You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Threat modelling is the structured process of identifying potential threats to a network, understanding their impact, and prioritising defences. Combined with risk assessment, it allows organisations to make informed decisions about where to invest their security resources.
Threat modelling answers four fundamental questions:
| Question | Purpose |
|---|---|
| What are we building/protecting? | Define the scope — network architecture, assets, data flows |
| What can go wrong? | Identify threats and attack vectors |
| What are we going to do about it? | Define mitigations and controls |
| Did we do a good enough job? | Validate through testing and review |
Developed by Microsoft, STRIDE categorises threats into six types:
| Category | Threat | Network Example |
|---|---|---|
| S — Spoofing | Impersonating a legitimate entity | ARP spoofing, IP spoofing, DNS spoofing |
| T — Tampering | Modifying data or configurations | Man-in-the-middle, packet injection |
| R — Repudiation | Denying an action was performed | Insufficient logging, missing audit trails |
| I — Information Disclosure | Exposing data to unauthorised parties | Packet sniffing, DNS leaks, misconfigured shares |
| D — Denial of Service | Making a resource unavailable | DDoS, SYN floods, DNS amplification |
| E — Elevation of Privilege | Gaining higher-level access | VLAN hopping, exploiting misconfigured ACLs |
PASTA is a seven-stage, risk-centric threat modelling methodology:
| Stage | Activity |
|---|---|
| 1. Define Objectives | Align with business goals and risk appetite |
| 2. Define Technical Scope | Map the network architecture and data flows |
| 3. Application/Network Decomposition | Break down components, trust boundaries, entry points |
| 4. Threat Analysis | Identify threats using STRIDE, ATT&CK, or threat intelligence |
| 5. Vulnerability Analysis | Map vulnerabilities to threats |
| 6. Attack Modelling | Simulate attack scenarios and attack trees |
| 7. Risk and Impact Analysis | Prioritise threats and define mitigations |
The MITRE ATT&CK framework maps adversary tactics, techniques, and procedures (TTPs) across the attack lifecycle:
| Tactic | Network-Relevant Techniques |
|---|---|
| Reconnaissance | Port scanning, DNS enumeration, network sniffing |
| Initial Access | Exploiting public-facing services, VPN vulnerabilities |
| Execution | Remote code execution via network services |
| Persistence | Rogue network devices, hidden backdoors |
| Lateral Movement | Pass-the-hash, RDP, SMB exploitation |
| Exfiltration | DNS tunnelling, encrypted channels, steganography |
| Command and Control | Domain fronting, encrypted C2 channels |
Create a detailed network diagram including:
Trust Boundary Examples:
Internet ←──[Boundary 1]──→ DMZ
DMZ ←──[Boundary 2]──→ Internal Network
Internal ←──[Boundary 3]──→ Server Zone
Server Zone ←──[Boundary 4]──→ Database Zone
Wireless ←──[Boundary 5]──→ Internal Network
For each trust boundary and entry point, enumerate potential threats:
| Entry Point | Threat | STRIDE Category |
|---|---|---|
| Internet-facing web server | SQL injection | Tampering |
| VPN gateway | Credential brute force | Spoofing |
| Wireless network | Evil twin attack | Spoofing |
| Internal DNS | DNS cache poisoning | Tampering |
| Management VLAN | Unauthorised access to switch consoles | Elevation of Privilege |
Use risk scoring to prioritise threats.
Risk = Likelihood × Impact
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.