Sign In/My Account | View Cart  

advertisement

AddThis Social Bookmark Button

Threat Modelling

   Print.Print
Email.Email weblog link
Blog this.Blog this
Mitch Tulloch

Mitch Tulloch
Oct. 03, 2005 10:49 AM
Permalink

Atom feed for this author. RSS 1.0 feed for this author. RSS 2.0 feed for this author.

URL: http://www.windowsdevcenter.com/pub/a/windows/2005/09/13/security-myths.htm...

Yesterday we "planted" an artifical Christmas tree in a large ceramic pot on our front steps. I know it's a bit early to start thinking of Christmas, but hey Santa might be watching...

Anyway, as we were getting ready I started thinking about the threats our fake tree might face. Like someone coming along and pinching it. Or pinching only the top portion which plugs into the lower part. In other words, I was threat modelling i.e. evaluating the realistic risks our tree might face so we could decide how to mitigate these risks. Here's the approach we finally decided upon:

1. We filled a strong plastic bag with a bucked of soil and several bricks, inserted the bottom portion of the tree's trunk in this bag, and duct-taped the top of the bag around the trunk. Then we inserted the bag into the big ceramic pot and tightly wedged another half dozen bricks on top of the bag. This provided the tree with a sturdy base to help it stand up, but it also made the tree much heavier to reduce the likelihood that someone would pull the entire tree out of the pot to pinch it. The bricks wedged on top of the bag also meant it would take someone maybe a minute longer to steal the tree and thieves generally try to work as fast as possible, so this added another layer of defense.

2. We duct-taped the top portion's trunk to the bottom portion's trunk where they plugged into each other. This was designed to prevent someone from defacing our tree by pinching the top and leaving the remainder. Also, we used about a dozen short pieces of duct tape to do this rather than one long piece, making it more time-consuming to try to remove the tape.

3. Finally we put a string of Christmas lights on the tree and used a heavy staple to anchor one end of the string to the wood railing beside our door so no one could steal the lights.

Threat modelling is an important first step in protecting your network, systems and custom applications from attack. So why don't more administrators and developers follow this approach in securing their networks/systems/apps? Unfortunately the methodical thinking involved in threat modelling takes work, and work takes time and time is money. As a result network admins often fall back upon the "security tweaks" approach of trying to secure their network by implementing some lengthy security configuration guide (see the above link to my recent article on WindowsDevCenter for a discussion concerning the topic of security configuration guides).

But the only network protection steps that are truly effective are those that deter real threats and mitigate real risks, and threat modelling is the way to identify those threats and determine those risks.

Which leaves me with two questions to ask you readers:

1. Which books/sites/articles have you found useful for learning how to do threat modelling for network protection?

2. Should I plug in the string of lights for my Christmas tree? If I do, it makes our porch brighter and thieves love darkness. But if I do, it also makes our tree more visible especially at night when the bad guys are afoot.

Hmmm, damned if you do and damned if you don't...

Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.

Return to weblogs.oreilly.com.



Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express, and O'Reilly Media, Inc., disclaims any and all liabililty for that content, its accuracy, and opinions it may contain.

Creative Commons License This work is licensed under a Creative Commons License.



-->