OdeToCode IC Logo

Threat Modeling For the Holidays

Tuesday, December 14, 2004

Many of you will have friends and family over between now and the beginning of the new year. They’ll eat your food, drink your eggnog, and fall asleep on your sofas at the most inconvenient moments. More importantly, however, they will be around your electronic equipment and your home network. Don’t let love, friendship, or a blood relationship lull you into a false sense of security. The time to start planning your defense starts now.

Whenever I need some information about security, I turn to Anil John’s SecureCoder.com site. Anil is a fellow CMAP member whose obsession with security shows through at every meeting. Anil regularly makes comments like:

   Why are you running as administrator?
   Hey – that password is in plaintext!
   You did what with the request validation setting?!?!?

Anil’s blog has some great posts on security and also about threat modeling. Threat modeling is an important step in planning an in-depth defense against holiday guests. You need to identify assets, identify threats, and build attack trees. Only after analysis is complete will you understand the true perils of having people inside your home.

Before starting your project, I suggest putting together a guest list and jotting down some notes about each individual. An example guest list is shown in figure 1.

Charlie (Uncle) Only wants to check stock quotes on the computer, but always mistypes a URL and ends up clicking “Yes”, “OK”, and “Accept”.
Fred (Nephew) Two years ago, Fred asked for a laptop to finish his school geography assignment. Removing all the chat software afterwards required the magnet from a 15-inch subwoofer.
Jasmin (Neice) Last year, she was found in the home office brute forcing SAM passwords from an NT Emergency Repair Disk with software on a jump drive. 
Wendy (Aunt) Regularly forces an evacuation of the premises when microwaving popcorn.
Figure 1: The guest list. Never underestimate your adversaries.

Another technique Anil talks about is using multiple layers of defense. It is important to have a fall back in case a guest circumvents the outer protective shell. For instance, not giving your guests administrator privileges will prevent many problems, but what if they stumble across the piece of paper from the locked firebox behind the hollow brick in the basement where you scribbled the administrator passphrase in lemon juice? You are screwed!

One plan would be to ask such a guest to leave the house immediately, but I realize this plan is fraught with emotional complexities. Another plan, one I like to call “Operation Blackout”, requires you to find the master circuit breaker for your property. By revoking power from targeted areas of the house, you can be sure no packets flow over the network - even while the turkey continues to cook in the kitchen!

Remember to plan ahead, and best wishes for an electronically safe and happy holiday season.