Question

Describe the STRIDE model and give an example of how to mitigate each of the threats.  

Answer 1

• STRIDE is a model developed byMicrosoft for identifying computer security threats.
• STRIDE is a model which is used by security or softwae engineers to identify all types of threats on server
• STRIDE is model or tool which is mainly used to classify threats
• The full form of Stride is mainly an acronym for types of threats.
• STRIDE stands for Spoofing,Tampering,Repudiation,Information Discllosure,Denial of Servise(DOS),Escalation of Previlagage.
• STRIDE is a threat model, or threat risk model.
• Threat Model is a process that reviews the security of any web-based system, identifies problem areas, and determines the risk associated with each area.
• By identifying Vulnerabilities,security objectives or identifying threats the Threat model can be established.

Now Lets discuss what STRIDE model is made for:

1. Spoofing: A user try to become another user or try to pretend another user to get an access to server or database is called as spoofing.Here Authentication is violated.
2. Tamering:If an attacker is able to tamper or try to modify the system data is called as Tampering.Here integrity is violated.
3. Repudiation:Here attacker is try to claiming to have not performed an action by erasing them from the logs, or by spoofing the credentials of another user.
4. InformaLon Disclosure:Many systems contain confidential information, and attackers often aim at getting hold of it. Here Confidentiality is violated.
5. Denial of Service:Crashing Windows or a web site, sending a packet and absorbing seconds of CPU Lme, or rouLng packets into a black hole is called DOS attack.
6. ElevaLon of Privilege:Any attacker try to access additional previlage which he may not be granted to access is called Elevation of privilage.

The ways or example to mitigate or avoid this kinds of threats can be:

1. By using technology to prevent a Hacks For example, for preventing tamperingwe can use  Digital signatures, cryptographic integrity tools, crypto tunnels such as SSH or IPsec. this techologie can be use to mitigate threats to server or system
2. For preventing ElevaLon of privilege we can use technologies like Roles, privileges, input validationon for purpose, (fuzzing*).we can also use sandbox and firewalls to prevent this.
3. for preventing Denial of services we can use ElasLc cloud design.For example:Load balancers

Thank You!