1
00:00:00,410 --> 00:00:02,030
Threat modeling.

2
00:00:02,150 --> 00:00:08,660
This is a structured approach toward network security that assesses the potential threat landscape concerning

3
00:00:08,660 --> 00:00:10,730
the point of view of an attacker.

4
00:00:11,060 --> 00:00:17,420
This takes into consideration the attacker's motives, threat profile, their capability and skill.

5
00:00:17,450 --> 00:00:24,650
Key assets of interest and the most likely attack vector to be used among other attributes to understand

6
00:00:24,650 --> 00:00:30,140
which threats are most likely to materialize and how they will unfold in the environment.

7
00:00:30,350 --> 00:00:37,190
The idea behind this is to understand the environment better by reviewing all the components and processes.

8
00:00:37,900 --> 00:00:43,480
Today, Most threat modeling methodologies focus on one of the following approaches.

9
00:00:43,600 --> 00:00:45,070
Asset centric.

10
00:00:45,100 --> 00:00:48,700
Attacker centric and software centric.

11
00:00:49,090 --> 00:00:54,040
The following diagram shows what risk inherently means.

12
00:00:54,250 --> 00:01:02,380
Risk is when we have an asset that is vulnerable to a certain flaw or loophole and we have a threat

13
00:01:02,380 --> 00:01:05,440
vector that can exploit the vulnerability.

14
00:01:06,410 --> 00:01:14,300
Ultimately, this impacts the asset and confidentiality, integrity and availability.

15
00:01:15,050 --> 00:01:16,250
In this diagram.

16
00:01:16,280 --> 00:01:23,180
A is asset, P is threat, V is vulnerability, and R is risk.

17
00:01:23,840 --> 00:01:27,500
There's a steps to explain the threat modeling process.

18
00:01:27,770 --> 00:01:35,510
First, the scope of the analysis is defined and each component of the application and its infrastructure

19
00:01:35,510 --> 00:01:37,100
is documented.

20
00:01:37,130 --> 00:01:44,240
Second, this is followed by developing a data flow diagram that shows how each of these components

21
00:01:44,240 --> 00:01:45,290
interacts.

22
00:01:45,620 --> 00:01:48,940
This helps us assess the control mechanism.

23
00:01:48,950 --> 00:01:52,250
Privileges are verified for the data movement.

24
00:01:53,200 --> 00:02:00,730
Third, then potential threats are mapped to these components and they risk impact is quantified.

25
00:02:01,670 --> 00:02:02,300
Fourth.

26
00:02:02,300 --> 00:02:09,170
And finally, various security mitigation steps are evaluated that might already be in place to mitigate

27
00:02:09,170 --> 00:02:10,340
such threats.

28
00:02:10,550 --> 00:02:15,800
Here we document the requirements for additional security controls, if applicable.

29
00:02:16,280 --> 00:02:21,560
On the flip side, an attacker might conduct an exercise similar to the following threat modeling.

30
00:02:22,180 --> 00:02:29,770
They will start by evaluating all possible entry points into the network application or infrastructure.

31
00:02:31,860 --> 00:02:38,670
Second, the next step will be focus on the dataset or assets that will be accessible to them via these

32
00:02:38,700 --> 00:02:44,160
access points, and then evaluate the value or possibility of using these as a pivot point.

33
00:02:45,350 --> 00:02:47,180
Third post this.

34
00:02:47,180 --> 00:02:51,080
The attacker crafts the exploit and executes it.

35
00:02:52,060 --> 00:02:58,030
Now that we have a basic understanding of the threats that we may face, it's important to have standardized

36
00:02:58,030 --> 00:03:04,390
frameworks that can be referred by the professionals to assess the nature of these threats and the impact

37
00:03:04,390 --> 00:03:05,440
they may have.

38
00:03:06,170 --> 00:03:08,270
Assessing the nature of threats.

39
00:03:08,270 --> 00:03:15,650
You as a security professional can use various industrialized risk frameworks and methodologies to assess

40
00:03:15,650 --> 00:03:18,020
and quantify the nature of threats.

41
00:03:18,320 --> 00:03:22,400
Some of the prominent ones will be discussed in next lectures.

42
00:03:23,490 --> 00:03:24,420
Stride.

43
00:03:24,780 --> 00:03:30,150
Stride is a security framework that classifies security threats into six categories.

44
00:03:30,970 --> 00:03:33,370
Spoofing of user identity.

45
00:03:35,070 --> 00:03:36,090
Hampering.

46
00:03:37,440 --> 00:03:38,700
Repudiation.

47
00:03:39,820 --> 00:03:43,720
Information, disclosure, denial of service.

48
00:03:44,290 --> 00:03:45,910
Elevation of privilege.

49
00:03:46,530 --> 00:03:55,080
This was developed by Microsoft to verify security concepts such as authenticity, integrity, known

50
00:03:55,080 --> 00:04:01,050
repeatability, confidentiality, availability and authorization.

51
00:04:02,530 --> 00:04:03,310
Pasta.

52
00:04:04,630 --> 00:04:08,290
Process for attack, simulation and threat analysis.

53
00:04:08,320 --> 00:04:09,100
Pasta.

54
00:04:10,490 --> 00:04:16,160
Pasta is a risk centric approach focused on identifying potential threat patterns.

55
00:04:16,310 --> 00:04:22,280
This is integrated application threat analysis that focuses on an attacker centric view that security

56
00:04:22,280 --> 00:04:27,020
analysts can leverage to develop an asset centric defense strategy.

