Purpose
A Network object is used to represent a network area/zone. All hosts connected to the same network can communicate with each other without any restrictions in communication. If hosts are restricted to communicate with each other, they should be connected to different network objects in the model.
Connections
| Object | Connection | Description | Function |
|---|---|---|---|
| Host | Connection | A connection to a Host object denotes that a host has a logical connection to this particular network. | A missing connection to a Host prevents compromise through Hosts. |
| Vulnerability Scanner | Authenticated Scan | Tells that there is a VilnerabilityScanner with login credentials monitoring the Hosts connected to this Network. | A missing Vulnerability Scanner increases the risk of FindUnknownService and FindExploitForPublicPatchableVulnerability. |
| Vulnerability Scanner | Unauthenticated Scan | Tells that there is a VulnerabilityScanner with no login credentials monitoring the Hosts connected to this Network by using "external" scans. | A missing Vulnerability Scanner increases the risk of FindUnknownService and FindExploitForPublic- PatchableVulnerability. |
| Dataflow | Communication | An association to a Dataflow denotes that the Dataflow passes via the Network. | A missing Dataflow association might make the calculation take a longer time (since the Dataflow association needs to be derived algorithmically instead). |
| Physical zone | Physical Access | A connection to a Physical Zone denotes that an attacker has physical access to the Network. | A missing Physical Zone prevents compromise by physical access. |
| Router | Administration | The Router can be administered from this Network zone. | An Attacker cannot DiscoverEntrance through an Administration Network. |
| Router | Connection | This is a general connection for regular Network-Router-Network traffic. | A missing Router between Networks indicates that there is no communication between them. |
| Network | Network exposure | Defines which Network the Service is accessible from. | Mandatory if the Host hosting the Service is connected to more than one Network. |
| Zone Management | Management | A connection to a Zone Management indicated that there are some maintenance routines regarding security that are practiced on this part of the network which applies to all Hosts on the Network. | A missing Zone Management might increase the risk of finding an unknown service, and make it possible to attack a non-patched (but patchable) vulnerability. |
Attack Steps and Defenses
| Attack Step | Description | Leads to |
|---|---|---|
| ARPCachePoisoning | The possibility to trick users/hosts/clients/dataflows to communicate with unintended systems. Gives access to Dataflows. | Network: DenialOfService Dataflow: Access |
| Compromise | The possibility to control/own it. | Network: DenialOfService Network: DNSSpoof Service: Connect UnknownService: Identify Datastore: Read Datastore: Write |
| DNSSpoof | The possibility to pretend being a DNS but providing malicious information. Gives access to Dataflows. | Dataflow: Access |
| DenialOfService | The possibility to block the network. (The communication medium.) | Dataflow: DenialOfService |
| Defense | Description | Impact | Default |
|---|---|---|---|
| DNSSec | DNSSEC adds authentication to communication through digital signatures. The purpose of enabling DNSSEC is to protect the network against DNS spoofing attack where the DNS cache is tampered with. | Prevents DNSSpoof. | Off |
| PortSecurity | Port Security (or Port-, MAC- binding) does not allow MAC addresses associated to a port to change. This prevents MAC- cloning and spoofing. | Can prevent Compromise when an Attacker has physical access. | Off |
| StaticARPTables | An ARP table maps IP addresses to physical MAC addresses. Static ARP Tables have static mappings which prevents ARP spoofing. | Prevents ARPCachePoisioning. | Off |