Contents Overview 1 Lesson: Introduction to Security Threats 2 Lesson: Predicting Threats to Security 8 Lab A: Identifying Threats to Network Security 15 Module 3: Identifying Threats to Network Security Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2002 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Active Directory, ActiveX, BizTalk, PowerPoint, Visio, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Module 3: Identifying Threats to Network Security iii Instructor Notes This module teaches students how to identify possible threats to a network and understand common motivations of attackers. The module introduces threat modeling as an effective way to predict where threats may occur in an organization. After completing this module, students will be able to:  Explain common network vulnerabilities and how attackers can exploit them.  Predict threats to security by using the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) threat model. To teach this module, you need Microsoft ® PowerPoint ® file 2830A_03.ppt. It is recommended that you use PowerPoint version 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly. To prepare for this module:  Read all of the materials for this module.  Complete the practices.  Complete the lab and practice discussing the answers.  Read the additional reading for this module, located under Additional Reading on the Web page on the Student Materials CD.  Visit the Web links that are referenced in the module. Presentation: 45 minutes Lab: 45 minutes Required materials Important Preparation tasks iv Module 3: Identifying Threats to Network Security How to Teach This Module This section contains information that will help you to teach this module. Lesson: Introduction to Security Threats Mention that these are simply a few of the more common types of attacks, but there are many types of attacks that can threaten a network. If students ask about security patches, tell them that these topics are covered in Module 6, “Creating a Security Design for Computers.” The key point of this page is that attacks can be very complex and elaborate. Not all attacks are as simple as a virus infecting a network. Students must be vigilant and be aware that there are many points at which a network may be vulnerable to attack. Draw upon your own experience or recent news events to describe attacks. Other difficulties that you can discuss with students include large networks, publicly available resources, supporting users for public networks, and users who are connected to both public and private networks. Students may bring up the issue of internal attackers. Tell them that some of this topic is covered in Module 7, “Creating a Security Design for Accounts,” Appendix A, “Designing an Acceptable Use Policy,” and Appendix B, “Designing Policies for Managing Networks.” Lesson: Predicting Threats to Security Predicting threats and analyzing the risks involved forms the foundation of security design. Threat modeling and risk analysis not only help determine the countermeasures that students will select and design, but they also provide justification to management for resource allocation. Emphasize to students throughout the course that management may often be resistant to spending money and resources on perceived threats. By carefully listing as many threats as possible and the risks involved, students can persuade management of security threats in language that management can understand. It will also help security designers keep track of what threats management chooses to respond to, and which threats it deems acceptable. Risk management is covered in greater detail in Module 4, “Analyzing Security Risks.” Students may feel overwhelmed when presented with the task of classifying attacks according to a threat model. They may feel that modeling all potential threats is a daunting task. Ensure them that the first time that they do threat modeling it may take some time, but with experience it becomes easier. Creating the team to model threats can be challenging. Encourage students to use experienced personnel if possible, but also to choose objective participants. The developer who created the application being modeled for threats may not be able to conceive of any weaknesses in the application, or may subconsciously steer the discussion away from vulnerabilities out of pride or other emotions. In this example, the developer may provide useful technical information for the team but may not be the most objective participant. Common Types of Network Vulnerabilities How Network Attacks Occur Difficulties in Defending Networks The STRIDE Threat Model Steps for Predicting Threats with a Threat Model Module 3: Identifying Threats to Network Security v Assessment There are assessments for each lesson, located on the Student Materials compact disc. You can use them as pre-assessments to help students identify areas of difficulty, or you can use them as post-assessments to validate learning. Lab A: Identifying Threats to Network Security To begin the lab, open Microsoft Internet Explorer and click the name of the lab. Play the video interviews for students, and then instruct students to begin the lab with their lab partners. Give students approximately 30 minutes to complete this lab, and spend about 15 minutes discussing the lab answers as a class. In this lab, students review a network diagram of a proposed