57
00:04:27,380 --> 00:04:31,310
It has seven stages that build up to the impact of a threat.

58
00:04:31,890 --> 00:04:37,500
These stages are definition of the objectives for the treatment of risks.

59
00:04:38,470 --> 00:04:40,580
Definition of technical scope.

60
00:04:41,980 --> 00:04:44,770
Application, decomposition and assertion.

61
00:04:46,330 --> 00:04:47,830
Tread analysis.

62
00:04:48,370 --> 00:04:51,520
Weakness and vulnerability analysis.

63
00:04:52,440 --> 00:04:55,020
Attack modeling and simulation.

64
00:04:56,020 --> 00:04:58,420
Risk analysis and management.

65
00:04:59,210 --> 00:05:05,510
Next, we will take a look at the trick framework and see how it's used for security auditing for risk

66
00:05:05,510 --> 00:05:06,380
management.

67
00:05:06,830 --> 00:05:13,220
Trick is a framework for security auditing from a risk management outlook perspective.

68
00:05:13,250 --> 00:05:18,950
The process starts with defining the requirement model that a threat models are based on.

69
00:05:19,100 --> 00:05:26,060
The requirement model outlines the acceptable level of risk which is associated with each asset class.

70
00:05:26,270 --> 00:05:33,320
The matrix is further broken down into actions such as creating, reading, updating and deleting along

71
00:05:33,320 --> 00:05:38,120
with associated privileges such as load restricted and conditional.

72
00:05:38,330 --> 00:05:44,240
By following this, possible threats are specified mapped alongside the risk value, which is based

73
00:05:44,240 --> 00:05:48,320
on a five point scale for each action based on its probability.

74
00:05:49,650 --> 00:05:53,580
Vast visual, agile and simple threat modeling.

75
00:05:53,580 --> 00:06:00,000
Vast is an agile software development methodology with a focus on scaling the process across infrastructure

76
00:06:00,000 --> 00:06:01,530
and SDLC.

77
00:06:01,860 --> 00:06:08,190
Vast aims to provide actionable outputs for various stakeholders, and the scalability and usability

78
00:06:08,190 --> 00:06:12,060
is of key factor for its adaptability in larger organizations.

79
00:06:12,270 --> 00:06:15,510
This diagram illustrates a vast model.

80
00:06:16,350 --> 00:06:18,880
Vast utilizes two threat models.

81
00:06:18,900 --> 00:06:22,110
The application threat model and operational threat model.

82
00:06:22,260 --> 00:06:27,480
The application threat model uses process flow diagrams to represent the architectural viewpoint.

83
00:06:27,480 --> 00:06:33,870
Whereas the operational threat model uses data flow diagrams to represent the attackers viewpoint.

84
00:06:34,690 --> 00:06:35,420
Octave.

85
00:06:36,140 --> 00:06:41,120
Operationally critical threat asset and vulnerability evaluation.

86
00:06:41,150 --> 00:06:48,410
Octave is a security framework that utilizes for assessing risk levels and planning countermeasures

87
00:06:48,410 --> 00:06:49,400
against them.

88
00:06:49,970 --> 00:06:55,910
The focus is to reduce risk exposure to potential threats and determine the likelihood of an attack

89
00:06:55,910 --> 00:06:57,470
and its impact.

90
00:06:58,060 --> 00:07:07,900
It has three broad stages, and these are building acid based threat profiles, classification of infrastructure

91
00:07:07,900 --> 00:07:16,240
vulnerabilities, creation of an overall security strategy and activity plan for the success of exercises.

92
00:07:16,540 --> 00:07:24,220
It has two known format Octave S, which is simplified format suitable for smaller organizations and

93
00:07:24,250 --> 00:07:30,820
octave Allegro, which is a more comprehensive format suitable for large organizations.

94
00:07:32,320 --> 00:07:37,300
In this section we have take a look at the foundational network security concepts and components that

95
00:07:37,300 --> 00:07:41,260
form the strong base that's required for a secure network implementation.

96
00:07:41,290 --> 00:07:48,190
After this, we took a step by step dive into various phase of building network security, which are

97
00:07:48,190 --> 00:07:53,200
planning and analysis, designing, building, testing and deployment.

98
00:07:53,230 --> 00:08:00,040
In the second half of this section, we have looked at an optional noisy setup and its various attributes

99
00:08:00,040 --> 00:08:04,180
such as incident management, monitoring, escalation and reporting.

100
00:08:04,210 --> 00:08:10,080
Lastly, we dug into network security assessments and discussed threat modeling.

101
00:08:10,090 --> 00:08:16,120
By completing this section, you now understand that network security is a vast domain that requires

102
00:08:16,150 --> 00:08:17,680
a bottom up approach.

103
00:08:17,680 --> 00:08:22,450
If you wish to fully understand the minute mechanisms that make it tick.

104
00:08:22,750 --> 00:08:29,290
As a security professional, you must have a good exposure to the fundamentals of network and the models

105
00:08:29,290 --> 00:08:31,660
and frameworks explained in this section.

106
00:08:31,660 --> 00:08:38,450
While at the same time be able to identify remediate deep seated technical issues.

107
00:08:38,540 --> 00:08:45,260
I highly recommend doing a foundational assessment of the network configuration and reviewing policies

108
00:08:45,260 --> 00:08:50,480
and procedures in place in order to incorporate security from the inside out.