识别威胁

Indentifying Threats

识别威胁

There's an almost infinite possibility of threats, so it's important to use a structured approach to accurately identify relevant threats. For example, some organizations use one or more of the following three approaches: 

• Focused on Assets This method uses asset valuation results and attempts to identify threats to the valuable assets.

• Focused on Attackers Some organizations are able to identify potential attackers and can identify the threats they represent based on the attacker's motivations, goals, or tactics(战术),techniques, and procedures (TTPs). 

• Focused on Software If an organization develops software, it can consider potential threats against the software. 

• Repudiation: The ability of a user or attacker to deny having performed an action or activity by maintaining plausible deniability. Repudiation attacks can also result in innocent third parties being blamed for security violations. 

  
  

威胁的可能性几乎是无限的，所以使用结构化的方法来准确识别相关的威胁是很重要的。例如，一些组织使用以下三种方法中的一种或多种。

• 注重资产 这种方法使用资产评估结果，并试图确定对有价值资产的威胁。

• 专注于攻击者 有些组织能够识别潜在的攻击者，并能根据攻击者的动机、目标或战术、技术和程序（TTPs）来确定他们所代表的威胁。

• 专注于软件 如果一个组织开发软件，它可以考虑针对软件的潜在威胁。

It's common to pair threats with vulnerabilities to identify threats that can exploit assets and represent significant risks to the organization. An ultimate goal of threat modeling is to prioritize the potential threats against an organization's valuable assets. 

常见的做法是将威胁与漏洞配对，以确定能够利用资产并对组织构成重大风险的威胁。威胁建模的一个最终目标是对组织的宝贵资产的潜在威胁进行优先排序。

When attempting to inventory and categorize threats, it is often helpful to use a guide or reference. Microsoft developed a threat categorization scheme known as the STRIDE threat model. STRIDE is an acronym standing for the following: 

• Spoofing: An attack with the goal of gaining access to a target system through the use of a falsified identity. When an attacker spoofs their identity as a valid or authorized entity, they are often able to bypass filters and blockades against unauthorized access.

• Tampering: Any action resulting in unauthorized changes or manipulation of data, whether in transit or in storage. 

• Information disclosure: The revelation or distribution of private, confidential, or controlled information to external or unauthorized entities.

• Denial of service (DoS): An attack that attempts to prevent authorized use of a resource. This can be done through flaw exploitation, connection overloading, or traffic flooding.

• Elevation of privilege: An attack where a limited user account is transformed into an account with greater privileges, powers, and access. 

当试图对威胁进行清点和分类时，使用指南或参考资料往往是有帮助的。微软开发了一个威胁分类方案，称为STRIDE威胁模型。STRIDE是一个首字母缩写，代表以下内容。

欺骗：一种攻击，目的是通过使用伪造的身份获得对目标系统的访问。当攻击者把自己的身份伪装成一个有效的或授权的实体时，他们往往能够绕过过滤器和封锁线，阻止未经授权的访问。

篡改：任何导致未经授权改变或操纵数据的行为，无论是在运输中还是在储存中。

驳斥：用户或攻击者通过保持似是而非的推诿来否认执行过某种行动或活动的能力。否认攻击也可能导致无辜的第三方被指责为违反安全规定。

信息披露：向外部或未经授权的实体披露或分发私人、机密或控制的信息。

拒绝服务：一种试图阻止授权使用资源的攻击。这可以通过漏洞利用、连接过载或流量泛滥来实现。

权限提升：一种攻击，即一个有限的用户账户被转化为一个具有更大特权、权力和访问权的账户。

Process for Attack Simulation and Threat Analysis (PASTA) is a seven-stage threat modeling methodology. PASTA is a risk-centric approach that aims at selecting or developing countermeasures in relation to the value of the assets to be protected. The following are the seven steps of PASTA: 

• Stage1: Definition of the Objectives (DO) for the Analysis of Risks

• Stage2: Definition of the Technical Scope (DTS) 

• Stage3: Application Decomposition and Analysis (ADA) 

• Stage4: Threat Analysis (TA) 

• Stage5: Weakness and Vulnerability Analysis (WVA) 

• Stage6: Attack Modeling & Simulation (AMS)

• Stage7: Risk Analysis & Management (RAM) 

  
  

攻击模拟和威胁分析过程（PASTA）是一种七阶段的威胁建模方法。PASTA是一种以风险为中心的方法，其目的是根据要保护的资产的价值来选择或制定应对措施。以下是PASTA的七个步骤。

• 第一阶段：定义风险分析的目标（DO）。

• 第二阶段：技术范围的定义（DTS）

• 第三阶段：应用分解和分析（ADA）

• 第四阶段：威胁分析（TA）

• 第五阶段：弱点和漏洞分析（WVA）

• 第六阶段：攻击建模和模拟（AMS）

• 第七阶段：风险分析和管理（RAM）

Each stage of PASTA has a specific list of objectives to achieve and deliverables to produce in order to complete the stage. For more information on PASTA, please see Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis  (Wiley, 2015), by Tony Uceda Velez and Marco M. Morana.

PASTA的每个阶段都有一个具体的目标清单，以完成该阶段所需的目标和交付物。关于PASTA的更多信息，请参见《以风险为中心的威胁建模，攻击模拟和威胁分析过程》（Wiley，2015），作者是Tony Uceda Velez和Marco M. Morana。

Visual, Agile, and Simple Threat (VAST) is a threat modeling concept that integrates threat and risk management into an Agile programming environment on a scalable basis (see Chapter 20, “Software Development Security,” regarding Agile). 

可视化、敏捷和简单威胁（VAST）是一个威胁建模概念，在可扩展的基础上将威胁和风险管理整合到敏捷编程环境中（见第20章，"软件开发安全"，关于敏捷）。

These are just a few in the vast array of threat modeling concepts and methodologies available from community groups, commercial entities, government agencies, and international associations. 

这些只是社区团体、商业实体、政府机构和国际协会提供的大量威胁建模概念和方法中的一小部分。

Be Alert for Individual Threats 对个人威胁保持警惕

Competition is often a key part of business growth, but overly adversarial competition can increase the threat level from individuals. In addition to criminal hackers and disgruntled employees, adversaries, contractors, employees, and even trusted partners can be a threat to an organization if relationships go sour.  竞争往往是业务增长的一个关键部分，但过度的对抗性竞争会增加来自个人的威胁程度。除了犯罪的黑客和心怀不满的员工之外，如果关系变坏，对手、承包商、员工，甚至是值得信赖的合作伙伴都会对一个组织构成威胁。

Potential threats to your business are broad and varied. A company faces threats from nature, technology, and people. Always consider the best and worst possible outcomes of your organization's activities, decisions, and interactions. Identifying threats is the first step toward designing defenses to help reduce or eliminate downtime, compromise, and loss. 

潜在威胁对你的企业是广泛而多样的。一个公司面临着来自自然、技术和人的威胁。始终考虑你的组织的活动、决定和互动的最好和最坏的可能结果。识别威胁是设计防御措施的第一步，以帮助减少或消除停机时间、妥协和损失。

原文始发于微信公众号（网络安全等保测评）：识别威胁