{"id":446,"date":"2009-06-28T09:06:40","date_gmt":"2009-06-28T03:36:40","guid":{"rendered":"https:\/\/www.qadit.com\/blog\/?p=446"},"modified":"2009-06-28T09:06:40","modified_gmt":"2009-06-28T03:36:40","slug":"microsoft-says-%e2%80%9cthink-like-an-attacker%e2%80%9d","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/microsoft-says-%e2%80%9cthink-like-an-attacker%e2%80%9d\/","title":{"rendered":"Microsoft says \u201cThink like an attacker\u201d"},"content":{"rendered":"

Microsoft\u2019s \u201cIT Infrastructure Threat Modeling Guide\u201d offers security advice.<\/em><\/p>\n

 <\/p>\n

Microsoft offers up security advice on how to fend off attacks against corporate IT resources by looking at ways that attackers can undermine an organization in its \u201cIT Infrastructure Threat Modeling Guide\u201d.<\/p>\n

 <\/p>\n

<\/p>\n

Organizations today face a rising tide of cyberattacks on their computers and networks. IT professionals need a proactive approach to protect their assets and sensitive information against such attacks.<\/p>\n

 <\/p>\n

The free IT Infrastructure Threat Modeling Guide released by Microsoft provides an easy-to-understand method for developing threat models that can help prioritize investments in IT infrastructure security.<\/p>\n

 <\/p>\n

The following figure show the primary steps of the threat modeling process:<\/p>\n

 <\/p>\n

\n

\"IT<\/p>\n

 <\/p>\n

The IT Infrastructure Threat Modeling Guide is designed to help IT professionals accomplish the following:<\/p>\n

 <\/p>\n

  • Identify threats that could affect their organizations\u2019 IT infrastructures.<\/li>\n
  • Discover and mitigate design and implementation issues that could put IT infrastructures at risk.<\/li>\n
  • Prioritize budget and planning efforts to address the most significant threats.<\/li>\n
  • Conduct security efforts for both new and existing IT infrastructure components in a more proactive and cost-effective manner.<\/li>\n

     <\/p>\n

    \u201cLook at it from the perspective of an attacker,\u201d says Russ McRee, senior security analyst for online services at Microsoft, the primary author of the 32-page guide that discusses the fundamentals and tactics of network defense.<\/p>\n

     <\/p>\n

    The guide is not about Microsoft products and in fact \u201cneeds to be agnostic so it can work for anyone,\u201d says McRee. \u201cAn organization has to figure out what their threats are.\u201d<\/p>\n

     <\/p>\n

    The guide offers ways that IT staff — especially those without formal security training — can analyze their own wired and wireless networks, model them for security purposes, in some cases along the lines of \u201ctrust boundaries and levels,\u201d to determine where defenses should be.<\/p>\n

     <\/p>\n

    The guide briefly explains the basic \u201cpillars of IT security\u201d as being \u201cconfidentiality, integrity and availability,\u201d and spells out the major threats to data as \u201cspoofing identity,\u201d \u201ctampering with data,\u201d \u201crepudiation,\u201d \u201cinformation disclosure,\u201d \u201cdenial-of-service,\u201d and \u201celevation of privilege.\u201d<\/p>\n

     <\/p>\n

    \n

    The guide states that \u201cIT infrastructure threat modeling should be incorporated into an organization\u2019s mindset as a matter of policy much like any other part of the validation, implementation and installation process.\u201d<\/p>\n

     <\/p>\n

    This guide can be downloaded from:<\/p>\n

    https:\/\/www.microsoft.com\/downloads\/details.aspx?FamilyID=e1d53e3f-a512-4668-85b3-169a777fc58f&displaylang=en<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    Microsoft\u2019s \u201cIT Infrastructure Threat Modeling Guide\u201d offers security advice.   Microsoft offers up security advice on how to fend off attacks against corporate IT resources by looking at ways that attackers can undermine an organization in its \u201cIT Infrastructure Threat Modeling Guide\u201d.  <\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[24,12],"tags":[57,58],"class_list":["post-446","post","type-post","status-publish","format-standard","hentry","category-grc","category-itsec","tag-infrastructure-audit","tag-risk-assessment"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-7c","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=446"}],"version-history":[{"count":0,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/446\/revisions"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}