Hacking
(viruses/worms/backdoors),
Power outages,
Physical damage,
Theft
Unauthorized
access,
Misuse of Privileges
Unauthorized access,
escalation of
privileges,
misconfiguration,
b. Lacking Controls. An asset wise list of lacking controls is presented as per table 10 below: -
9. Step 5 – Likelihood Determination . Taking into consideration the threats enumerated in step 2,
the vulnerabilities identified in step 3 and the existing/ lacking controls shortlisted in step 4, a
likelihood matrix has been ascertained in table 12, which depicts how likely it is for a threat to
be executed in the given circumstances. The threats at each asset and its corresponding
category have been considered and the probability of the occurrence of a threat has been
qualitatively categorized into HIGH, MEDIUM and LOW and the description of each is as follows:-
Power outage
Escalation of privileges
Theft
Misuse of privileges
Denial of service
Data Leakage
Physical damage
Hacking
Unauthorized access
Sniffing of information
Impact Definition
Table High Execution of threat (1) may result in costly loss of major tangible assets or
resources; (2) may significantly violate an organization’s mission, reputation, or
13: interest; or (3) may result in human death or serious injury.
Execution of threat (1) may result in the costly loss of tangible assets or
Medium resources; (2) may violate an organization’s mission, reputation, or interest; or
(3) may result in human injury.
Low Exercise of threat (1) may result in the loss of some tangible assets or resources
or (2) may noticeably affect an organization’s mission, reputation, or interest.
Power outage
Escalation of privileges
Theft
Misuse of privileges
Denial of service
Data Leakage
Physical damage
Hacking
Unauthorized access
Sniffing of information
Misconfiguration
Confidentiality High High High High High Low Medi High High High N/A
um
Integrity Medi High High Medi Medi Low Low Low Medi Low N/A
1. Networks
um um um um
Availability Low Medi High High Low Low Low Low Low Low N/A
um
Confidentiality N/A Low High High High High High Low Low Low N/A
Applications / Integrity N/A High High High High High High Low Low Low N/A
2. Availability N/A High Medi High Low Medi Low Low Low Low N/A
systems
um um
Confidentiality N/A Low High High High High High High High High N/A
3. Hardware Integrity N/A High High High High High High Low Low Low N/A
Availability N/A High High High Low High High Low Low Low N/A
Human Confidentiality N/A N/A N/A High High N/A High N/A N/A N/A High
4. Integrity N/A N/A N/A High High N/A High N/A N/A N/A High
resource Availability N/A N/A N/A High High N/A High N/A N/A N/A N/A
11. Step 7 – Risk Determination – Risk Level Matrix . The over risk for each category of assets has
been calculated by multiplying the likelihood by the corresponding impact value. Since the
likelihood and impact factors have been described qualitatively, therefore in order to determine
the risk they have been given values as per table 15 below. The likelihood has been given a
probability value of 1.o for HIGH, 0.5 for MEDIUM and 0.1 for LOW. Similarly, the threat impact
has been given a value of 100 for HIGH, 50 for MEDIUM and 10 for LOW.
Impact
Likelihood
High (100) Medium(50) Low(10)
High (1.0) High Medium Low
(100X1)=100 (50 X 1)=50 (10x1)=10
Medium (0.5) Medium Medium Low
(100X0.5)=50 (50X0.5)=25 (10X0.5)=5
Low (0.1) Low Low Low
(100X0.1)=10 (50X0.1)=5 (10X0.1)=1
Table 15: 3x3 Risk Level Matrix
After carrying out the necessary calculations at the backend the following overall risk levels have
been determined for each category of assets as per table 16 below: -
Unauthorized access
Theft
Misuse of privileges
Physical damage
Power outage
Hacking
Escalation of privileges
Sniffing of information
Misconfiguration
Applications /
2. N/A Medium High High High High High Low Low Low N/A High
systems
3. Hardware N/A Medium High High High High High Low Low Low N/A High
4. Human resource N/A N/A N/A High High N/A High N/A N/A N/A High High