Threat models and tools for staying safe, private and informed while Online, used by the average person.
Threat models and tools for staying safe, private and informed while Online, used by the average person.
OpSec or Operations Security, originally introduced by the United States Military during the Vietnam War, can be defined (when referring to Wikipedia) as a, "...process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information." OpSec is also a paradigm, and applicable to any activity within the physical and digital worlds; both increasingly intertwined and bound to the other.
The core motivation of OpSec is to protect what you value; often information or state, but sometimes tangible (or other intangible) goods too. OpSec is therefore any proactive efforts made to limit an attacker's ability to remove said value from you, for whatever their and/or your purposes. And Online OpSec is protecting what one values in relationship to coexisting with and using the Internet, all of which we explore in detail throughout the sections below.
Online OpSec, in the context of everyday Internet users is quite a serious/pressing topic, one best to be treated responsibly and with care. Thankfully, in a way similar to how large companies carefully deploy DevOps, individuals can apply Online OpSec tools and techniques to reduce their own risks; perhaps even more effectively and immediately, which is important to observe. Ideally Online OpSec becomes integrated into one's lifestyle choices, even your conscious thinking and (more submliminal) dreaming, during the day and night.
Thus the purpose of this document is to organize useful context (in the form of information about threat modeling) and powerful tools (most of which are free and open source software, or FOSS) for staying safe, private and informed while Online. If a resource mentioned inside this document does require one to spend money for access, said tool is assuredly both low-cost and high-return. Above all, please continue doing your own research to validate anything and everything herein.
Before diving into the world(s) of Online OpSec, it's important to understand what is at risk; more accurately, it's important to understand what we value. We value specific states that encourage human wellness; those being safety, privacy and access to information. Or being safe, private and informed. Each interconnected and reliant on the others for overall, personal success.
The substance of this document can help the individual maintain these conditions Online in conjunction with other states or pursuits or variables. To help explain, below is an overview of what safe, private and informed mean in the setting of this resource.
To be safe (when referencing Wikipedia) means to be, "...protected from harm or other non-desirable outcomes. Safety can also refer to the control of recognized hazards in order to achieve an acceptable level of risk." We can therefore see that to be safe means to employ a degree of agency over one's immediate environment. So, however relative and subjective, to be safe is (universally) to be gated, aware and responsive; which is best accomplished and sustained through cooperation with an interconnected community of like-minded people and other resources.
To have privacy or to be private (according to the IAPP) means to be, "...let alone, or [to have] freedom from interference or intrusion." Something is considered to be private when it relates to or impacts only a select few parties.
Online OPSEC is relevant to the average person (as written by Stuart Peck) in terms of privacy as, 'There’s a saying that goes, “If you have nothing to hide, you have nothing to fear.” The reality is that everyone has something they want to hide from the general public.' In other words, it is reliable to assume that most people value privacy to some extent, and therefore must maintain it.
To be informed (as mentioned on Merriam-Webster.com) means to be especially, "...knowledgeable in a particular subject[.]" This is also the state of access to information one has that you are seeking, even more so if it's required for your objective(s) to be met.
To be informed is to be aware of properties and their value(s); ideally within a single dashboard. The essence of remaining informed is the ability to quickly and flexibly scale one's awareness over whatever is of interest. Accomplished on the Internet with powerful Social Media Monitoring tools and simple techniques to enhance their usefulness.
There are many different potential threats (to what is valued) or adversaries faced by the average person, in terms of their/the Online reality. And these risks are also important to understand before diving into threat modeling and the relevant technologies, the tools.
An adversary (according to Merriam-Webster.com) is defined as, "having or involving antagonistic parties or opposing interests[.]" Along those lines, below we review three types of adversaries; which are social, technological and economic.
Social dangers can include being tricked into unknowingly divulging personally identifiable information. Or losing friendships due to gossip.
Technological dangers can include your computer being remotely accessed without your consent. Or one's smart home video surveillance system being illegally monitored.
Economic dangers can include theft of digital currencies or loss of a job.
