Page 5 - Cyber Warnings
P. 5
How Vulnerable Are You?
by Bill Graham, Technical Marketing Specialist, GrammaTech
Introduction
The promise of static analysis is compelling but our most frequently-asked question is, "Where
do we start?" Security is a top-of-mind concern, so we are also frequently asked questions such
as, “How vulnerable is our software and how do we start to fix it?” This article describes a
reasonable starting point and process for understanding your current vulnerabilities and
adopting static analysis as part of an ongoing improvement process.
Where to Begin with Static Analysis Tools for Security Audits
As with any automated software tool, it’s important to know what you’re looking for. In the case
of discovering a system’s vulnerabilities, a security audit makes sense. This does require some
manual homework ahead of time -- for example, if a system doesn’t have a formal threat
analysis, it’s a good time to consider doing one. Understanding the threat environment and
attack surface of your system is critical in a security audit.
Threat Model and Attack Surface
The probability of a cyber attack affecting a device is a function of both the attack's potential
impact and the attack being possible. A threat assessment is performed in order to establish a
threat model and attack surface, by looking at the motivations and intents of potential attackers,
their possible avenues to attack your system, and the probability of them being successful in
that attack:
• Attack sources and motivations - Threats can be insiders, activists, terrorists,
criminals, state-sponsored actors, or competitors. Understanding the sources of attacks
and their motivations can help you understand the goals of an attack and whether such a
group could achieve the attack.
• Roles and privileges of authorized users - Identifying users and their access rights is
essential to enforcing a key security principle of least privilege. Limiting access of
operational users to prevent dangerous operation or leakage of important data prevents
insiders and attackers from gaining more than their privilege level allows.
• Identification of potential electronic attack vectors - Typically, network connections
and other peripheral I/O provide intrusion access to attackers. In some cases, the attack
vector may be internal from local access to the user interface or local area network. In
other cases, access via a wide area network or even the Internet is a possibility.
• Assessing attack difficulty - The loss assessment indicates which services and
functions would have the most impact if attacked. The relative difficulty of these attacks
must be evaluated based on the attackers and their intrusion vector.
• Assigning a threat metric - It's not possible to foresee every attack, nor is it efficient to
attempt to protect against every possible attack. Attacks from outside the defendable
network segment, for example, that have a large impact and a low attack difficulty would
have a high threat metric. Scoring each combination of source and motivation, attack
5 Cyber Warnings E-Magazine February 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
