Scribd Logo
Upload

Welcome to Scribd!

  • New ML

    Uploaded by

    anonmax121
    3 views8 pages
    Machine Learning COncepts

    Original Title

    new-ml

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Machine Learning COncepts

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views8 pages

    New ML

    Uploaded by

    anonmax121
    Machine Learning COncepts

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Threat Modelling For

    Internal Netowrk

    Owner: Sidhant
    Angu
    Reviewer
    :
    Cont ributors
    :
    Date
    Generated:
    Fri Oct 13
    2023
    Executive
    Summary
    High level system
    description
    Not provided

    Summary
    Total Threats 26

    Total Mitigated 0

    Not Mitigated 26

    Open / High Priority 2

    Open / Medium Priority 24

    Open / Low Priority 0

    Open / Unknown Priority 0


    New STRIDE
    diagram
    ISP

    Border gateway Protocol

    Router Router

    Secondary Primary

    OSPF
    OSPF

    Firewall
    Firewall

    Web Server

    Web Server
    User Workstation
    User trust boundary user

    Database store Database Server


    New STRIDE
    diagram
    Border gateway Protocol (Data
    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s
    Data Flow (Data
    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)
    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Response (Data
    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Data Flow (Data


    Flow)

    Number Tit le Type Priority Stat u Score Description Mit igat ion
    s s

    Database store (Data


    Flow)

    Number Title Type Priority Status Score Description Mitigations

    6 New STRIDE Information High Open if Proper url filter not applied it can lead to Filtering the url
    threat disclosure information disclosure

    7 New STRIDE Tampering High Open user can add scripts while tampering the code which may Block the user if multiple
    threat lead to RCE (remote code execution) suspicious activity is performed

    12 New STRIDE Tampering Medium Open user can add scripts while tampering the code which may WAF Protection
    threat lead to RCE (remote code execution)

    Database Server (Data


    Flow)

    Number Title Type Priority Status Score Description Mitigations

    11 New STRIDE threat Tampering Medium Open if Proper url filter not applied it can lead to information disclosure Filter the url
    user (Data
    Flow)

    Number Title Type Priority Status Score Description Mitigations

    10 New STRIDE Denial of service Medium Open User can send malicious requests at high Number Rate limit the user
    threat

    31 New STRIDE Information Medium Open User can send malicious requests to server in which response Perform Url Encoding
    threat disclosure can exploit the user data

    36 New STRIDE Tampering Medium Open User tampering the data due to weak encryption of data SHA-512 should be used for
    threat encypting data

    Web Server (Data


    Flow)

    Number Title Type Priority Status Score Description Mitigations

    4 New STRIDE Tampering Medium Open Unauthorised User can tamper the data through Provide strong encryption data ow.
    threat MITM Attack

    5 New STRIDE Denial of Medium Open User sending large number of request Rate limit the user if request exceeds
    threat service 50 requests/ minute

    Web Server (Data


    Flow)

    Number Title Type Priority Status Score Description Mitigations

    13 New STRIDE threat Tampering Medium Open user can Send malicious requests WAF Protection

    14 New STRIDE threat Denial of service Medium Open User sending large number of request Rate limit the user

    Firewall (Data
    Flow)

    Number Title Type Priority Status Score Description Mitigations

    15 New STRIDE Denial of Medium Open User Flooding the firewall Setting rules to rate limit the number of requests a user can send
    threat service with requests in one minute

    Firewall (Data
    Flow)

    Number Title Type Priority Status Score Description Mitigations

    8 New STRIDE Denial of Medium Open User may ood the firewall with high volume Adjusting the firewall rules according to the number
    threat service of traffic of requests allowed

    Router (Data Flow)


    Number Title Type Priority Status Score Description Mitigations

    16 New STRIDE Tampering Medium Open Router configurations can be tampered if it is set to default Strong passwords or
    threat or week authentication auhentication mechanism

    18 New STRIDE Information Medium Open Can expose the network topology, access control lists etc
    threat disclosure

    21 New STRIDE Denial of service Medium Open User can overload the processing capabilities of the Rate limiting the unauthorised user
    threat router, leading to DOS

    Data Flow (Data


    Flow)

    Number Title Type Priority Status Score Description Mitigations

    17 New STRIDE Tampering Medium Open Router configurations can be tampered if it is set to default Strong Authentication
    threat or week authentication

    20 New STRIDE Tampering Medium Open Can expose the network topology, access control lists etc Setting strong Admin rules
    threat and authentication

    22 New STRIDE Denial of Medium Open User can overload the processing capabilities of the Rate limiting the unauthorised user
    threat service router, leading to DOS or updating firmware

    0 New STRIDE Tampering Medium Open Provide a description for this threat Provide remediation for this threat or
    threat a reason if status is N/A

    User Workstation (Data


    Flow)

    Number Title Type Priority Status Score Description Mitigations

    9 New STRIDE Denial of service Medium Open User can send malicious requests at high Number Rate Limit the users
    threat

    30 New STRIDE Information Medium Open User can send malicious requests to server in FIltering the requests if malicious input
    threat disclosure which response can exploit the user data is found(url encoding)

    33 New STRIDE Tampering Medium Open User tampering the data due to weak encryption of data Secure connections over wireless
    threat

    ISP (Data
    Flow)

    Number Title Type Priority Status Score Description Mitigations

    25 New STRIDE threat Tampering Medium Open Unauthorized user can modify the data Perform the integrity check

    26 New STRIDE threat Information disclosure Medium Open Unauthorised access to the routers via ISP Configured IDS and IPS

    29 New STRIDE threat Denial of service Medium Open User can perform reosource exhaustion via DOS Perform Traffic filtering or rate limiting

    You might also like