Simulation Options

This section describes the three menu items related to the simulations.

Simulation Menu Item
Simulation Menu Item

This brings up a dialogue with settings for the simulations to be made.

Simulations Configurations Dialogue
Simulations Configurations Dialogue

 

  • Samples: The amount of simulation rounds securiCAD shall run in order to make probability based results stabilize. In the securiCAD Community Edition,. there is a limit of maximum 1000 simulations.
  • TTC infinity threshold value: The limit where securiCAD shall stop following an attack path. In this example, when an attack takes more than 100 days, we do not continue simulating it.
  • Enable debug logging: Used when in contact with the foreseeti support team.

General Views versus Object Views

Main Difference

In securiCAD the middle/main area of the program will be the area where you can drop and view objects and their connections. When starting securiCAD you will either see a new empty canvas area called “View 1” or the ACME Example Model.

In the previous parts of this user manual, we describe adding objects to this canvas and making connection between them. We also dropped objects into other objects to bundle/hide them.

When we double-click to open an object, a new tab will be shown with the contents of the opened object. This is what we call an “Object View”.

Double-clicking on the Stage srv 2 object in the ACME Example Model, we see that it contains additional objects.

The contents (object view) of the Stage srv 2 Host object
The contents (object view) of the Stage srv 2 Host object

In the above image, we see the object view of the Stage srv 2 Host object. It shows what objects are contained within the Stage srv 2 Host object.

Object views are used for navigating your model structure in a hierarchical way.

Object View limitations

Since all objects in an object view are connected to the main object (in this case Local Accounts, LSASS, RDP Service, SSH Client and Windows Server 2008 are all connected to Stage srv 2), only objects that can be connected/added to a Host object are allowed here. This means that you can not, for instance, add a WebApplication or Firewall object here.

Furthermore, when on a general canvas, you can select an object and use the left bound arrow to see connected objects and the right bound arrow to add new objects. This functionality is not available when you are in an object view.

The right-click function “Show all connected objects” is also deactivated when you are on an object view.

When looking at objects contained in an object view, the right-click Hide functionality is deactivated.

Managing Objects and Connections Without Using the Canvas

In the lower left area of securiCAD we have seen an area called “Object View” presenting other objects the selected object is connected to. There is also functionality for adding and deleting objects and connections using this method. This is a way of working that will not require you to locate and put an object onto a canvas in order to work with it. Therefore, this method of object and connection management is most efficient when working on building and changing larger models.

Inspecting Connections of an Object

In the securiCAD user interface, there is an area called “Object View”. This area is showing the connections and some other properties of the object currently selected on the modeling canvas or in the Object Explorer list of objects. Having a few objects connected like in our current example and selecting the prod2dev router object, will show what other objects it is connected to.

Connections of the Prod2Dev Router object
Connections of the Prod2Dev Router object

 

In the above example we see that the object “Prod2Dev”, of type Router is connected to one AccessControl, one Firewall and four Network objects.

Editing Connections

From the Object View, you can unfold the different object labels to see other objects connected to the selected one. Clicking “Edit” will then bring up a new panel in the program letting you add and remove connections by moving them between lists of connected and unconnected/connectable objects in the model.

Connections of the Prod2Dev Router Object, Edit Mode
Connections of the Prod2Dev Router Object, Edit Mode

 

Removing a Connection

Selecting a connected object and clicking “Disconnect” will remove the connection. Please note that it will not remove any of the objects from the model, only the connection.

Disconnecting an Object
Disconnecting an Object

 

If the objects you have disconnected both are present on a canvas, you will see that the interconnecting line between them will be removed.

Adding a Connection

The opposite of disconnecting two objects is to select a non-connected object and then use the “Connect” button below the “Available Network(s) from the model” area.

Adding an Object While Connecting

If you need to connect an object that has not yet been added to the model, you can do that on-the-fly by first unfolding the “Create New Object” label, enter a new name for the object to be created, adjust the defense settings and when clicking “Add” it will be created and connected at once.

Create new object while connecting
Create new object while connecting

 

If there are several types of connections to choose from (like with Administration/Connection between Router and Network), we will be prompted to choose one of them like when adding an object via the canvas method.

Worth mentioning is that when an object already has a connection that it can only have one instance of, the “Create New Object” option is grayed out. Such an example is when a Dataflow already is connected to a Protocol.

This dataflow already has a protocol connected to it
This dataflow already has a protocol connected to it

 

Connecting Multiple Objects

Possibly the most efficient feature of managing connections this way is that you can select and connect several objects. For instance, if we want to connect all Network Admin zones to the same ZoneManagement object, we can do that in one operation.

Select all routers to be managed/administrated from the same network zone and connect them.

Selecting and connecting several objects
Selecting and connecting several objects

 

Picking several objects at a time and connecting (or disconnecting) them like this is particularly efficient when working with objects that are shared between many other objects such as Protocol objects, SoftwareProduct objects, ZoneManagement objects and so on.

Locating Objects and Connections

This section describes ways of locating objects and identifying what neighboring objects an object is connected to.

Search Tab

In the Object Explorer, the Model Explorer and the Views tab, there is an input field labeled Search.

This gives the possibility to type an object name or part of an object name to list all objects with that name. This is useful when you have a model containing many objects and you need to find all objects having a certain name. For instance, I have typed “prod” and that will show me only items having the string “prod” in them in the Object Explorer.

Searching for all objects containing the word "prod"
Searching for all objects containing the word “prod”

 

The search field is also acting on the objects’ ID numbers. This is useful when for instance the attack path is listing an object id and you want to investigate it. Then you can search for the ID number in the Search field to quickly find it.

