Secure networking without commercial devices

Zero-trust network without commercial devices – Threat Modeling Report

Threat Model Name: Zero-trust without commercial devices

Owner: Sec

Reviewer: LibreSecurity

Contributors: Sec

Description: Zero-trust without commercial devices for small business

Assumptions: All consumer devices are used in this solution

External Dependencies:None

 

Notes:

Id Note Date Added By
1 ghg 2020-06-08 11:41:32 PM (updated August 2021) Sec

Threat Model Summary:

Not Started 3
Not Applicable 2
Needs Investigation 0
Mitigation Implemented 0
Total 5
Total Migrated 0

Diagram: Diagram 1

Diagram 1 diagram screenshot

Diagram 1 Diagram Summary:

Not Started 3
Not Applicable 2
Needs Investigation 0
Mitigation Implemented 0
Total 5
Total Migrated 0

Interaction: One-way access w/NAT

One-way access w/NAT interaction screenshot

1. An adversary can deny actions on Cloud Gateway due to lack of auditing  [State: Not Started]  [Priority: Low]

Category: Information disclosure
Description: An adversary may perform actions such as spoofing attempts, unauthorized access etc. on Cloud gateway. It is important to monitor these attempts so that adversary cannot deny these actions
Justification: <no mitigation provided>
Possible Mitigation(s): Ensure that appropriate auditing and logging is enforced on Cloud Gateway. Refer: &amp;amp;lt;a href=&amp;quot;https://aka.ms/tmtauditlog#logging-cloud-gateway&amp;quot;&amp;amp;gt;https://aka.ms/tmtauditlog#logging-cloud-gateway&amp;amp;lt;/a&amp;amp;gt;
SDL Phase: Implementation

 

Interaction: One-way access w/NAT

One-way access w/NAT interaction screenshot

2. An adversary can deny actions on Cloud Gateway due to lack of auditing  [State: Not Started]  [Priority: Low]

Category: Information disclosure
Description: An adversary may perform actions such as spoofing attempts, unauthorized access etc. on Cloud gateway. It is important to monitor these attempts so that adversary cannot deny these actions
Justification: <no mitigation provided>
Possible Mitigation(s): Ensure that appropriate auditing and logging is enforced on Cloud Gateway. Refer: &amp;amp;lt;a href=&amp;quot;https://aka.ms/tmtauditlog#logging-cloud-gateway&amp;quot;&amp;amp;gt;https://aka.ms/tmtauditlog#logging-cloud-gateway&amp;amp;lt;/a&amp;amp;gt;
SDL Phase: Implementation

 

Interaction: One-way access w/NAT

One-way access w/NAT interaction screenshot

3. An adversary can deny actions on Cloud Gateway due to lack of auditing  [State: Not Applicable]  [Priority: Low]

Category: Information disclosure
Description: An adversary may perform actions such as spoofing attempts, unauthorized access etc. on Cloud gateway. It is important to monitor these attempts so that adversary cannot deny these actions
Justification: <no mitigation provided>
Possible Mitigation(s): Ensure that appropriate auditing and logging is enforced on Cloud Gateway. Refer: &amp;amp;lt;a href=&amp;quot;https://aka.ms/tmtauditlog#logging-cloud-gateway&amp;quot;&amp;amp;gt;https://aka.ms/tmtauditlog#logging-cloud-gateway&amp;amp;lt;/a&amp;amp;gt;
SDL Phase: Implementation

 

Interaction: One-way access w/NAT

One-way access w/NAT interaction screenshot

4. An adversary can deny actions on Cloud Gateway due to lack of auditing  [State: Not Applicable]  [Priority: Low]

Category: Information disclosure
Description: An adversary may perform actions such as spoofing attempts, unauthorized access etc. on Cloud gateway. It is important to monitor these attempts so that adversary cannot deny these actions
Justification: <no mitigation provided>
Possible Mitigation(s): Ensure that appropriate auditing and logging is enforced on Cloud Gateway. Refer: &amp;amp;lt;a href=&amp;quot;https://aka.ms/tmtauditlog#logging-cloud-gateway&amp;quot;&amp;amp;gt;https://aka.ms/tmtauditlog#logging-cloud-gateway&amp;amp;lt;/a&amp;amp;gt;
SDL Phase: Implementation

 

Interaction: Zero-trust access

Zero-trust access interaction screenshot

5. An adversary can deny actions on Cloud Gateway due to lack of auditing  [State: Not Started]  [Priority: High]

Category: Repudiation
Description: An adversary may perform actions such as spoofing attempts, unauthorized access etc. on Cloud gateway. It is important to monitor these attempts so that adversary cannot deny these actions
Justification: <no mitigation provided>
Possible Mitigation(s): Ensure that appropriate auditing and logging is enforced on Cloud Gateway. Refer: &amp;amp;lt;a href=&amp;quot;https://aka.ms/tmtauditlog#logging-cloud-gateway&amp;quot;&amp;amp;gt;https://aka.ms/tmtauditlog#logging-cloud-gateway&amp;amp;lt;/a&amp;amp;gt;
SDL Phase: Implementation