According to Schoenfield, Stewart & Ransome (2015), information system threats are a major problem facing IT systems globally because of the growth in the use and development of computer networks aimed towards supporting information systems. Information systems are finding use in industries that require to keep their data confidential and away from unauthorized access such as banks, production companies, manufacturers, databases with private information, hospitals, government systems just to mention a few. It is therefore critical to identify threats that may face a system and adopt mitigation strategies aimed towards reducing the impact of such threats when they occur or eliminating them (Schoenfield, Stewart & Ransome, 2015).
In order to achieve this, two importance concepts are required. The first is threat modelling, which involves developing threat models for systems being developed or systems that are already in use. The model finds use in analyzing the impact of the modelled on networks and information systems, as well as, determining the most effective method of addressing the threat. The second method involves conducting a vulnerability assessment on a network. This involves carrying out an assessment of the security measures adopted in order to protect a network or information system from external attacks and unauthorized access. This report will examine the practice of modelling and determining threats on networks as well as the procedure needed to conduct a vulnerability assessment on a network.
Threat Modelling:
Threat modelling is an effective tool for threat identification in computer systems and network (Shostack, 2014). This method of threat identification and mitigation involves the use of models aimed at finding specific security issues that face computer systems. Threat modelling is important in system and network development especially in the design stage. During this stage, using threat-modeling developers can identify security issues, possible threats facing the system easily, and quickly (Buragga & Zaman, 2013). Using results from the model developed, developers can adopt the correct threat elimination strategies aimed at eliminating all possible security issues. Threat modelling is advantageous since it leads to systems with reduced errors and increased security as well as threat mitigation (Shostack, 2014).
System requirements analysis:
It is critical to note that threat modelling is a continuous process that is composed of a number of steps. The first step in threat modeling involves determining the type of system being developed. This includes identifying the function of the system, the users, data flows, and assets in the system. The identification of system assets is also essential since it provides the developer with information on what needs protection in the system (Gibson, 2014). This is critical since it provides the developer with sufficient information with regard to the system needs, users, data flow, and processes completed by the system. This step also involves identifying the rules and regulations that control users and other system components (Shostack, 2014).
System modelling:
System modelling involves developing a system architecture diagram for the system or network under development (Microsoft, 2016). This can be done by developing diagrammatic models that define the system, users, and all other components that are part of the system. The system architecture will provide information on the interaction of the different system and network components. The system architecture diagram may also include information on data flow through the system. Lastly, the architecture diagram should identify all the system boundaries as well as trust boundaries within the system. A system architecture diagram is shown for a web-based system in figure 2. The architecture diagram depicts a remote network that access a web-based system hosted online on Linux Servers. The diagram clearly shows the different trust boundaries within the network. The main importance of the diagram is that it provides the developer or threat assessor a visual representation of the system, which allows for quick analysis of the main problem areas with regard to threats.
Figure 2: Network architecture diagram for a web-based Linux system
System model decomposition:
System model decomposition involves analyzing the system diagram modelled in the previous stage in order to help in determining any vulnerabilities that may face the system or network. In order to decompose the system, all functional elements of the system need identification and isolation (Microsoft, 2016). The system trust boundaries are also analyzed since it is important to understand the different system components that should be trusted with information. Lastly, the system entry points also require identification since they provide information on the different points that can be used by attackers to gain access to the system or network (Microsoft, 2016). This implies that system model decomposition assists with the identification of threat prone areas in the system.
For example, after decomposing the architecture diagram above (Figure 1) it is evident that the main areas where external threats to the network might occur are outside the two trust boundaries. This implies that majority of the threats facing the system may emanate from the internet cloud. Such threats may include denial of service attacks, phishing, spoofing, tapping, and hacking just to mention a few (Buragga & Zaman, 2013). Therefore, from the model above it is critical to protect the internal network and system by adopting the appropriate threat mitigation methods such as installing firewalls, and intrusion detection systems just to mention a few. Using information from the system decomposition stage a security profile can be developed for the system or network being modelled. This will contain all the security measures needed within the system and their effectiveness. These may include validation of user input validation, system auditing and logs, network, system monitoring, and user password authentication just to mention a few.
Threat identification:
For the threat identification stage, the analyst examines the things that can go wrong within the system or network. These are the threats facing the system’s assets. As mentioned earlier, in the system above the external threats identified may include denial of service attacks, phishing, spoofing, tapping, and hacking just to mention a few. Furthermore, the network is also susceptible to internal attacks from within the network users.
Therefore, from the model above it is critical to protect the internal network and system by adopting the appropriate threat mitigation methods such as installing firewalls, and intrusion detection systems just to mention a few. During this stage, the system is analyzed in depth with the aim of determining whether it is secure from a list of both external and internal threats. The developer can achieve this by going over the system and determining its level of security based on a predetermined list of security threats that face information systems and networks. A system analyst or developer can develop flow charts depicting the attack pattern of a particular threat and use dry runs on the system architecture in order to determine its security level.
