From the course: Learning Threat Modeling for Security Professionals
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Tampering with a file
From the course: Learning Threat Modeling for Security Professionals
Tampering with a file
- The T in STRIDE stands for tampering, which is all about unauthorized modification. Let's talk about the logs in my model. It turns out my diagram is not very clear about where these logs are stored. All models have this property. Omitted detail is the difference between model and reality. I could've changed my original diagram as I wrote the course, but left it to show you that models improve iteratively. It is pretty clear where the logs are not, on the billing server or on the media server. Originally, the logs were on a network attached storage server. Employees were treating this server as a data store and no one was responsible for its permissions, so anyone can read or write the logs. Anyone could tamper with them. To fix that and some other issues, they were moved to a cloud storage bucket. The trouble there was permissions were opened up a few months ago when there was a problem with the billing system, and, oops, no one remembered to lock them down. Again, anyone can read…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.