The need to be secure (which is at the root or a product of privacy, safety and remaining informed) when using the Internet (in other words, when creating a digital footprint) is relevant to everyone; regardless of who, what, why, how, where and/or when one is. This is a consequence of and opportunity for/from an open Internet. Savvy users must thus be proactive to ensure effective participation, as threats abound.
Moving forward, threat models are covered first, followed by specific tools; extensions in the pursuit of reaching for that meta (yet granular) agency, an ideal asset indeed.
A threat model is a structured and systematic means by which individuals can identify potential vulnerabilities, understand the implications of each and respond accordingly in order to mitigate any potential damage. The intention behind threat modeling, as mentioned on Wikipedia, is to offer an, "...analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker." In other words, designing a threat model is the conducting of an organized review of one's current situation and possible or foreseeable future dangers therein.
The objective for deploying a threat model is to determine what can go wrong inside a given set of variables; providing the modeler tactical advantages that might have otherwise been missed from lack of perspective and preparation. The use of threat models is akin to doing one's homework on probable realities. Best done (according to Martin Fowler) a little bit at a time, but frequently.
There is an underlying or common pattern among many threat models, generally consisting of five interrelated steps/phases. The first step is to identify the information/assest(s) that are critical to your operation. The second step or phase is to conduct an analysis of the possible threats to what you're protecting (what you value). The third step is to conduct a review of how you might be vulnerable to the attacks identified in the previous step. The fourth step is to map out how likely your risk is given the information generated so far. And the fifth phase/step includes deploying any appropriate countermeasures.
Below you will find a growing number of specific threat modeling techniques that can be applied to anyone's security situation Online.
LINDDUN is an acronym for seven different threat categories; including linkability, identifiability, non-repudiation, detectability, disclosure of information, unawareness and non-compliance. And is carried out over six steps. 1. Model your Data Flow Diagram (DFD) 1. Map privacy threats to DFD elements 1. Identify threat scenarios 1. Prioritize threats 1. Select suitable mitigation strategies 1. Select corresponding Privacy Enhancing Technologies (PETs)
The six steps of the LINDDUN method are explored below.
Understand how your system is organized, using Data Flow Diagrams.
While relying on DFDs, investigate each element for possible threats.
Once a threat is identified, make a note of it.
Determine which threats are most pressing.
Resolve and overcome each threat by choosing the correct solution(s).
Include the use of privacy enhancing technologies (PETs) in your total approach.
Let's now explore the seven different threat categories addressed by the LINDDUN model, with help from the LINDDUN organization; as quoted below.
When an attacker can, "...link two items of interest without knowing the identity of the data subject(s) involved."
When an attacker can, "...identify a data subject... ...through an item of interest."
When a, "...data subject is unable to deny a claim[.]"
When an attacker can, "...distinguish whether an item of interest about a data subject exists or not[.]"
When an attacker can, "...learn the content of an item of interest about a data subject."
When a, "...data subject is unaware of the collection, processing, storage, or sharing activities... ...of the data subject’s personal data."
This is the, "...processing, storage, or handling of personal data is not compliant with [standards.]"
The LINDDUN threat model is simple and robust. It's also one of my favorite techniques for analyzing personal Online vulnerabilities; primarily because it produces strong and distinct results.
PASTA stands for Process For Attack Simulation And Threat Analysis.
There are seven stages involved in the PASTA model. 1. Define Objectives 1. Define Technical Scope 1. Application Decomposition 1. Threat Analysis 1. Vulnerability And Weaknesses Analysis 1. Attack Modeling 1. Risk And Impact Analysis
The seven phases of PASTA explained.
Identifying your goals.
Define where you're interfacing with the Internet, where you're exposed.
Box each element of your situation into their basic elements.
List out your potential threats.
Connect where you're exposed to assets (what you value) and possible attackers.
Create hypothetical situations for how attackers might attempt to remove value from you.
Generate an overall understanding of what the consequences and likelihood(s) are for certain attacks.
The PASTA model (as mentioned by Tony UV) is a, "...flexible, phased approach for [the] adoption of... ...threat modeling[.]"
