Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threat Modeling in the garden of Eden Mano ‘dash4rk’ Paul HackFormers.

Published byJulia Marilyn Fitzgerald Modified over 8 years ago

Similar presentations

Presentation on theme: "Threat Modeling in the garden of Eden Mano ‘dash4rk’ Paul HackFormers."— Presentation transcript:

1 Threat Modeling in the garden of Eden Mano ‘dash4rk’ Paul HackFormers

2 ABC’s about me Author – Official (ISC) 2 Guide to the CSSLP Advisor – (ISC) 2 Software Assurance Advisor Biologist (Shark) Christian CEO, SecuRisk Solutions & Express Certifications

3 Agenda Teach Security: Threat Modeling Teach Christ: In the garden of Eden Discussion

4 Teach Security Threat Modeling

5 Process/Activity – Systematic to determine applicable threats – Iterative to ensure threats are addressed A must-have for companies today – Cannot ignore

6 Why Threat Model? To manage Risk! Risk of what? Disclosure/Alteration/Destruction Risk to what? Assets Why? Threats agents and Vulnerabilities So what do we do? Threat Model  Identify threats & vulnerabilities Then what? Manage risk  apply controls Model threats  Apply controls  Reduce risk

7 ABC of Threat Modeling Step 1: Identify Assets Step 2: Identify Boundaries (Entry/Exit/Flows) Step 3: Identify Controls – But first we need to identify applicable Threats

8 Assets (anything of value) – Financial – Personal – Sensitive – Intellectual property Step 1: Identify Assets

9 Step 2: Identify Boundaries InternalDMZ External

10 Step 3: Identify Controls Oh but first, we need to identify Threats Threat Identification – Attack Trees – Threat Framework

11 STRIDE Threat Framework Spoofing Tampering Repudiation Info. Disclosure Denial of Service Elevation of Privilege Masquerading Alteration Denying Data Loss/Leakage Downtime Admin (root)

12 Identify Controls ThreatControls Secure generation/transmission/storage of credentials (passwords); SSL; Multifactor Authentication Hashing; Digital signatures; Secure Communications; Input validation Digital signatures; Secure audit trails (logging) Cryptographically protection (Encryption/Hashing …); User awareness against Phishing Input validation and filtration; Resource and bandwidth throttling; Load balancing; Disaster Recovery Least privilege (Need to know); Compartmentalization Appropriate INCORPORATION of Controls reduces Risk Spoofing Tampering Info. Disclosure Denial of Service Elevation of Privilege Repudiation

13 Teach Christ In the garden of Eden

14 What is man that thou (God) art mindful of him? – Psalm 8:4 Man - God’s most precious asset – “For you are fearfully and wonderfully made” (Psalm 139:14) – “Created in the image of God” (Genesis 1:27) Man – God’s most prime asset – Dominion was given to man over all the fish, fowl and all living things that moved upon the earth (Genesis 1:28) – Apex of God’s creation; not Ex-Ape of Evolution The Asset

15 The Boundaries Garden of Eden External

16 The threats In the Garden Spoofing Tampering Repudiation Info. Disclosure Denial of Service Elevation of Privilege Prelude to the Garden encounter: Lucifer (the devil) tried to elevate himself above God and was thrown out (Ezekiel 28) Access to the tree of life was denied after man disobeyed (Genesis 3:22-24). The fruit which was bad for the soul (spirit) was pleasing to the eye (flesh) (Genesis 3:6) Adam said (denied): It wasn’t me, but Eve; Eve said (denied): It wasn’t me, but the serpent (Genesis 3:12,13) Devil said: Yea, Hath God said - phishing for information (Genesis 3:1) God said: You shall not eat of the tree of knowledge … (Genesis 2:17) Devil asked: … you shall not eat of any tree? (Genesis 3:1)

17 The Impact Garden of Eden External

18 The Control Garden of Eden External No more boundaries (separation from God); Gift of God is eternal life to all who believe in Jesus Christ – John 3:16 Appropriate INCLUSION of Jesus Christ in our life eliminates the risk of second death

19 Discussion Points What are some of the “threats” in your personal/professional life? How are you addressing these threats?

20 Closing Thoughts try { if (uLikedThisMtg) { getLinkedIn(); subscribeViaEmail(); followAndTweet(); // @hackformers emailUs(); // mano.paul@hackformers.orgmano.paul@hackformers.org } else { giveFeedback(); // mano.paul@hackformers.orgmano.paul@hackformers.org } } catch(Threats t) { applyControl(God JesusChrist); } finally { ThankUandGodBless(); }

21 Want More? Speaker: Michael Howard – Principal Cybersecurity Program Manager, Microsoft – Author, Writing Secure Code and many more … Topic: TBD Date: March 09, 2012 Time: 11:30 a.m. – 1:00 p.m. Venue: Microsoft Technology Center www.hackformers.org @hackformers

22 Backup

23 Identify Control ThreatControls SpoofingSecure generation/transmission/storage of credentials (passwords); SSL; Multifactor Authentication TamperingHashing; Digital signatures; Secure Communications; Input validation RepudiationDigital signatures; Secure audit trails (logging) Information DisclosureLet your ‘Yes’ be ‘Yes’ and your ‘No’ be ‘No’ () Control your tongue (James 3) Denial of ServiceInput validation and filtration; Resource and bandwidth throttling; Load balancing; Disaster Recovery Elevation of PrivilegeLeast privilege (Need to know); Compartmentalization

Download ppt "Threat Modeling in the garden of Eden Mano ‘dash4rk’ Paul HackFormers."

