Project 1 - Threat Modeling using stride

evenno
ThreatModelingwithSTRIDE1.docx

Running head: THREAT MODELING WITH STRIDE 1

THREAT MODELING WITH STRIDE 6

Threat Modeling with STRIDE

Student’s Name

Institution Affiliation

Attacker Viewpoint

The most likely perpetrators who would nefariously attack a healthcare service organization would be hackers looking to make easy money (Ridinger G, John R, McBride M, & Scurich N, 2016). The best target in this case would have to be information in the HNetExchange, personally identifiable information at that. This includes names, a person’s addresses (both email and physical), their medical history and details of their credit cards. This information can be to target specific individuals or hold the institution at ransom. The hacker would encrypt the files in the organization’s HNetConnect database, then probably demand a ransom or they could take the information to sell it in the black market. For an institution making five hundred million dollars, that can be quite the bedrock for cyber-attacks even from people working in the company. This can be through the elevation of privilege in order to access HNetPay, hijacking the transfer of monies which could result in the colossal financial losses.

Asset Viewpoint

The company assets include:

The HNetConnect – This is the medium used by the organization to link up patients and doctors as per the patients’ needs. It helps make it easier for the clients to find the necessary medical attention easily and fast enough. The database uses HTTPS connections, meaning it requires the internet to run and any disconnection would definitely paralyze operations. This already creates a loophole for any technology savvy individual with the motive to shut down operations, and most probably demand ransom.

The HNetExchange – It is the cash cow of the firm. Its main function is servicing personal details belonging to other health centers, their clienteles and all information required in the healthcare setup, making it a hub of raw data belonging to anybody with a medical record. Another attribute of the feature is that information is transmitted over the web and thus making it susceptible to privy hackers. The attacker could exploit the loophole of having all this information at the same place, by attempting information disclosure or elevation of privilege.

The HNetPay – Clients, to make payments, use this secure portal for services rendered or otherwise. This includes running by credit cards through a third party organization. There is also a good feature in which there are different operating systems between the portal and the server acting as the database for info. This, however, can only prevent so much, with an attack on the third party element of the system being able to slow things down.

STRIDE

Spoofing – This common cyber-attack method entails sending a false IP address while falsifying their credentials in an attempt to gain entry or access, say, medical records (Gunther C, 2014). The thing with sending a lot of false IP addresses leads to overloading of servers since it will not be able to handle those many requests. This overloading makes it easier to bypass authentication granting unwarranted access.

Tampering – In today’s modern age, we have cross site scripting vulnerability for which a hacker introduces false info in websites, in this case, records on the side of the client. This malicious act happens even on the other end, a false code from a benign website giving fake information to unsuspecting users, ruining the reputation of the legitimate site.

Repudiation – Considering the doctors and other personnel update their information peersnally may create an avenue for repudiation. This may be through an external source being able to log in and perform user actions such as manipulating existing data or manipulating existing data.

Information Disclosure – This would target any section of the company harboring data. Patients always assume that whatever they share with their health officers is strictly in confidence and not privy to the public. All the aforementioned services are hotbeds of information and is a target for financial gain, destroying reputations or even as a means of ending a company completely. The aftermath would be devastating, with most patients losing the assurance of quality and safety health is supposed to reassure.

Denial of Service – This vulnerability works almost the same as that of spoofing, with the causality being the same. By overloading the server of a targeted system with traffic from multiple resource bandwidth, it ends up not being able to load requests of entry and thus not allowing anyone access (Denial of Service Attacks). This affects services that require bandwidth mostly, in this case the HNetPay and HNetConnect. Unavailability of the two would grind services to a halt.

Elevation of Privilege – If an unauthorized user accessed the patient database, for instance, in the name of Administrator would give them unlimited access to some of the most secretive clientele info. Considering the powers of the Admin, it would be easy to even edit records for all parties that have data stored on the penetrated server and thus compromising the whole system.

Risk Mitigation Plan

Asset

Threat

Impact

Recommended Security Control

Responsible Role

HNetExchange

Tampering

Modifying legit data into fake info

Setting up firewalls and better authorization programs for restricting access.

System Admin

Information disclosure

Public access to patient personal identification information reduces quality reassurances.

Reducing automation within systems. More scrutiny of activities.

Security officer

Elevation of Privilege

Admittance of personnel with malicious aims into the system.

Making applications run with the smallest privilege, reducing overruns.

System Admin

HNetPay

Information disclosure

Grants access to unauthorized personnel on patient credit card details.

Reducing automation within systems. More scrutiny of activities.

Database Admin

Spoofing

Crippling servers handling transfer of payment funds.

Filtering of packets transmitted within the network to avoid the overloading mess.

System Admin

HNetConnect

Denial of service

Breaking down of internet services necessary for doctors and patients to log in.

Introducing ISPs which usually detect and prevent DoS packets from getting to the bandwidth.

Database Admin

Repudiation

Manipulation of data within the system

Inserting authentication to ensure assurance and integrity

Security officer

References Denial of Service Attacks. (n.d.). Practical Internet Security, 277-279. Gunther C. (2014). A Survey of Spoofing and Counter-Measures. Navigation, 159-177. Ridinger G, John R, McBride M, & Scurich N. (2016). Attacker Deterrence and Perceived Risk in a Stalkelberg. Risk Analysis, 1666-1681.