STRIDE Model
When you start preparing for CISSP exam you will find a lot of study materials. You need to remember many processes and Models. Today, I share with you STRIDE model.
STRIDE is a model for identifying computer security threats developed by Praerit Garg and Loren Kohnfelder at Microsoft. It provides a mnemonic for security threats in six categories.
The threats are:
1/Spoofing
2/Tampering
3/Repudiation
4/Information disclosure (privacy breach or data leak)
5/Denial of service
6/Elevation of privilege
1/Spoofing :
This threat is a violation of the authenticity
As it pertains to cybersecurity, is when someone or something pretends to be something else in an attempt to gain our confidence, get access to our systems, steal data, steal money, or spread malware. Spoofing attacks come in many forms, including:
Email spoofing
Website and/or URL spoofing
Caller ID spoofing
Text message spoofing
GPS spoofing
Man-in-the-middle attacks
Extension spoofing
IP spoofing
Facial spoofing
2/Tampring :
This threat is a violation of the Integrity.
An intentional but unauthorized act resulting in the modification of a system, components of systems, its intended behavior, or data.
3-Repudiation:
This threat is a violation of the Non-repudiability.
A repudiation attack happens when an application or system does not adopt controls to properly track and log users’ actions, thus permitting malicious manipulation or forging the identification of new actions. This attack can be used to change the authoring information of actions executed by a malicious user in order to log wrong data to log files. Its usage can be extended to general data manipulation in the name of others, in a similar manner as spoofing mail messages. If this attack takes place, the data stored on log files can be considered invalid or misleading.
This threat is a violation of the Confidentiality.
Sensitive Information Disclosure (also known as Sensitive Data Exposure) happens when an application does not adequately protect sensitive information that may wind up being disclosed to parties that are not supposed to have access to it.
Sensitive data can include application-related information, such as session tokens, file names, stack traces, or confidential information, such as passwords, credit card data, sensitive health data, private communications, intellectual property, metadata, the product’s source code, etc.
Tthis threat is a violation of the Availability.
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e. employees, members, or account holders) of the service or resource they expected.
There are two general methods of DoS attacks: flooding services or crashing services. Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Popular flood attacks include:
Buffer overflow attacks
ICMP flood
SYN flood
This threat is a violation of the Authorization.
A privilege escalation attack is a cyberattack designed to gain unauthorized privileged access into a system. Attackers exploit human behaviors, design flaws or oversights in operating systems or web applications. This is closely related to lateral movement — tactics by which a cyberattacker moves deeper into a network in search of high-value assets.
The result is an internal or external user with unauthorized system privileges. Depending on the extent of the breach, bad actors can do minor or major damage. This might be a simple unauthorized email or a ransomware attack on vast amounts of data. Left undetected, attacks can result in advanced persistent threats (APTs) to operating systems.