Assignment: Threat Modeling
Here I am going to discuss only the pertinent info. But you should think about the other architectural components such as distributed architecture, performance and scalability impact your design with respect to security. For example, scalability: physical or virtual (vertical/horizontal or scale-in/scale-out).
This document does not provide you all the details but just the highlights and some information with respect to implementation of an application.
Case Study: You are searching for products online and placing the orders
1. Before you place the order a product(s) you have to create an account (ie., your mailing address to deliver products/goods)
2. You place the order using the credit card
So based on this case study now think about what has to happen for you to place the order.
1. You access to Intranet as well as the Internet
2. Authenticate on the Web (create credentials: UID/Passwd)
3. This info is saved on the backend database
4. Maintain the session and transactional processing
5. Search and place the order (if you decide to purchase)
6. Provide credit card info and a third party validate this information (Clearing House). Think about Payment Card Industry/Data Security Standards (PCI/DSS) and why it is import as to when you design the architecture)
7. The product order you placed is saved on the database
Steps:
1. Define your security objectives? Example: is it providing secure service?
2. Profile the application.
a. Identify physical, logical topology
b. Determine the components
c. Services, protocols, ports etc....
3. Decompose the application
a. Identify the trust boundaries
b. Identify the entry points: ports 80/443/22 etc....
4. Identify exit points
a. Example: Display the product catalog
b. Other products on the Web page etc.....
5. Identify DFD
6. Documents all the security profile information
7. Identify threat and vulnerabilities (use STRIDE Threat List) and document.
8. Finally, you prioritize the threats.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also include a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also Include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.
Attachment:- Additional-Info.rar