Friday, April 21, 2023

Castle Defense 101 (aka Threat Modeling): an #InflectraCON2023 Live Blog

Well, good morning to everyone. We woke up to some excitement today. A fore alarm went off at 7:30 a.m. this morning, so I had to evacuate the venue. It was interesting watching me react to what was happening. I've always been fond of saying I'd be one to just get up and get out but as it turns out, no, I had the presence of mind to gather my stuff quickly and push it into some bags, grab my laptop and backpack, and then walked out. Fortunately, I travel relatively lean as a principle so it didn't take me long but were it a more dire situation, I fear I may have been one of those stragglers that might have been potentially cut off. All's well that ends well but yeah, gave me pause to think, to say the least.

Anyway, on to today's sessions.

Gene Gotimer Avatar

Gene Gotimer

DevSecOps Engineer, Praeses

This talk on Castle Defense is both entertaining and an interesting look at what we might face as potential security issues and how we want to protect against potential attacks. When we think of castles, we often think of grand, large structures. Interestingly, castles all start as smaller strutcures. If we think of the old chessboards and the character of the Rook (or the Castle, yes), they are minimalist towers in many cases and typically, that's where keep and bailey castles start, too. They may be small or not terribly imposing but they can still be remarkably effective at defense if set up correctly. This is an interesting metaphor when it comes to security because, in many ways, security is graded on a curve. It also helps to know what your castle or fortress is meant to defend. A manor home for a noble is designed to keep people out. Prisons are meant to keep people in. It's important to know what you are protecting and what direction matters. 

In addition to the conversations about potential security threats for applications, we are taking the time to look at and analyze actual castles from the medieval period and later to see what they did and how they set up their defenses, and then analyze ways we could undermine its security. Granted, some of these castles have been modernized and no longer set up in a logical way that would have addressed the threats of the past (an example of a castle in the Netherlands shows a ground-level manor with what looks to be no defensive walls, windows down to the ground, and a river flowing by outside. In short, it doesn't look to be defensive in any meaningful way, until you see the center tower. That tower resembles what may have been the original structure, with a broad overhand with machicolations (I love that word so much (LOL!) ) but you can see that time and necessities have changed how the building is used. It's original threat modeling from when it was built wasn't necessary for later centuries, so the building was adapted to face more modern realities. Many castle fortifications made sense in the era of catapult and trebuchet but became obsolete with the advent of gunpowder and cannons.

 So let's consider this in the modern world. We aren't building castles and keeps in the literal sense (generally speaking for this audience) but our applications are in many ways our castles. If they are breached or hacked, our data, our financial well-being, and our reputations are on the line, so the threats, while different, are every bit as potentially devastating. Thus we need to put time and attention towards making a rational and logical level of security for our applications. Some situations are going to require more hardening than others. If you have an informational site with no database backend for transactions, your threat modeling is going to be smaller and less intensive compared to a site that handles the personal data of individuals or the literal handling of payments. A WordPress blog is going to be lower in priority compared to a banking app. We need to measure our time and investments for the threats that make sense.

There's a site called "Threat Modeling Manifesto" that spells out a broad range of these possible attacks and threats and how to handle them. From their headline:

Threat modeling is analyzing representations of a system to highlight concerns about security and privacy characteristics.

At the highest levels, when we threat model, we ask four key questions:

  • What are we working on?
  • What can go wrong?
  • What are we going to do about it?
  • Did we do a good enough job?
This was an interesting way to talk about this topic and I applaud the creative approach. It took a potntially dry topic and made it a lot more engaging.

No comments: