Mitigating the Sample Payroll Application Threats

Viewing on-the-wire payroll data

I

Use SSL/TLS to encrypt the channel between the server and the client. Could also use IPSec.

Upload rogue Web pages or Web service code

T

Require strong authentication for the Web developers. Provide strong ACLs on the files so that only Web developers and administrators can write or delete the files.

Attacker denies service to application

D

Use a firewall to drop certain IP packets. Restrict resources used by anonymous users (such as memory, disk space, and database time). Finally, move the log files to another volume.

Attacker manipulates payroll data

T & I

Protect the updated payroll data traffic by using SSL/TLS or DCOM/RPC with privacy, depending on the network protocol used. This will mitigate the information disclosure threat. SSL/TLS also provides message authentication codes to detect data-tampering attacks. DCOM/RPC also provides integrity checking when the privacy option is selected. IPSec could also be considered.

Elevate privilege by leveraging the service client request process

E

Run the process following the guidelines of least privilege. If the process is compromised, the code cannot gain extra capabilities.

Spoof Web server

S

The simplest solution is to use either SSL/TLS, which will allow the client software to authenticate the server, if the client is configured to do so. Corporate policy dictates that all clients must do so. Also, Kerberos authentication could be used. Kerberos provides mutual authentication of the server and client.