Threat Modeling by Matthew J. Coles & Izar Tarandach
Author:Matthew J. Coles & Izar Tarandach [Matthew J. Coles]
Language: eng
Format: epub
Publisher: O'Reilly Media, Inc.
Published: 2020-04-24T16:00:00+00:00
When did it happen?
What was the accessed?
Of course the first one, who did it, does not refer to who was sitting on the endpoint at the time of the attack. That is a complex, many times unanswerable question. But if we do proper logging we can offer clues to that ultimate identity.
Another aspect of effective logging is to be able to help with confidentiality and non-repudiation. If we log all operations that have a security value, we should be able to build a timeline that offers a view of a given user session - what settings where manipulated, what identities were assumed, which files were touched, and which operations took place.
In order to be able to attest non-repudiation (someone can’t declare they did not perform a logged operation) and confidentiality (knowing if a sensitive file was opened, for example), it is necessary to show that logs have not been tampered with between the time they were generated to the time they are examined. This is usually achieved by protecting access to the files themselves, making them available only to privileged users, and on top of that using some form of message authentication code (MAC). The authentication does not need to apply to every single log line (that would be highly inefficient, and due to the short size of log lines, almost impossible to do properly) but should happen at regular intervals. Technologies such as Rsyslog.15, which is a robust and well-supported, RFC-compliant system, offers signed logs. See their documentation for an extensive discussion. RFC 5848.16 also offers much background on it.
As important as knowing what to log and how to protect it, it is crucial to know what NOT to log. In particular:
Personally identifiable information (PII) should never be logged in order to protect privacy of user data.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
The Mikado Method by Ola Ellnestam Daniel Brolund(26274)
Hello! Python by Anthony Briggs(25203)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(24432)
Kotlin in Action by Dmitry Jemerov(23522)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(22869)
Dependency Injection in .NET by Mark Seemann(22655)
OCA Java SE 8 Programmer I Certification Guide by Mala Gupta(21419)
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(20255)
Grails in Action by Glen Smith Peter Ledbrook(19329)
Adobe Camera Raw For Digital Photographers Only by Rob Sheppard(17045)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(16356)
Secrets of the JavaScript Ninja by John Resig & Bear Bibeault(14070)
Test-Driven iOS Development with Swift 4 by Dominik Hauser(12244)
Jquery UI in Action : Master the concepts Of Jquery UI: A Step By Step Approach by ANMOL GOYAL(11519)
A Developer's Guide to Building Resilient Cloud Applications with Azure by Hamida Rebai Trabelsi(10635)
Hit Refresh by Satya Nadella(9209)
The Kubernetes Operator Framework Book by Michael Dame(8573)
Exploring Deepfakes by Bryan Lyon and Matt Tora(8423)
Robo-Advisor with Python by Aki Ranin(8365)
