The following are examples of security mechanisms designed to preserve confidentiality:
Logical and physical access controls
Encryption (in motion and at rest)
Database views
Controlled traffic routing
The following are the different components of STRIDE:
Repudiation: You must consider if the system or applications require nonrepudiation controls, such as system logs, web access logs, and audit trails. Another consideration is that an application should run with the user’s privileges, not more.
Elevation of privilege: It is very important that you ensure in any application or system that users cannot elevate their privileges. Many organizations develop an authorization matrix to ensure that only authorized users and roles can access privileged functionality.
Spoofing: Sometimes referred to as identify spoofing. Attackers can disguise themselves as someone else. They can also disguise their systems as some other systems. For instance, in many distributed denial-of-service (DDoS) attacks, attackers can spoof the source of the attacks (that is, the IP addresses of the attacking machines or bots) in order to carry out the attack and maintain anonymity. This is why systems should have protection in place against spoofing attacks—and not just for DDoS. In general, users should not be able to become any other users or assume the attributes of other users, period.
Information disclosure: You must make sure that a system or application does not disclose information that is not intended. For example, a web application should not store usernames and passwords in its source. Also, user credentials should not be stored in logs or in any other configuration or troubleshooting feature in plain text.
Tampering: This ties into the discussion earlier in this chapter about integrity. Users must not be able to tamper with data, applications, or systems. In threat modeling, you must understand what threats could allow an attacker to tamper with data, applications, or systems in your organization.
Denial of service: You should evaluate what threats can cause a denial-of-service condition. This is beyond just performance testing and should employ methodologies such as fuzzing (sending random data to an application or protocol).
The following are some of the most common evasion techniques against traditional IDS and IPS devices:
Fragmentation: When the attacker evades the IPS box by sending fragmented packets.
Using low-bandwidth attacks: When the attacker uses techniques that use low-bandwidth or a very small amount of packets in order to evade the system.
Address spoofing/proxying: Using spoofed IP addresses or sources, as well as using intermediary systems such as proxies to evade inspection.
Pattern change evasion: Attackers may use polymorphic techniques to create unique attack patterns.
Encryption: Attackers can use encryption to hide their communication and information.
The following are the most common incident response team structures:
Centralized incident response team
Distributed incident response team
Coordinating team
The following are the most common incident response team staffing models:
Employees
Partially outsourced
Fully outsourced
The VERIS schema is divided into the following five main sections:
Incident Tracking
Victim Demographics
Incident Description
Discovery & Response
Impact Assessment
While studying for the CCNA Cyber Ops SECFND exam, you learned about the concept of the 5-tuple. As a refresher, the 5-tuple refers to the following five elements:
Source IP address
Source port
Destination IP address
Destination port
Protocol