WEBVTT

00:00.000 --> 00:02.370
>> Hi everybody.

00:02.370 --> 00:04.095
In addition to the STRIDE Model,

00:04.095 --> 00:07.640
we can also look at creating
use and misuse cases.

00:07.640 --> 00:09.540
In this case, we start with

00:09.540 --> 00:11.340
the user who is
ultimately going to

00:11.340 --> 00:15.090
try to access an application
server. That's their goal.

00:15.090 --> 00:17.100
The very first step
is that they're going

00:17.100 --> 00:19.190
to enter their
username and password.

00:19.190 --> 00:22.850
Of course, that password
serves as authentication.

00:22.850 --> 00:26.210
With that first step, what
are the threats here?

00:26.210 --> 00:28.490
Well, a big threat
is that there is

00:28.490 --> 00:30.875
a brute force
authentication attempt.

00:30.875 --> 00:33.950
A brute force attack is where
a hacker could try using

00:33.950 --> 00:35.990
every character
combination possible

00:35.990 --> 00:38.165
to guess the username
and password.

00:38.165 --> 00:39.920
Or the attacker could just

00:39.920 --> 00:41.525
guess the username and password

00:41.525 --> 00:43.340
based on what the
hacker already knows

00:43.340 --> 00:45.320
about usernames at
the organization,

00:45.320 --> 00:47.545
in common passwords people use.

00:47.545 --> 00:50.975
Finally, the hacker could
try dictionary attacks.

00:50.975 --> 00:52.910
Dictionary attacks involve using

00:52.910 --> 00:55.805
a text file with many
gigabytes of possible entries,

00:55.805 --> 00:58.595
including those that
contain special characters.

00:58.595 --> 01:00.230
Dictionary attacks have become

01:00.230 --> 01:01.670
much more sophisticated over

01:01.670 --> 01:03.665
the years since so many users

01:03.665 --> 01:06.930
include special characters
in their passwords now.

01:07.120 --> 01:10.175
How do we mitigate
against these threats?

01:10.175 --> 01:12.170
One way we do this is to show

01:12.170 --> 01:13.670
a generic error message when

01:13.670 --> 01:15.485
the hacker gets the
password wrong.

01:15.485 --> 01:17.690
We don't provide a
specific error message

01:17.690 --> 01:19.840
about what was wrong
in the failed attempt.

01:19.840 --> 01:21.780
Another thing we can do is lock

01:21.780 --> 01:24.620
an account after a certain
number of failed attempts.

01:24.620 --> 01:27.320
That will prevent an
automated program from being

01:27.320 --> 01:30.260
able to keep running and
trying different combinations.

01:30.260 --> 01:32.150
Another way to mitigate against

01:32.150 --> 01:34.520
these threats is
to require users

01:34.520 --> 01:35.660
to have passwords that have

01:35.660 --> 01:38.930
a minimum length and a
certain amount of complexity.

01:38.930 --> 01:42.065
Complexity does not
always equal security.

01:42.065 --> 01:44.450
These days, we recommend
that users create

01:44.450 --> 01:48.085
longer passwords rather
than more complex ones.

01:48.085 --> 01:50.570
This gives you an
idea of how use,

01:50.570 --> 01:52.340
misuse case works and how it

01:52.340 --> 01:54.019
>> is used for threat modeling.

01:54.019 --> 01:56.510
>> You could take this same
model to look at the case

01:56.510 --> 01:59.000
of an individual trying
to access a file.

01:59.000 --> 02:00.560
You would consider
the threats and

02:00.560 --> 02:02.855
vulnerabilities and how
they could be exploited.

02:02.855 --> 02:06.335
Then you would consider
the mitigation strategies.

02:06.335 --> 02:08.705
Another way to do
threat modeling,

02:08.705 --> 02:11.940
which is not shown on this
slide is risk scenarios.

02:11.940 --> 02:14.375
This is where you simply
list your assets,

02:14.375 --> 02:15.680
then list all the things that

02:15.680 --> 02:17.065
could threaten those assets.

02:17.065 --> 02:19.290
Then you could list
the vulnerabilities.

02:19.290 --> 02:21.260
Many play the what-if game to

02:21.260 --> 02:23.945
consider the scenarios that
could threaten your assets.

02:23.945 --> 02:26.390
The most important thing
is to consistently

02:26.390 --> 02:27.920
document your risks so you

02:27.920 --> 02:30.470
can figure out how
to mitigate them.

02:30.820 --> 02:33.740
To wrap up risk identification,

02:33.740 --> 02:36.530
we started off by talking
about risk management and

02:36.530 --> 02:38.060
reducing residual risk to

02:38.060 --> 02:40.925
a level acceptable to
senior management.

02:40.925 --> 02:42.920
Then we talked about looking at

02:42.920 --> 02:44.930
our assets as well
as the threats and

02:44.930 --> 02:46.490
vulnerabilities and
where those come

02:46.490 --> 02:48.770
together. That is our risk.

02:48.770 --> 02:50.840
The tool we talked
about for identifying

02:50.840 --> 02:53.305
risk is to use threat modeling.

02:53.305 --> 02:55.260
For this, we can use

02:55.260 --> 02:58.670
the STRIDE Model or
the use misuse cases,

02:58.670 --> 03:01.040
or it can be risk scenarios.

03:01.040 --> 03:02.630
The most important thing to

03:02.630 --> 03:04.430
remember is that with
risk management,

03:04.430 --> 03:07.980
you have to start with the
risk identification first.