Contents Overview 1 Lesson: Introduction to Security Threats 2 Lesson: Predicting Threats to Security 8 Lab A: Identifying Threats to Network Security 15 Module 3: Identifying Threa
Trang 1Contents
Overview 1
Lesson: Introduction to Security Threats 2
Lesson: Predicting Threats to Security 8
Lab A: Identifying Threats to Network
Security 15
Module 3: Identifying Threats to Network Security
Trang 2and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred Complying with all applicable copyright laws is the responsibility of the user Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property
2002 Microsoft Corporation All rights reserved
Microsoft, MS-DOS, Windows, Windows NT, Active Directory, ActiveX, BizTalk, PowerPoint, Visio, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries
The names of actual companies and products mentioned herein may be the trademarks of their respective owners
Trang 3Instructor Notes
This module teaches students how to identify possible threats to a network and understand common motivations of attackers The module introduces threat modeling as an effective way to predict where threats may occur in an organization
After completing this module, students will be able to:
Explain common network vulnerabilities and how attackers can exploit them
Predict threats to security by using the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) threat model
To teach this module, you need Microsoft® PowerPoint® file 2830A_03.ppt
It is recommended that you use PowerPoint version 2002 or later to display the slides for this course If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly
To prepare for this module:
Read all of the materials for this module
Complete the practices
Complete the lab and practice discussing the answers
Read the additional reading for this module, located under Additional
Reading on the Web page on the Student Materials CD
Visit the Web links that are referenced in the module
Trang 4How to Teach This Module
This section contains information that will help you to teach this module
Lesson: Introduction to Security Threats
Mention that these are simply a few of the more common types of attacks, but there are many types of attacks that can threaten a network If students ask about security patches, tell them that these topics are covered in Module 6,
“Creating a Security Design for Computers.”
The key point of this page is that attacks can be very complex and elaborate Not all attacks are as simple as a virus infecting a network Students must be vigilant and be aware that there are many points at which a network may be vulnerable to attack Draw upon your own experience or recent news events to describe attacks
Other difficulties that you can discuss with students include large networks, publicly available resources, supporting users for public networks, and users who are connected to both public and private networks Students may bring up the issue of internal attackers Tell them that some of this topic is covered in Module 7, “Creating a Security Design for Accounts,” Appendix A, “Designing
an Acceptable Use Policy,” and Appendix B, “Designing Policies for Managing Networks.”
Lesson: Predicting Threats to Security
Predicting threats and analyzing the risks involved forms the foundation of security design Threat modeling and risk analysis not only help determine the countermeasures that students will select and design, but they also provide justification to management for resource allocation Emphasize to students throughout the course that management may often be resistant to spending money and resources on perceived threats By carefully listing as many threats
as possible and the risks involved, students can persuade management of security threats in language that management can understand It will also help security designers keep track of what threats management chooses to respond
to, and which threats it deems acceptable Risk management is covered in greater detail in Module 4, “Analyzing Security Risks.”
Students may feel overwhelmed when presented with the task of classifying attacks according to a threat model They may feel that modeling all potential threats is a daunting task Ensure them that the first time that they do threat modeling it may take some time, but with experience it becomes easier
Creating the team to model threats can be challenging Encourage students to use experienced personnel if possible, but also to choose objective participants The developer who created the application being modeled for threats may not
be able to conceive of any weaknesses in the application, or may subconsciously steer the discussion away from vulnerabilities out of pride or other emotions In this example, the developer may provide useful technical information for the team but may not be the most objective participant
Steps for Predicting
Threats with a Threat
Model
Trang 5Assessment
There are assessments for each lesson, located on the Student Materials compact disc You can use them as pre-assessments to help students identify areas of difficulty, or you can use them as post-assessments to validate learning
Lab A: Identifying Threats to Network Security
To begin the lab, open Microsoft Internet Explorer and click the name of the lab Play the video interviews for students, and then instruct students to begin the lab with their lab partners Give students approximately 30 minutes to complete this lab, and spend about 15 minutes discussing the lab answers as a class
In this lab, students review a network diagram of a proposed business (B2B) infrastructure and a list of IP addresses They then use a threat modeling worksheet to record top threats to the B2B infrastructure
business-to-In this lab, students do not send a reply e-mail to Ashley Larson Instead, they open a Microsoft Excel spreadsheet named Threat Model Worksheet.xls and add information to it Ensure that students rename the file and save the spreadsheet to the Lab Answers folder on their desktops for discussion
This lab is slightly different from the previous lab in that students do not answer the lab with an e-mail to Ashley Larson, but rather by saving their answers to a spreadsheet on their desktops Ensure that students understand this before proceeding with the lab Other labs may also require students to save files to their desktops
Ashley’s mail instructs students to find at least 10 threats, and at least one for each STRIDE category Without some type of scope, students may find the exercise somewhat daunting However, encourage students to find as many threats as they can in the time allotted Depending on the experience of the students, consider assigning different STRIDE categories to different partners
or small teams
The answers for this lab are located in the spreadsheet Lab Answers
3.xls, located in the Answers folder under Webfiles on the Student Materials
CD Be sure to print the answers out and study them before you conduct the lab
