From the course: Threat Modeling: Spoofing In Depth
Spoofing as a part of STRIDE
From the course: Threat Modeling: Spoofing In Depth
Spoofing as a part of STRIDE
- Spoofing is about fakery. All sorts of things can be faked, from apples, are they really organic, to zydeco, if you hum a few bars. In cybersecurity, the focus of fakery is spoofing. Spoofing is really simple. I can make an assertion and everyone believes me. Little Red Riding Hood would be a shorter story if Grandma had asked the wolf for some identification. Spoofing is part of the mnemonic I use to help find threats. Stride. Stride stands for spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege. Identities that are faked or spoofed include both human and technical identities. Those technical identities include just about anything referred to by a name, machines, processes, microservices, web services, even files. I can fake a specific person. Hello, I'm William Shakespeare. A random person, hello, my name's John Doe. Or a person in a role, hello, I am a Nigerian prince. I can also fake systems. A clever student of Roux Academy could set up http rOux academy dot com with a zero instead of an O in an attempt to phish log-ins from unsuspecting teachers. I can fake micro services, and it's extra fun, 'cause they often spin up for a really short time. If I want to sell things, like set top boxes, I need to ensure that the decoder that receives encrypted video is authentic, not one in an emulator with keys that have been ripped out of a real device. Processes can be spoofed, too. If I connect to local host 1234, how do I know it's not an attacker spawning a new listener and squatting on that port? Attackers can spoof a file, say temp installer dot shell, by creating it before the authentic and proper creator can. Even authenticators can be spoofed. For example, some systems use IP addresses for authentication. If I use IP address ranges to control who can connect to a server, then I'm assuming that IP addresses are hard to fake. Spoofing is really, really easy if there are no authenticators. And even the best authenticators can be spoofed. There are no perfect systems, which makes spoofing a constant threat.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.