business-to- business (B2B) infrastructure and a list of IP addresses. They then use a threat modeling worksheet to record top threats to the B2B infrastructure. In this lab, students do not send a reply e-mail to Ashley Larson. Instead, they open a Microsoft Excel spreadsheet named Threat Model Worksheet.xls and add information to it. Ensure that students rename the file and save the spreadsheet to the Lab Answers folder on their desktops for discussion. This lab is slightly different from the previous lab in that students do not answer the lab with an e-mail to Ashley Larson, but rather by saving their answers to a spreadsheet on their desktops. Ensure that students understand this before proceeding with the lab. Other labs may also require students to save files to their desktops. Ashley’s mail instructs students to find at least 10 threats, and at least one for each STRIDE category. Without some type of scope, students may find the exercise somewhat daunting. However, encourage students to find as many threats as they can in the time allotted. Depending on the experience of the students, consider assigning different STRIDE categories to different partners or small teams. The answers for this lab are located in the spreadsheet Lab Answers 3.xls, located in the Answers folder under Webfiles on the Student Materials CD. Be sure to print the answers out and study them before you conduct the lab. When discussing the lab answers, encourage groups of students to write their top 10 threats on the whiteboard, and discuss students’ conclusions as a class. The answers in the spreadsheet are suggested answers only. Encourage students to find additional threats, such as inexperienced administrators. Also mention to students that the spreadsheet is available to them on the Student Materials CD. For general lab suggestions, see the Instructor Notes in Module 2, “Creating a Plan for Network Security.” Those notes contain detailed suggestions for facilitating the lab environment used in this course. Important Important General lab suggestions vi Module 3: Identifying Threats to Network Security Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs. This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware. This module includes only computer-based interactive lab exercises, and as a result, there are no lab setup requirements or configuration changes that affect replication or customization. The lab in this module is also dependent on the classroom configuration that is specified in the Customization Information section at the end of the Automated Classroom Setup Guide for Course 2830A, Designing Security for Microsoft Networks. Lab Setup There are no lab setup requirements that affect replication or customization. Lab Results There are no configuration changes on student computers that affect replication or customization. Important Module 3: Identifying Threats to Network Security 1 Overview ***************************** ILLEGAL FOR NON - TRAINER USE ****************************** In this module, you will learn how to identify possible threats to a network and understand common motivations of attackers. The module introduces the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) threat model as an effective way to predict where threats may occur in an organization. After completing this module, you will be able to:  Explain common network vulnerabilities and how attackers can exploit them.  Predict threats to security by using the STRIDE model. Introduction Ob jectives 2 Module 3: Identifying Threats to Network Security Lesson: Introduction to Security Threats ***************************** ILLEGAL FOR NON - TRAINER USE ****************************** A threat describes a danger or vulnerability. Threats can occur from a variety of sources, such as attacks or an incorrectly configured application. After completing this lesson, you will be able to:  Explain why network attacks occur.  Describe who attacks networks.  Describe common types of network vulnerabilities.  Describe how network attacks take place.  List the difficulties of defending networks. Introduction Lesson ob jectives Module 3: Identifying Threats to Network Security 3 Why Network Attacks Occur ***************************** ILLEGAL FOR NON - TRAINER USE ****************************** Attackers attempt to compromise the security of networks and applications for a variety of reasons, including:  Revenge. An attacker may feel slighted by an organization and want to punish it. Sometimes, former employees attack their previous organizations for revenge. This attacker is particularly dangerous due to his in-depth knowledge of the network and his personal motivation for attack.  Espionage. An attacker may spy on an organization or government to obtain secrets. Such an attacker is often motivated by patriotism or monetary gain.  Publicity. An attacker may attack a network or application to seek public notoriety or to advertise her own services. Publicity seekers often report their attacks.  Personal satisfaction. An attacker may attack networks as a hobby, for the challenge, or to boost his ego. This type of attacker is dangerous due to his efforts to attack networks indiscriminately.  