3.2 The Big Fundamentals Part 2 - ZN

00:01

have fun in a fundamental number. Two

00:03

external and internal threats exist

00:06

on the network at all times.

00:08

As we know,

00:10

this is based on threat models that have been created over time.

00:14

You know some common threat models air stride that is created by Microsoft. Dread

00:20

past the trike and bust,

00:22

so lots to choose from that help you understand who you're likely Attackers will be.

00:29

Threat models can also help with categorizing your attack, starting with script kiddies,

00:35

targeted Attackers, insider threats, trusted insider threats and state level actors.

00:42

But the zero trust model generally all those are up c 3552 which is the Internet's threat model, according to the book zero Trust networks. Building secure systems and untrusting networks by even Guillen and Doug Breath

01:00

now,

01:00

And that's the reason why I have The decisions around. Security are created when dealing with zero trust network model.

01:10

So in the next lad we we see a progression of an attack that leads to pivot on the network.

01:17

So number one we could see a phishing attack that is deployed and targets employees

01:23

number two Ah, computer on the network is compromised. A reverse shell is established,

01:29

and then three additional reconnaissance can occur that leads to enumeration of user names and neighboring computers.

01:37

Four. We see a lateral movement that begins on the network and a privilege computer identified.

01:44

Step five. Local administrative privileges are achieved and a key logger installed.

01:51

Step six

01:52

and HR directors. Password is stolen.

01:56

Seven. Compromise production payroll system or or from a privilege HR account Right

02:02

on and Step eight. We see the HR account used to change bank and information.

02:08

Then we moved to Step nine, where paychecks are deposited into a hacker's account

02:14

and maybe Step 10 which isn't on the sly. We could continue to go further here. In our thinking, a hacker could use those same credentials. The HR count that Clear Law was on the HR system that was compromised to cover their tracks,

02:28

so there's a lot of reasons why an attack like this is successful.

02:32

But if we treated all zones the same and place the same amount of security

02:38

and have the same amount of monitoring,

02:39

could things have turned out differently in the scenario that I just kinda came up with and spoke to?

02:46

So if the payroll system was an untrusted zone. The operator will likely have multi factor authentication deployed, maybe device posture configured.

02:59

If this is true, then it should be true. No matter what zone the HR system is in

03:04

a user name and password should never be enough to trust a user or device.

03:10

An example of how the zero trust concept can help here is in step number five. No, we read that the local administrator privileges

03:20

are obtained

03:21

now. A solution like Microsoft laps

03:24

that allow a different local administrative password that also expires and rotates would be a great zero dress model

03:34

or concept to implement that would reduce or completely mitigate and Attackers ability to pivot on the network.

03:43

So continue to think about other security tools

03:46

that you think would fit in removing trust from the different zones, accounts, devices and applications. In this scenario, you know, write it down, make it a quick exercise for you just to kind of think about if you were minimised and trust.

04:01

You know what tools

04:03

are currently available that would allow you to get to that zero trust model.

04:14

So let's review what we covered in this section.

04:16

We focused on fundamental number one and fundamental number two of the zero trust model, which are the network is always assumed to be hostile and external and internal threats exist on the network at all times.

04:30

We also discussed how Attackers stepped through a chain of events on traditional networks, helped create a distinction between traditional networks and zero trust networks. Thank you for your time. Stay tuned.

04:46

So I'm back with another pop quiz. This is in reference to the section that we just covered and we talked about a lot. So we've got a quick learning check here. First question for you is is the threat model stride created by Google or Microsoft

05:04

number two? What is pivot in

05:08

on a network mean and number three? What the right model does he would trust Follow. All of this was covered in our last section. And again, I learned check for you here before we move on.

05:26

So now we move on to the answers for these three questions.

05:35

So number one what we have is is the threat model stride created by Google or Microsoft. And the answer is Microsoft

05:44

on stride stands for spoof any tampering, repudiation, information, disclosure, denial of service in elevation of privilege. There are many threat models out there, several that we briefly touched on, but in the supplemental material section, you have much more

06:03

to look over

06:04

and read at your leisure.

06:08

Number two. We have what is pivot in on a network mean, and that's simply the ability to move from one note to the next.

06:15

Uh, you know, when

06:17

Hacker has the ability to pivot, he's able to move east or west on your network,

06:23

and it means that they're able to jump from one computer to the next actor performing additional reconnaissance on your network

06:30

once one computer or nodes been happy.

06:32

Ah, the next question. What threat model does zero trust follow? And we talked about this briefly as well in the last section, and that is the Internet threat model Rxc 3552