Threat​ ​Modeling

User Generated

anavanav24

Writing

Description

Topic needs to be Banking or Health Care preferable. APA format with reference is mandatory. Need PPT and Report

The assignment should include a research/case analysis/industry scenario that students should complete collaboratively in groups.

The deliverable of the project should include the research paper and a group presentations.

Typically the research paper is a 10-15 pages, however there was more time spent on the assignment because there weren't other assignments each day.

In regards to this section select topic that the students can research based on the topics discussed in the course or use cases. It can be a topic combined with the most recent weeks up to the week of the residency.

Presentations should be around 15-20 minutes for each group. Make sure to set the time limit accordingly to ensure that everyone can present.


Threat Modeling

Here I am going to discuss only the pertinent info. But you should think about the other architectural components such as distributed architecture, performance and scalability impact your design with respect to security. For example, scalability: physical or virtual (vertical/horizontal or scale-in/scale-out).

This document does not provide you all the details but just the highlights and some information with respect to implementation of an application.

Case Study: You are searching for products online and placing the orders 1. Before you place the order a product(s) you have to create an account (ie., your mailing address to deliver products/goods)

2. You place the order using the credit card

So based on this case study now think about what has to happen for you to place the order.

1. You access to Intranet as well as the Internet

2. Authenticate on the Web (create credentials: UID/Passwd)

3. This info is saved on the backend database

4. Maintain the session and transactional processing

5. Search and place the order (if you decide to purchase)

6. Provide credit card info and a third party validate this information (Clearing House). Think about Payment Card Industry/Data Security Standards (PCI/DSS) and why it is import as to when you design the architecture)

7. The product order you placed is saved on the database

Steps: 1. Define your security objectives? Example: is it providing secure service?

2. Profile the application. a. Identify physical, logical topology b. Determine the components c. Services, protocols, ports etc….

3. Decompose the application a. Identify the trust boundaries b. Identify the entry points: ports 80/443/22 etc….

4. Identify exit points a. Example: Display the product catalog b. Other products on the Web page etc…..

5. Identify DFD

6. Documents all the security profile information

7. Identify threat and vulnerabilities (use STRIDE Threat List) and document\

8. Finally, you prioritize the threats Logical Architecture




Unformatted Attachment Preview

Threat​ ​Modeling Here​ ​I​ ​am​ ​going​ ​to​ ​discuss​ ​only​ ​the​ ​pertinent​ ​info.​ ​But​ ​you​ ​should​ ​think​ ​about​ ​the​ ​other architectural​ ​components​ ​such​ ​as​ ​distributed​ ​architecture,​ ​performance​ ​and​ ​scalability​ ​impact your​ ​design​ ​with​ ​respect​ ​to​ ​security.​ ​For​ ​example,​ ​scalability:​ ​physical​ ​or​ ​virtual (vertical/horizontal​ ​or​ ​scale-in/scale-out). This​ ​document​ ​does​ ​not​ ​provide​ ​you​ ​all​ ​the​ ​details​ ​but​ ​just​ ​the​ ​highlights​ ​and​ ​some​ ​information with​ ​respect​ ​to​ ​implementation​ ​of​ ​an​ ​application. Case​ ​Study:​ ​You​ ​are​ ​searching​ ​for​ ​products​ ​online​ ​and​ ​placing​ ​the​ ​orders 1. Before​ ​you​ ​place​ ​the​ ​order​ ​a​ ​product(s)​ ​you​ ​have​ ​to​ ​create​ ​an​ ​account​ ​(ie.,​ ​your​ ​mailing address​ ​to​ ​deliver​ ​products/goods) 2. You​ ​place​ ​the​ ​order​ ​using​ ​the​ ​credit​ ​card So​ ​based​ ​on​ ​this​ ​case​ ​study​ ​now​ ​think​ ​about​ ​what​ ​has​ ​to​ ​happen​ ​for​ ​you​ ​to​ ​place​ ​the​ ​order. You​ ​access​ ​to​ ​Intranet​ ​as​ ​well​ ​as​ ​the​ ​Internet Authenticate​ ​on​ ​the​ ​Web​ ​(create​ ​credentials:​ ​UID/Passwd) This​ ​info​ ​is​ ​saved​ ​on​ ​the​ ​backend​ ​database Maintain​ ​the​ ​session​ ​and​ ​transactional​ ​processing Search​ ​and​ ​place​ ​the​ ​order​ ​(if​ ​you​ ​decide​ ​to​ ​purchase) Provide​ ​credit​ ​card​ ​info​ ​and​ ​a​ ​third​ ​party​ ​validate​ ​this​ ​information​ ​(Clearing​ ​House). Think​ ​about​ ​Payment​ ​Card​ ​Industry/Data​ ​Security​ ​Standards​ ​(PCI/DSS)​ ​and​ ​why​ ​it​ ​is import​ ​as​ ​to​ ​when​ ​you​ ​design​ ​the​ ​architecture) 7. The​ ​product​ ​order​ ​you​ ​placed​ ​is​ ​saved​ ​on​ ​the​ ​database 1. 2. 3. 4. 5. 6. Steps: 1. Define​ ​your​ ​security​ ​objectives?​ ​Example:​ ​is​ ​it​ ​providing​ ​secure​ ​service? 2. Profile​ t​ he​ ​application. a. Identify​ ​physical,​ ​logical​ ​topology b. Determine​ ​the​ ​components c. Services,​ ​protocols,​ ​ports​ ​etc…. 3. Decompose​ ​the​ ​application a. Identify​ ​the​ ​trust​ ​boundaries b. Identify​ ​the​ ​entry​ ​points:​ ​ports​ ​80/443/22​ ​etc…. 4. Identify​ ​exit​ ​points a. Example:​ ​Display​ ​the​ ​product​ ​catalog b. Other​ ​products​ ​on​ ​the​ ​Web​ ​page​ ​etc….. 5. Identify​ ​DFD 6. Documents​ ​all​ ​the​ ​security​ ​profile​ ​information 7. Identify​ ​threat​ ​and​ ​vulnerabilities​ ​(use​ ​STRIDE​ ​Threat​ ​List)​ ​and​ ​document\ 8. Finally,​ ​you​ p ​ rioritize​ ​the​ ​threats Logical​ ​Architecture
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

This question has not been answered.

Create a free account to get help with this and any other question!

Related Tags