What is the STRIDE Model?

The STRIDE model stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, and Elevation of Privilege. This is a method that can be used to evaluate a system that you currently have in place or a system that you would like to implement in your organization.

As we have previously discussed data is the current currency of the world. To better protect your data it is important that you understand what your data is doing, where is it, and how it is being moved throughout your systems. You can use the STRIDE model to help you look at each portion of your system to determine if you are in the best security posture.

Spoofing is when an attacker tries to disguise a form of communication to get your users to disclose information or credentials. If your system has a connection to the internet through email, text, or video messaging this is where you would want to think about the S in the STRIDE model. What policies, and procedures do you have in place at that entry/exit point to better protect your users? This could email detection policies, spam policies, and a quarantine process that if communication is seen as malicious it will be quarantined to prevent the possibility of a user clicking on the attachment or link.

Tampering is when an attacker alters the original data in some way. If you are looking at your system think about when your data is at rest. Many times once you put something in a storage area you do not think about it, and this could be a big mistake. It is important that you have processes in place that check to make sure that if there is data that is at rest it is being checked to ensure that there is no tampering with that data.

Repudiation is making sure there are ways to prevent someone from being able to say that they adjusted the data in any way. Repudiation is the part of the STRIDE model that many people who are creating systems sometimes forget. Not because it is not an important part, but because they always make sure that they have logged in place in their environment. Logging is great don't get me wrong, but what good is a log if you never have a system in place to analyze and look at the logs? This could be a great place in your environment for an AI system that takes log information creates a heuristic profile of that particular type of log and monitors the logs as they come in, when there is something that seems off then an alert is triggered.

Information disclosure is what many people when they are creating a system or adjusting a system tend to try to prevent. It is making sure that you can't just download information that should be protected in plain text. You will see this through the encryption of data, limiting the amount of data that can be downloaded at a time, and even RBAC rules that prevent users who should not have access to information from accessing it in the first place. This will give you a chance to look at your system and ask the question where is my data flowing throughout this system, is it necessary, should it be going there, and who has the permission to send it to that location?

Denial of Service is where you prevent traffic to a device or network resource. When looking at your system it is bested to see where these points in your system are and put policies and procedures in place that if an influx of packets is detected it will adjust the firewall settings to prevent access to the source address.

Finally, you have elevation of privilege which is when an attacker gains access to a lower account and exploits the system weaknesses to gain high or administrative access. Consider in your system diagram at this point where could an attacker use the tools that are available to perform a privilege escalation, and how do I stop this possibility,

There is no way for a system to be 100% secure but if you take your system and really look at it through the lens of the STRDE model you will have tackled the most common and likely ways an attacker will try to get into your system