Recording, rating, and mitigation of system threats:
Once the threat identification is complete, the next stage is recording and rating the system threats tested. A table can be used in recording and rating the threats tested on the system. Based on the system’s effectiveness in dealing with a possible threat a risk rating of High, Medium and Low will be provided to all threats. Additionally, the developer or analyst provides the impacts of the threats tested with a rating between High, Medium, and Low. The table will also include the mitigation methods to be adopted in order to reduce the impact of the threat on the system and network. The mitigation steps need adoption in case the threats occur and aim towards protecting the system’s assets. A sample threat register for the system architecture in fire 1 above is as shown below.
Vulnerability assessment on a network:
Network security is a major issue in many industries that rely on information technology and networking. Network vulnerability assessment is an effective method through which such organizations can determine the security of their network. This is achievable through the scanning of desired network assets and locations in order to determine whether they are secure. It is important to note that regular scheduled vulnerability assessment is critical in ensuring network security since weaknesses identification and rectification is regular. Carrying out a vulnerability assessment on a network consists of three main steps. These main stages are planning, implementation, and reporting.
Network vulnerability assessment planning:
The planning stage comes first when carrying out a vulnerability assessment on a network. During planning, the network is analyzed in order to provide an in-depth understanding of its layout and data flows According to Alien Vault (2016) this is the most important stage of the vulnerability assessment. An in-depth understanding of the entire network is achievable by carrying out a network analysis where network needs, users, locations, devices, servers, systems and other interacting components are identified. This is critical as it provides information on all the all network assets requiring assessment. The network analysis is also important since based on the results an analyst is in a position to determine the network sections that need an assessment. Once the network analysis is complete, the analyst then decides on the network locations that will be included in the vulnerability assessment.
The analyst also determines the IP addresses and network devices that will be scanned during the vulnerability scan. This locations, devices, and IP addresses should be listed in a table. Once listed, it is important to prioritize the scan. This involves determining the order in which all location, devices, and addresses will be scanned. Based on the network locations, devices and addresses that require scanning the analyst needs to determine the correct tools for use in scanning the network for vulnerabilities. There are a number of free and paid network vulnerability assessment-tools available online. Some of the free tools include OpenVAS, Retina CS, Microsoft Baseline Security Analyzer, Nexpose Community, and SecureCheq just to mention a few (Geier, 2014). Some of the paid tools include Wireshark, Nmap, Nessus, Snort, Nexpose, and GFI LanGuard (SecTools.Org, 2016). Once the correct tool is identified one can download or purchase the free and paid tools respectively. The last step in the planning process involves scheduling the scan by setting the date and time for the scan.
Actual Scanning:
After planning, the network analysts implements the vulnerability scan plan. In order to carry out the actual scan, a network analyst needs to configure the tool selected for the vulnerability scan. This will be done based on the location, addresses, and devices identified for scanning. Different tools require different configurations in order to achieve specific scan objectives. Once the tool is configured all the network IP address, devices, and locations identified are scanned. All the vulnerabilities discovered during the scan are listed.
Reporting
The last stage of the vulnerability scan is reporting. This mainly involves producing a high-level report showing the results of the scan carried out. The report is based on the vulnerabilities discovered in the implementation stage. This stage involves developing a vulnerabilities table identifying all vulnerabilities, providing a risk rating for each vulnerability, providing an impact rating, and identifies all the mitigation methods needed. Lastly, the report should provide recommendation based on the vulnerabilities determined during the system scan. The recommendations mainly detail the steps that need following in order to eliminate the network vulnerabilities identified during the scan. The table below shows a sample table listing network vulnerabilities identified during scanning, their risk rating, impact rating, and recommendations.
Conclusion:
In conclusion, the two methods discussed above (threats modelling and network vulnerability scanning) are effective methods of improving system and network security. Both are conducted using a number of steps aimed towards identifying system weakness as well as susceptibility to threats. As mentioned earlier, information systems are finding use in industries that require to keep their data confidential and away from unauthorized access such as banks, production companies, manufacturers, databases with private information, hospitals, government systems just to mention a few. Therefore, methods such as threats modelling and vulnerability assessment are important in identify threats that may face a system or network. These security analysis tools also provide recommendations including mitigation strategies aimed towards reducing the impact of such threats when they occur or eliminating them from the system or network.
References:
Microsoft (2016) Threat modeling. Retrieved 3/18/2015 https://msdn.microsoft.com/en-us/library/ff648644.aspx
Shostack, A. (2014). Threat modeling: Designing for security. Indianapolis: Wiley
Schoenfield, B. S. E., Stewart, J. N., & Ransome, J. F. (2015). Securing systems: Applied security architecture and threat models. Boca Raton : CRC Press
Buragga, K. A., & Zaman, N. (2013). Software development techniques for constructive information systems design. Hershey: Information Science Reference
Gibson, D. (2014). Managing risk in information systems. Boston: Jones & Bartlett Publishers.
Alien Vault (2016) Vulnerability Assessment Software Retrieved 3/18/2015 https://www.alienvault.com/solutions/vulnerability-assessment-remediation
Geier, E. (2014) These tools help automate the detection and remediation of vulnerabilities
Retrieved 3/18/2015 from http://www.networkworld.com/article/2176429/security/security-6-free-network-vulnerability-scanners.html
SecTools.Org (2016) Top 125 Network Security Tools Retrieved 3/18/2015 from http://sectools.org/tag/costs/