Similar presentations

Sachin Rawat Crypsis SDL Threat Modeling.

Sachin Rawat Crypsis SDL Threat Modeling.
Has Man Ascended Or Descended. Adam and Eve Adam, The son of God Luke 3:23- 38.

Has Man Ascended Or Descended. Adam and Eve Adam, The son of God Luke 3:
God's Mindfulness of Man

God's Mindfulness of Man
Braggs church of Christ - The Fall of Man - Gen. 3 Genesis 3

Braggs church of Christ - The Fall of Man - Gen. 3 Genesis 3
Mano ‘dash4rk’ Paul October 11, 2013 Seek and Ye shall Find - Password and Providence.

Mano ‘dash4rk’ Paul October 11, 2013 Seek and Ye shall Find - Password and Providence.
CONSEQUENCES Margaret Lepke ~ www.HeartbeatPresentations.org Please click to forward slides at your leisure.

CONSEQUENCES Margaret Lepke ~ Please click to forward slides at your leisure.
Where Art Thou? An Introduction To Grace-Land Genesis 3:1-2 1 Now the serpent was more subtle than any beast of the field which the L ORD God had made.

Where Art Thou? An Introduction To Grace-Land Genesis 3:1-2 1 Now the serpent was more subtle than any beast of the field which the L ORD God had made.
Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Bridging the gap between software developers and auditors.

Bridging the gap between software developers and auditors.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.

Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.
1 “YOU WILL NOT SURELY DIE,” (Genesis 3:4) “…I WAS AFRAID…” (Genesis 3:10) Carter McKeague (Pray for Spain)

1 “YOU WILL NOT SURELY DIE,” (Genesis 3:4) “…I WAS AFRAID…” (Genesis 3:10) Carter McKeague (Pray for Spain)
Introduction The gospel is clearly revealed in the New Testament Scriptures. With the hindsight of the N.T. Scriptures we can see God’s plan from the.

Introduction The gospel is clearly revealed in the New Testament Scriptures. With the hindsight of the N.T. Scriptures we can see God’s plan from the.
Lies We Believe. Judges 17:6 “In those days there was no king in Israel; every man did what was right in his own eyes.”

Lies We Believe. Judges 17:6 “In those days there was no king in Israel; every man did what was right in his own eyes.”
The TRUTH PART 4 You can navigate through this study like this: Click here to go to the next slide Click here to go to the previous slide Click now to.

The TRUTH PART 4 You can navigate through this study like this: Click here to go to the next slide Click here to go to the previous slide Click now to.
“…in His Image” (Gen 1:26) In His Image Gen 1:3-25 - look at the structure 1:3-5; 1:20-23 - Similar pattern 1:26 - Pattern change! Not “Let there be…”

“…in His Image” (Gen 1:26) In His Image Gen 1: look at the structure 1:3-5; 1: Similar pattern 1:26 - Pattern change! Not “Let there be…”
Mano ‘dash4rk’ Paul CISSP, CSSLP, AMBCI, MCAD, MCSD, CompTIA Network+, ECSA SQL Injection & Soul Injection attacks.

Mano ‘dash4rk’ Paul CISSP, CSSLP, AMBCI, MCAD, MCSD, CompTIA Network+, ECSA SQL Injection & Soul Injection attacks.
BASIC BIBLE DOCTRINES Bible Study Guide. BASIC BIBLE DOCTRINES | LESSON 5 – “Jesus, Our Saviour” INTRODUCTION The question is often asked, “What is God.

BASIC BIBLE DOCTRINES Bible Study Guide. BASIC BIBLE DOCTRINES | LESSON 5 – “Jesus, Our Saviour” INTRODUCTION The question is often asked, “What is God.
Adult Bible Study Guide Jan Feb Mar 2013 Adult Bible Study Guide Jan Feb Mar 2013 powerpoint presentation designed by claro ruiz vicente

Adult Bible Study Guide Jan Feb Mar 2013 Adult Bible Study Guide Jan Feb Mar 2013 powerpoint presentation designed by claro ruiz vicente
God created Adam and Eve. Lesson 5 1. Introduction 2. God finished preparing the earth for man. Isaiah 45:18.

God created Adam and Eve. Lesson 5 1. Introduction 2. God finished preparing the earth for man. Isaiah 45:18.

Similar presentations

Ads by Google