Terrorism. An attacker may attack a network as part of a group- or state- sponsored terrorist effort. These are the most serious types of attackers because human life may be at risk. Key points 4 Module 3: Identifying Threats to Network Security Who Attacks Networks? ***************************** ILLEGAL FOR NON - TRAINER USE ****************************** Attackers of all abilities and motivations are dangerous to network security in different ways:  Novice. Most attackers have only basic computer knowledge but are still dangerous because they often do not fully understand the consequences of their actions.  Intermediate. Attackers with intermediate skills are often trying to gain respect in attacker communities. Typically, they attack prominent targets or create automated tools for others to attack networks.  Advanced. Highly skilled attackers present a serious challenge to network security because their methods of attack can extend beyond technology into physical intrusion and social engineering, or misleading a user or administrator in order to gain information. Although there are relatively few advanced attackers, their skills and experience make them the most dangerous attackers to a network. Key points [...]... class Important In this lab, you do not need to send e-mail to Ashley Larson Instead, open the Microsoft Excel spreadsheet named Threat Model Worksheet.xls, and add information to it Rename the file and save it to the Lab Answers folder on your desktop for discussion 16 Module 3: Identifying Threats to Network Security Lab A: Identifying Threats to Network Security Lab Questions and Answers Answers... in plain text from a client computer to a database Poorly coded Web site allows a cross-site scripting attack Attacker can gain physical access to servers Security updates that prevent buffer overruns are not applied to servers STRIDE classification I S, T, I S,T,R,I,D,E D,E Module 3: Identifying Threats to Network Security 15 Lab A: Identifying Threats to Network Security *****************************ILLEGAL... are organized, trained, prepared, and vigilant 8 Module 3: Identifying Threats to Network Security Lesson: Predicting Threats to Security *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction The ability to predict threats will help you prioritize how you spend your security resources to protect your network Threats change every day, depending on changes... reading For more information about Microsoft Security Bulletins, see http://www.microsoft.com/technet /security/ bulletin/notify.asp For the SysAdmin, Audit, Network, Security (SANS) Institute/Federal Bureau of Investigation (FBI) top 20 list of security vulnerabilities, see http://www.sans.org/top20.htm 6 Module 3: Identifying Threats to Network Security How Network Attacks Occur *****************************ILLEGAL... you anticipate where attacks may occur on your network Lesson objectives After completing this lesson, you will be able to: Explain the STRIDE threat model Use a threat model to predict threats to a network Create an infrastructure threat model Create a life cycle threat model List guidelines for modeling threats Module 3: Identifying Threats to Network Security 9 The STRIDE Threat Model *****************************ILLEGAL... Microsoft Press 12 Module 3: Identifying Threats to Network Security How to Create a Life Cycle Threat Model *****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points Another approach to threat modeling is to apply the STRIDE model to the life cycle of a device or application For example, you can predict threats to computers that are deployed on your network As shown.. .Module 3: Identifying Threats to Network Security 5 Common Types of Network Vulnerabilities *****************************ILLEGAL FOR NON-TRAINER USE****************************** Key points Most successful attacks on networks succeed by exploiting common and well known vulnerabilities or weaknesses Ensure that you train administrators to recognize these vulnerabilities and to become familiar... vulnerability to different threats depends on its life cycle stage Module 3: Identifying Threats to Network Security 13 Team Guidelines for Modeling Threats *****************************ILLEGAL FOR NON-TRAINER USE****************************** Guidelines Encourage creative thinking among team members Some suggestions, however unrealistic, may prompt others to discover additional valid threats Ensure... potential threats to information security The potential threats that you discover while performing threat modeling enable you to create an accurate risk management plan By predicting threats, you can proactively reduce your risk The STRIDE model is a simple way to categorize threats according to their characteristics There are six categories of threats in the STRIDE model A threat may belong to more... developer who wrote the code in the application being assessed, or a manager who funded the project to create the application may overestimate the ability of the application to withstand an attack, or may be too familiar with it to be objective about its assessment 14 Module 3: Identifying Threats to Network Security Practice: Determine Threat Types Using STRIDE *****************************ILLEGAL FOR . Introduction to Security Threats 2 Lesson: Predicting Threats to Security 8 Lab A: Identifying Threats to Network Security 15 Module 3: Identifying Threats to Network. owners. Module 3: Identifying Threats to Network Security iii Instructor Notes This module teaches students how to identify possible threats to a network