One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1978452 |
| Date de publication | 2020-10-15 11:00:00 (vue: 2020-10-15 11:06:24) |
| Titre | What is threat modeling? |
| Texte | This blog was written by an independent guest blogger. A lot of cybersecurity terminology can sound complex and esoteric. You may hear defensive security specialists, the people who work to secure computers and their networks, talk about threat models and threat modeling a lot. So what is threat modeling? It’s actually pretty simple, and it’s a concept that can not only be applied to computer security, but also to ordinary people in our everyday lives. Threat modeling in a nutshell If your organization has a particular amount of resources and a limited cybersecurity budget, prioritizing the allocation of your funds and resources according to how your network is most likely to be cyber attacked is common sense. From there, you can prioritize defending against the most expensive cyber attacks over the least expensive cyber attacks. You need to conduct thorough analysis to model threats effectively. You must understand that there are vulnerabilities in all software, hardware, and networks. Nothing will ever be 100% secure, your job as a cybersecurity professional is to keep your systems as secure as reasonably possible while understanding that there will always be limits, and no security hardening is ever perfect. So threat modeling is a way of thinking and planning. Usually your blue team will focus on threat modeling when they’re at the design phase of a computer system or application. Security is a constant, everyday process. But designing a system to be more secure starts with effective threat modeling at the beginning. What’s a threat model? Threat models can take many, many different forms. The evolving cyber threat landscape and your imagination are the only limits. But here are a few examples of threat models, to give you an idea of what they can be. Executable malware can be file binded to email attachments, such as images or documents. If your employee opens a malicious email attachment, malware could execute on their client machine! The malware could be ransomware, spyware, or conduct other malicious actions. This is a very common cyber threat in workplaces. We can mitigate this threat by doing the following: Configure antivirus scanning in our email server. Email attachments must pass a scan in order to open. Configure antivirus software that automatically updates and scans our network’s client machines within their operating systems. Train employees to only open emails from senders they recognize and trust. Limit user permissions to restrict what malware can do if it’s executed on a client machine. Whatever you do, don’t give users administrative privileges! Our web application runs on a SQL server and it contains forms which allow for user input. But those web forms can be exploited to conduct SQL injection attacks. We can mitigate this threat by doing the following: Avoid dynamic SQL as much as possible. Design our web application with prepared statements, parameterized queries, and stored procedures instead. Limit the privileges we assign to accounts that connect to our SQL database. Those accounts shouldn’t have administrative privileges. This will restrict what SQL injection attacks could possibly do. Connect our web application to a WAF, a web application firewall. Carefully configure rules that can prevent the common sorts of malicious actions that a SQL injection attack can do. Write error messages carefully so they don’t divulge useful information about your database. |
| Envoyé | Oui |
| Condensat | avoid automatically design limit parameterized whatever write 100 able about accidentally according accounts accounts shouldn’t acronym actions actually administrative affect against airtight all allocation allow also always amount analysis antivirus anything apartment application applied are area assign attachment attachments attack attacked attacker attacks automatically away backup because been before beginning better binded blog blogger blue budget building business but called can carefully centric certainly certificate choose client clothes cloud common company’s complex computer computers concept concepts conditions conduct conducting configure connect connection constant contains could cover crawl cyber cybersecurity data database datacenter decomposition defending defensive defining denial design designed designing destroyed detection determine developed different disaster disasters disclosure divulge documents doing don’t doors duplicate duplicated during dynamic each effective effectively efforts elevators else email emails employee employees engage error escalation escape esoteric evacuate ever every everyday evolving example examples executable execute executed exit expensive exploited extreme far feel file filled fire fireproof firewall floods floor focus focuses following: forms from fumes function funds get getting give gloves ground guest hands hardening hardware harmful has have hear heat help here hits hosted how hurricanes idea images imagination impact impacted implements include including independent information inhaling injection injection injection attack input instead it’s job keep know landscape layers least library life likely limit limited limits lives location lot lots low machine machines malicious malware many may message messages methodologies methodology microsoft miles mind mitigate model modeling models more most much multiple must natural need needs network network’s networks newspaper not nothing nutshell objectives one ones only open opens operating order ordinary organization other outside over paint painting particular pass pasta people perfect permissions perspective pertinent phase phases physically planning possible possibly precious premises prepared pretty prevent prioritize prioritizing privilege privileges procedures process professional protect protected queries ransomware rapidly rather reasonably recognize reduction repudiation resistant resources restrict risk robust rules that runs same scan scanning scans scope secure securely security senders sends sense server service seven should simple smoke software some something sorts sound source specialists spoofing spray spyware sql sql stairwell stairwells stands starts statements stored storm stride such system systems table take talk tampering team terminology than that’s them they’re thinking thorough those thousand threat threats through tls train trike trust type types understand understanding understands unlikely unsafe updates use useful user users uses usually variety ventilation very vinyl vulnerabilities vulnerability waf want way wear weather web what what’s when which who whole will windows within won’t work workplaces written you’ll you’re your |
| Tags | Malware Vulnerability Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.