Summary

In this chapter, we have discussed network threat modeling. Threat modeling in general is a technique to analyze, document, and mitigate the threats to a system or application. Applied to networks, it provides a critical foundation for securing the network. Only when we understand the usage of the network can we put together a coherent security strategy to protect it. Network threat modeling provides us with a way to analyze usage of a network as well as to analyze threats that arise because of that specific usage. After we have developed an understanding of these threats through the documentation phase, we can define a logical protection scheme in the segmentation phase. Finally, in the restriction phase, we can implement the network protection measures we determine appropriate during the segmentation stage. If the segmentation is implemented properly, there are less interdependencies in the network. This will also help in other situations, such as disaster recovery when you are trying to get a system back up again. The fewer interdependencies there are, the fewer systems are impacted by such an event.

Network threat modeling is a prerequisite to effective use of the techniques and technologies discussed in the remaining chapters. We can certainly start trying to protect a host without thoroughly understanding the threats it is faced with and the requirements it must meet. However, we are much more likely to achieve a solid and robust network design if we understand those aspects.