-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathfractus.py
25 lines (23 loc) · 5.4 KB
/
fractus.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import json
import pandas as pd
from pandas.io.json import json_normalize
def generateEmptyThreatModel():
fractus = [
{"id": 1,"question": "Does the service provide direct internet egress functionality?","why":"Direct internet access functionality may bypass centralized network logging, monitoring, and visibility resulting in data exfiltration.","severity": "High"},
{"id": 2,"question": "Does the service introduce a network entry point (ingress access) from the internet?","why":"Often cloud services can be configured to be accessible directly from the internet resulting in a larger attack surface and increased risk of remote compromise.","severity": "High"},
{"id": 3,"question": "Can the service resources be made publicly accessible?","why":"Accidental public exposure is the most common cloud security headline. Simple misconfigurations by making databases, object storage repositories, and snapshots public can cause extensive damage to a company.","severity": "Critical"},
{"id": 4,"question": "Does the service expand or elevate administrative/privileged permissions to other services?","why":"Least privilege policies can be difficult to implement at scale. There are numerous tools and technologies that can assist with this. Often, enabling a single cloud service cascades into additional service dependencies and authorizations necessary to make the intended service function effectively.","severity": "Medium"},
{"id": 5,"question": "Does the service provide functionality to create native/local user or service accounts?","why":"Services may not be fully matured into the broader cloud provider's authentication and authorization schemes. There may be further due diligence and configuration necessary to secure the additional sprawl of service specific accounts.","severity": "Medium"},
{"id": 6,"question": "Does the service provide encryption at rest functionality?","why":"Encryption at rest primarily protects against physical hardware compromise and theft. Depending on where the encryption occurs, it may result in incremental blast radius reduction from best to worst (data record level, data platform level, infrastructure/disk level). Another determining factor is whether encryption at rest utilizes different keys per customer/tenant.","severity": "Low"},
{"id": 7,"question": "Does the service provide connectivity via unencrypted protocols?","why":"Public cloud providers are accessed via the internet (or tunnels, VPNs, WAN, private fiber) and likely require network traffic to traverse multiple internet service providers (ISPs) and routing paths. There are opportunistic network points available for adversaries and entities to monitor, intercept, or modify this traffic. Cryptographic protections are an effective defense to ensure the confidentiality and integrity of network layer communications.","severity": "Medium"},
{"id": 8,"question": "Does the service run within or attach to a private network?","why":"Much of the risk and impact of this is dependent on the private network routing and reachability across the backend service network. There are often tradeoffs to be considered as to whether or not resources should be attached to a private network. For situations that are necessary based on internal layer 3 access dependencies, the use case will need to be reviewed for appropriate network segmentation. If a service does not have a layer 3 dependency, it should be evaluated whether the tradeoffs of aggregate network visibility and connectivity from being attached are worth the tradeoff of full layer 3 isolation and explicitly defined access models (zero trust principle?).","severity": "Medium"},
{"id": 9,"question": "Does the service have additional logging functionality that needs to be enabled?","why":"Logs are valuable resources to triage and investigate issues. Searchable logs can identify compromised resources during incidents or feed monitoring capabilities for proactive threat monitoring. Often, service logging is not enabled by default and will need to be explicitly enabled for increased service visibility.","severity": "Medium"},
{"id": 10,"question": "Does the service have its own resource level Identity and Access Management (IAM) policies?","why":"Understanding and focus on the entirety of an access and authorization pattern for a cloud service is a foundational necessity. Cloud services may have resource specific policies when, if overlooked and unmanaged, could result in a misconfiguration that provides unintended access.","severity": "High"},
{"id": 11,"question": "Does the service have any 3rd party compliance attestations/certifications?","why":"Cloud adoption includes a shared responsibility model. That responsibility is governed via a legally binding contract by both parties. The contract ensures that the cloud provider is responsible for maintaining an adequate level of security. To quantify that 'third-party trust', independent assessments by reputable third-party organizations can provide increased assurance that a cloud provider is meeting the expectations of their service delivery and security expectations.","severity": "Medium"}
]
return fractus
fractus = generateEmptyThreatModel()
dfFractus = pd.DataFrame(fractus)
dfFractus.to_csv('threatmodel-fractus.csv', index=False)
dfFractus.to_excel('threatmodel-fractus.xlsx', index=False)
print('Fractus threat model successfully generated checklist files: threatmodel-fractus.csv and threatmodel-fractus.xlsx')