Skip to content

Security

Information Security Aspects

  • Confidentiality
  • make sure that other people can't see stuff they shouldn't see.
  • Integrity
  • make sure that data is what it's supposed to be and hasn't been tampered with.
  • Availability
  • users can get the data
  • Authentication
  • make sure you know who is who. don't confuse someone for anyone else.
  • Non-repudiation
  • make sure you know who did what.
  • Authorization
  • make sure users can only do what they are supposed to be able to do.

Microsoft Security Practices

  1. Train employees

  2. people are huge attack surface. make sure they have appropriate training.

  3. Define Security Requirements

  4. evalute the combination of security aspects and business requirements to decide what your security requirements will be.

  5. Define Metrics & Compliance Reporting

  6. figure out how to define priorities.

  7. set up compliance rules around actions to take

  8. e.g. all critical bugs must be fixed in 8 hours.

  9. Perform Threat Modeling

  10. brainstorming security problems, triaging, and plans

  11. Microsoft follows their STRIDE process for this process.

  12. Establish Design Requirements

  13. how to deal with cryptography

  14. how to deal with authentication
  15. how to deal with authorization

  16. how to deal with logging

  17. Define and Use Cryptography Standards

  18. pick a standard that meets your needs. choosing a weak standard will be catastrophic.

  19. Manage the Security Risk of Using Third-Party Components

  20. third party components are another attack surface. checks for vulnerabilities and keep things up to date.

  21. Use Approved Tools

  22. unapproved tools are an attack surface

  23. Perform Static Analysis Security Testing (SAST)

  24. linting for security problems

  25. follow secure coding standards

  26. security code review

  27. Perform Dynamic Analysis Security Testing (DAST)

  28. fuzz testing

  29. Perform Penetration Testing

  30. have third party testers try to break the system.

  31. Establish a Standard Incident Response Process

  32. emergency response plan.

STRIDE

Microsoft's own threat modeling process reviews several different threats.

(S)poofing, (T)ampering, (R)epudiation, (I)nformation Disclosure, (D)enial of Service, (E)levation of Privilege

  • Spoofing: trying to impersonate someone else. (attack on authentication)
  • Tampering: trying to change data (attack on integrity)
  • Repudiation: trying to deny that you did something (attack on non-repudiation)
  • Information Disclosure: trying to get information you shouldn't have (attack on confidentiality)
  • Denial of Service: trying to make a service unavailable (attack on availability)
  • Elevation of Privilege: trying to get access to something you shouldn't have (attack on authorization)

STRIDE threat modeling uses a five step process to discover threats,

  1. Identify Security Objectives
  2. brainstorm what you must protect, what you must comply with, what you must follow.
  3. can think in lense of STRIDE, or in terms of the security aspects and how aspects of your application may be vulnerable to attacks from them.
  4. Create data flow diagram
  5. consider how data moves through your system
  6. model as a flowchart
  7. to be used as a tool to find possible threat vectors
  8. Identify threats
  9. make a list of threats
  10. Annotate threats
  11. organize threats with STRIDE category and mitigation strategy per threat.
  12. Rate threats
  13. determine how to rank what you should work on
  14. could use high, medium, low
  15. could use DREAD

DREAD

A rating system for 5 different aspects of a threat and a value of high, medium, or low.

  • Damage potential
  • how bad will it be?
  • Reproducibility
  • will it happen every time you do it?
  • Exploitability
  • how easy is it to do?
  • Affected users
  • how many people will be affected?
  • Discoverability
  • how well known is it?

Secure Design Principle

  • Minimize Attack Surface
  • anything that an attacker can interface with
  • Establish secure defaults
  • ensure that defaults are provided and are a secure choice
  • Least Privilege
  • users should only have the minimum privileges necessary to do their job
  • Defense in Depth
  • provide multiple layers of security
  • Fail Securely
  • on failure, don't reveal anything more than necessary. give as little as possible.
  • Separation of Duties
  • use roles to split up user groups for different types of authorizations
  • Avoid Security by Obscurity
  • just hiding something won't stop someone from finding it.
  • Keep Security Simple
  • a complicated security architecture is easy to introduce bugs into
  • Fix root causes
  • research and fix issues at the root to ensure a proper fix