When discussing the lab answers, encourage groups of students to write their top 10 threats on the whiteboard, and discuss students’ conclusions as a class The answers in the spreadsheet are suggested answers only Encourage students
to find additional threats, such as inexperienced administrators Also mention to students that the spreadsheet is available to them on the Student Materials CD For general lab suggestions, see the Instructor Notes in Module 2, “Creating a Plan for Network Security.” Those notes contain detailed suggestions for facilitating the lab environment used in this course
Important
Important
General lab suggestions
Trang 6Customization Information
This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware
This module includes only computer-based interactive lab exercises, and as a result, there are no lab setup requirements or configuration changes that affect replication or customization
The lab in this module is also dependent on the classroom configuration that is specified in the Customization Information section at the
end of the Automated Classroom Setup Guide for Course 2830A, Designing
Security for Microsoft Networks
Trang 7Overview
In this module, you will learn how to identify possible threats to a network and understand common motivations of attackers The module introduces the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) threat model as an effective way to predict where threats may occur in an organization
After completing this module, you will be able to:
Explain common network vulnerabilities and how attackers can exploit them
Predict threats to security by using the STRIDE model
Introduction
Objectives
Trang 8Lesson: Introduction to Security Threats
A threat describes a danger or vulnerability Threats can occur from a variety of sources, such as attacks or an incorrectly configured application
After completing this lesson, you will be able to:
Explain why network attacks occur
Describe who attacks networks
Describe common types of network vulnerabilities
Describe how network attacks take place
List the difficulties of defending networks
Introduction
Lesson objectives
Trang 9Why Network Attacks Occur
Attackers attempt to compromise the security of networks and applications for a variety of reasons, including:
punish it Sometimes, former employees attack their previous organizations for revenge This attacker is particularly dangerous due to his in-depth
knowledge of the network and his personal motivation for attack
secrets Such an attacker is often motivated by patriotism or monetary gain
notoriety or to advertise her own services Publicity seekers often report
their attacks
challenge, or to boost his ego This type of attacker is dangerous due to his
efforts to attack networks indiscriminately
state-sponsored terrorist effort These are the most serious types of attackers
because human life may be at risk
Key points
Trang 10Who Attacks Networks?
Attackers of all abilities and motivations are dangerous to network security in different ways:
dangerous because they often do not fully understand the consequences of their actions
respect in attacker communities Typically, they attack prominent targets or create automated tools for others to attack networks
security because their methods of attack can extend beyond technology into physical intrusion and social engineering, or misleading a user or
administrator in order to gain information Although there are relatively few advanced attackers, their skills and experience make them the most
dangerous attackers to a network
Key points
Trang 11Common Types of Network Vulnerabilities
Most successful attacks on networks succeed by exploiting common and well known vulnerabilities or weaknesses Ensure that you train administrators to recognize these vulnerabilities and to become familiar with new ones when they are discovered
For more information about Microsoft Security Bulletins, see http://www.microsoft.com/technet/security/bulletin/notify.asp
For the SysAdmin, Audit, Network, Security (SANS) Institute/Federal Bureau
of Investigation (FBI) top 20 list of security vulnerabilities, see http://www.sans.org/top20.htm
Key points
Additional reading
Trang 12How Network Attacks Occur
Attacks on networks often follow the same pattern You should design methods for detecting, responding to, or preventing attacks during each of the following stages:
1 Footprint In this stage, the attacker researches the target organization He
may obtain all public information about an organization and its employees and complete port scans on all computers and devices that are accessible from the Internet
2 Penetration After the attacker has located potential vulnerabilities, she will
try to take advantage of a vulnerability For example, the attacker exploits a Web server that lacks the latest security update
3 Elevation of privilege After the attacker has successfully penetrated the
network, she attempts to obtain administrator or system-level rights For example, while exploiting the Web server, she gains control of a process running under the LocalSystem security context and uses this process to create an administrator account Often, poor security as a result of using default settings allows an attacker to obtain network access without much effort
4 Exploit After the attacker has obtained the necessary rights, he carries out
the exploit, or method of breaking into the network For example, the attacker chooses to deface the organization’s public Web site
5 Cover-up The final stage of an attack is where an attacker attempts to hide
his actions to escape detection or prosecution For example, an attacker erases relevant entries in audit log files
For more information about how network attacks occur, see Hacking Exposed:
Windows 2000, by Joel Scambray and Stuart McClure, published by
McGraw-Hill Osborne Media
Key points
Additional reading
Trang 13Difficulties in Defending Networks
Defending networks has several unique challenges Attackers as a group possess a nearly infinite ability to attack networks, whereas security professionals have limitations in terms of number, time, and resources Security professionals must also abide by legal restrictions in terms of how they
investigate attackers
Because of the difficulties in defending networks, it is essential that security personnel are organized, trained, prepared, and vigilant
Key points
Trang 14Lesson: Predicting Threats to Security
The ability to predict threats will help you prioritize how you spend your security resources to protect your network Threats change every day,
depending on changes in technology Using a technique known as threat
modeling will help you anticipate where attacks may occur on your network
After completing this lesson, you will be able to:
Explain the STRIDE threat model
Use a threat model to predict threats to a network
Create an infrastructure threat model
Create a life cycle threat model
List guidelines for modeling threats
Introduction
Lesson objectives