Page 106 - CISSO_Prep_ Guide
P. 106
the normal errors that occur. This focus on function is perfect for
designing a system that will work under normal conditions but is
incomplete. Their approach is focused only on how to misuse the
system or allow it to be used for their purposes.
An example of this is the 'ping' (ICMP) service that administrators
use to test network connectivity. The Ping was a small 32-byte
packet that would initiate a response from a remote device. This
would prove that two devices could communicate over a network.
Over the years, we have seen how hackers misused the ping
packet in ways that were totally unrelated to its correct function.
They created the "SMURF" attack to flood a device with
responses, a malformed ping into a large packet that could disable
a remote device in the 'ping of death' attack. Attackers use it for
mapping a network - all purposes which were unintended uses
and could interrupt system operations.
Since ping had been designed for a simple function, it had no
defenses to protect against its misuse. This explains why we must
consider the threat vectors and misuse cases of a system when
building it. Every system built today should be built with the
expectation that it will be attacked and, therefore, be built with
the ability to withstand an attack and continue to function
correctly. One of the tools that can be used to gather requirements
and assist in the alignment of security with business needs is
SABSA (www.sabsa.org). SABSA is an open-source framework
that guides a team through the requirements definition process. It
takes a top-down approach to understand the context and high-
level strategy of the business and then working down through the
layers of business units (concept), information systems, data, and
individual components. What a top-down approach does is to
ensure that the more detailed levels of the system are designed
and developed based on the larger picture of the overall business
