Secure Engineering and Threat Modeling

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
14 hours 39 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:12
>> We talked about monitoring the network
00:12
for events but let's talk about
00:12
secure engineering and development
00:12
now because ultimately the reason we have to
00:12
monitor and the reason we have
00:12
>> to secure and scan and do
00:12
>> all those pieces is that we don't develop software,
00:12
we don't develop systems securely.
00:12
Now I'm not really meaning that as
00:12
the blanket statement it sounds like.
00:12
But what I'm saying is historically,
00:12
we haven't had a focus on security.
00:12
We've primarily focused on here's what
00:12
the product is going to do, we release it,
00:12
and then six weeks later we release a patch to secure it,
00:12
which obviously is not a secure design process.
00:12
What we want to make sure of
00:12
is as we're developing systems,
00:12
and as senior managers,
00:12
we're responsible for making sure this happens.
00:12
I'm not writing the code,
00:12
but it is my responsibility to ensure there's
00:12
a process in place to
00:12
verify that our code is written securely.
00:12
When we start with the concepts in the feasibility study,
00:12
can we do this,
00:12
will we do this?
00:12
We do an initial risk assessment.
00:12
What are we going to be protecting?
00:12
What's it worth? What are
00:12
the threats and vulnerabilities?
00:12
We have to look at how our framework is
00:12
going to support the secure development of a product.
00:12
Then we have to gather requirements and
00:12
these will be functional requirements first,
00:12
from the customer, the customer
00:12
will give us those requirements.
00:12
We need to make sure that
00:12
the customer is open with us and
00:12
is clear with us about the amount of security
00:12
that's necessary for that product again,
00:12
based on risk assessment.
00:12
Now the system analysis
00:12
takes with the customer has given us in
00:12
functional and the system analysis
00:12
is where our developers say,
00:12
here's how we're going to build this product.
00:12
The design, we've
00:12
analyzed the system now we're going to design the system.
00:12
Then we're going to actually write
00:12
the code into the design.
00:12
We're going to check for security along
00:12
the way and again,
00:12
what we're looking to do is each step
00:12
of the way we're focusing on security.
00:12
It's not that we look at security upfront.
00:12
It's not that we look at it on the tail end.
00:12
It's that we incorporate security in everything that we
00:12
do throughout the software and
00:12
system development life cycle.
00:12
Then at the end,
00:12
before we move to implementation,
00:12
we go through testing.
00:12
Testing, what we're ultimately trying to
00:12
accomplish is certification and accreditation.
00:12
Certification is the technical evaluation of
00:12
a product and really if the security features
00:12
of a product in a specific environment,
00:12
and in the environment for which it's designed for.
00:12
Certification is technical.
00:12
Does it work securely? Is what we're looking at.
00:12
Then accreditation, which more recently has
00:12
been known as authorization,
00:12
that's management's acceptance of the product.
00:12
Does it meet our needs?
00:12
At the end of this process,
00:12
testing, have we designed it securely,
00:12
and if so testing should yield certification,
00:12
then ideally senior management will say yes,
00:12
this meets our needs.
00:12
When we are developing with security in mind,
00:12
one of the things that we do is threat modeling.
00:12
Threat modeling says, we
00:12
know what we're using this application for,
00:12
how could it be misused?
00:12
Sometimes you hear people talk about
00:12
a use and misuse case.
00:12
Well, some of the more common threats within
00:12
applications you can think of or you can
00:12
remember via STRIDE, spoofing,
00:12
tampering, repudiation, information disclosure,
00:12
denial of service, and
00:12
elevation or escalation of privileges,
00:12
that's what STRIDE stands for.
00:12
If we're going to look at the threats, STRIDE, well,
00:12
we also have to figure out
00:12
the mitigation strategies for each of
00:12
these and figure out how to implement them.
00:12
I do think that you need to
00:12
know STRIDE like they might even say,
00:12
yeah, I kind of be surprised if they said what
00:12
is the D in STRIDE,
00:12
but I wouldn't rule it out.
00:12
Make sure you know this because it's
00:12
such an important element
00:12
of application development, this threat modeling.
00:12
If spoofing is the problem,
00:12
spoofing is impersonation,
00:12
well the solution is
00:12
authentication and not just authentication,
00:12
but strong authentication, multi-factor.
00:12
Prove to me you are who you say
00:12
you are through something you know,
00:12
and something you have or something you have
00:12
and something you are, biometrics.
00:12
Authenticity, multi-factor,
00:12
more than one type of authentication.
00:12
We're worried about tampering is the T in STRIDE.
00:12
Well, let's put integrity checks in place,
00:12
whether they're checksums or
00:12
integrity validation or verification checks,
00:12
hashes, message digests.
00:12
Ultimately if you're worried
00:12
about tampering, incorporate integrity.
00:12
I love the next one,
00:12
the problem's repudiation.
00:12
What's the solution?
00:12
Non-repudiation.
00:12
What is repudiation?
00:12
Repudiation says that I can either
00:12
dispute having sent the message
00:12
or the contents of the message.
00:12
That message didn't come from me.
00:12
It must have been spoofed or yeah,
00:12
that message came from me,
00:12
but that's not what I said.
00:12
Somebody has modified it.
00:12
What we have is a combination of
00:12
authenticity and integrity being questioned.
00:12
What's our solution for that is
00:12
a digital signature and
00:12
we're not going to get deep into crypto here,
00:12
but a digital signature takes
00:12
a hash that is placed on that document for integrity.
00:12
The hash is encrypted with the sender's private key
00:12
so you know it came from
00:12
that sender, that's authenticity.
00:12
When you get the two together, you get non-repudiation.
00:12
We get that through digital signature.
00:12
Information disclosure.
00:12
If you want information to be
00:12
protected from unauthorized disclosure,
00:12
encryption is a quick easy way to think about that.
00:12
Denial of service.
00:12
To avoid denial of service,
00:12
we have to have high availability.
00:12
We get that through redundancy and fault tolerance,
00:12
eliminating a single point of failure,
00:12
Resiliency means a system that can withstand an attack.
00:12
Those are the ways we
00:12
get mitigation for denial of service.
00:12
Then the last, escalation of privileges.
00:12
If I gain access to your system as just a regular user,
00:12
that doesn't help me a lot.
00:12
We have to control and make sure that
00:12
individuals are only authorized
00:12
to the degree that they should be,
00:12
but then we also have to make
00:12
administrative accounts require strong authentication.
00:12
We have to make sure that users are authorized to
00:12
add permissions to accounts or use escalated privileges.
00:12
When we look at those elements,
00:12
those come together on the left what's the threat,
00:12
on the right what's the mitigation.
Up Next