Searching for all objects containing the number 13 or with ID number containing 13
Searching for all objects containing the number 13 or with ID number containing 13

 

Show All Connected Objects

When an object is present on a canvas, there is a function to show all objects connected to it. This function is used to avoid looking up all objects by hand.

 

Right-clicking to show the Show All Connected Objects function
Right-clicking to show the Show All Connected Objects function

 

Showing all connected objects in for instance the Lnx Oracle Srv component will give the following collection;

Showing all objects connected to the Oracle database server object
Showing all objects connected to the Oracle database server object

 

When there are numerous objects connected to an object, it is often convenient to show all connected object of a selected type. For instance, when working with a network zone and you want to see all routers connected to it, it is probably good to avoid showing all hosts connected to it as well.

ID Numbers on Canvas Objects

When referring to particular objects in large models, especially in models with numerous objects with the same name, it is convenient to show the unique object ID number on the objects on the canvas. This is selected via a check box in the Configuration -> Objects dialogue.

Selecting whether to show the object ID or not
Selecting whether to show the object ID or not

 

Enabling the ID number on the canvas objects will look like the following example.

Object IDs enabled
Object IDs enabled

 

Model Structuring

Adding New View/Canvas

Views, sometimes called canvases, are used to show a subset of the model, for instance holding objects of a certain type or category. The “circled plus” button in the tool bar will add a new view to the model.

To rename it, you can either go to the “Views” pane next to the “Object Explorer” or you right-click on the view/canvas and select the “Rename” option form the menu. This is only possible on views created manually, not on views automatically generated by securiCAD.

Alignment Buttons

Above the view/canvas area of the securiCAD tool, there are two alignment buttons, next to the zoom tool. These alignment buttons are active when two or more objects are selected.

Object alignment buttons.
Object alignment buttons.

 

These buttons align objects to each other horizontally or vertically, to a base line, top line or a center line.

Snap to Grid

The “Snap to Grid” button shows a grid that the modeling objects will be aligned to when moved around.

Grid based alignment
Grid based alignment

 

Guidelines

The “Guidelines” button will activate blue horizontal and vertical lines to show up, showing what other objects the currently moved object are aligned to.

Alignment guiding lines
Alignment guiding lines

 

Labeled Boxes

Labeled boxes are not part of the actual securiCAD model and are not considered during simulation.

However, they are a visualization help that can preferably be used when the modeling phase is nearing finished and the models shall be presented to other people. The modelers often has a clear picture of which objects belong to each other and why, but when it comes to explaining models to other people, grouping objects with boxes might be of good help.

Boxes are added by clicking the “Add Text Note” button above the modeling view/canvas.

The text note button.
The text note button.

 

In the following example we have drawn boxes around the objects related to a certain department.

Using labeled boxes for increased visibility.
Using labeled boxes for increased visibility.

 

Object Handling

When modeling objects exist in a model, on a canvas/view, it is possible to copy, paste and delete them in some slightly different manners. The operations below are found in the Edit drop-down menu and by right-clicking on the canvas/view itself.

Edit -> Cut/Copy/Paste

The cut, copy and paste operations cuts, copies and pastes an instance of an object so that it can be added to another canvas/view as well.

However, these operations do not add an extra object. They should therefore be seen more like cut/copy/paste on the visualization part of an object.

Edit -> Paste as Duplicate

Since the paste operation does not create a new object, there is an operation called “Paste as Duplicate”.

Using this will make a copy of the copied object and add it to a canvas/view. This is used for object duplication purposes.

Edit -> Delete/Hide

The difference between the Delete and the Hide operations is that Delete deletes the object from the model completely, while the Hide operation only makes the object non-visible, while it still exists in the model itself and thus can still be found in the list of objects in the “Model Explorer” window.

Shortcut key for hiding an object is backspace and for deleting an object, you can use the delete key.

Tool Bar Button for Adding Objects

In the tool bar in the upper area of securiCAD there is a downward pointing arrow for adding objects to a canvas. Clicking this arrow will show a menu of object categories where you can select objects to add. These objects are the same as the ones in the Object Explorer. This tool is specially useful if you close the Object Explorer tab to get more space to have a larger canvas.

Add objects tool.
Add objects tool.

 

File Handling

File -> New/Open Model/Save/Save As/Open Recent

The File menu items New/Open Model/Save/Save As and Open Recent behaves as with other softwares.

The file name extension of SecuriCAD’s modeling files is .sCAD.

Merging Models

In securiCAD there is a functionality for merging models. This is especially useful when collaborating with the modeling work or when you are working on several sub-models that you want to merge into one big model and then simulate.

Import Tool

The model merging tool is found under File -> Import -> Import Model.

Import Model

 

When using this function, you will import a model into the current model you have open in securiCAD including objects, connections and views you have from the model to be imported.

Import Report Dialogue

On successful import, you will get a dialogue reporting which objects were added to your current model.

 

Imported Objects

Attacker Object

If an Attacker object exist in the model you are about to import, securiCAD will ask you if you want to include it as well. If you do (and you already had an attacker in your current model), you will have two attackers in the model you are working on. There is no logical problem with this, but since attacks are coming from two directions, the attack influence might be a bit tricky to follow.

Include Attacker or Not?

Resulting Model

The model you are working on will now be extended with objects, connections and views from the model you have imported. However, there will be no automatic connections between the objects you already had and the objects you have just imported since securiCAD doesn’t know what the intention of the imported objects/model is. Therefore you have to make such connections manually.

For instance, if you have a network overview with routers and network zones in your existing model and someone helps you out with modeling a branch office zone and the related sub-zones, you need to manually connect the branch office zone to the correct location/router in the network overview.