STRIDE (originally introduced by Microsoft) is an acronym representing six different types of threats, each tied to a desired/alternative state or property: * Spoofing / Authenticity * Tampering / Integrity * Repudiation / Non-Repudiability * Information Disclosure / Confidentiality * Denial Of Service / Availability * Elevation Of Privilege / Authorization
According to Wikipedia, STRIDE is typically applied when attempting to, "...find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows and trust boundaries." The STRIDE model is popular because it is effective, but that relevancy (as mentioned by Kevin Poniatowski) has been waning.
What follows are the six different threats (as outlined above) that the STRIDE model examines in detail.
Spoofing (as explained by Forcepoint) is the misrepresentation of one's identity when communicating, whether that be of a person or computer.
Tampering (according to Merriam-Webster.com) refers to, "...interfere so as to weaken or change for the worse..."
Leaving no trail or details of illegal or unauthroized activity.
Gaining access to private and/or secure information without proper authority.
Preventing intended users from having access to a resource.
Unauthorized expansion of abilities as a user.
The STRIDE threat model is especially useful for understanding one's personal Online Operations Security situation.
Now that we have overviewed a number of threat models, let's take a look at the best tools and technologies accesible to the average person for remaining safe, private and informed while Online.
The tools organized below are useful for remaining secure while Online. Special attention has been given to the overall usefulness of each utlity for the average person. In other words, most of the resources listed below are picked for their simplicity and overwhleming effectiveness. There are more powerful tools available, but those are considered to be expert level technologies, therefore unnecessary or outside the scope of this document.
Applications for the Android mobile Operating System.
Reputable and effective antivirus software for Windows computer. Which can be understood (by referring to TechTerms) as a, "...type of utility used for scanning and removing viruses from your computer."
Literature for understanding the larger thought-space of personal security; both Online and off.
Critical security and privacy add-ons for the Firefox Browser.
The average Web Browser (according to Mozilla.org) enables users to go, "...anywhere on the internet, letting you see text, images and video from anywhere in the world." The modern Browsers of today's Web are able to do much more than view text, images and videos; including text-to-voice translation, secure Online shopping and the inclusion of extensions/add-ons.
These are tools that Internet users can use to verify how secure or insecure an Web experience is. Or, how much information your digital footprint, inside a given moment, contains or expresses.
Tools for permanently deleting data on your computer.
A disc is one's hard drive, whether that's a standard Hard Disc Drive or a more modern Solid State Drive. And encryption (according to Wikipedia) is the, "...process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information." So, disc encryption is therefore the process of encoding of information stored therein.
A firewall (according to Indiana University) is a, "...system designed to prevent unauthorized access to or from a private network. ... Firewalls prevent unauthorized internet users from accessing private networks connected to the internet, especially intranets." The purpose and useuflness of a firewall doesn't change, whether you're securing a business or a home network.
An Operating System (sometimes abbreviated simply as "OS", when referencing GCFGlobal) is the, "...most important software that runs on a computer. It manages the computer's memory and processes, as well as all of its software and hardware. It also allows you to communicate with the computer without knowing how to speak the computer's language." All of the Operating Systems explored below are Linux distributions.
Password storage is accomplished with password manager software, which (referencing WeLiveSecurity) is a type of, "application specifically designed to store your login details in an encrypted vault and to generate complex passwords for you[.]"
A search engine (according to Computer Hope) is, "...software accessed on the Internet that searches a database of information according to the user's query. The engine provides a list of results that best match what the user is trying to find" These tools are useful for finding lots of relevant information quickly; or, scaling the Internet with ease.
The use of these tools, as well as the search engine listed above, is the conducting of open-source intelligence (OSINT) gathering. OSINT is (referring now to Wikipedia) a, "...methodology for collecting, analyzing and making decisions about data accessible in publicly available sources to be used in an intelligence context." Which can be applicable to a personal context as well, simply by intending for it to.
Below you will find various Social Media and trend monitoring tools, organized by platform/type.
A VPN or Virtual Private Network (according to Wikipedia) allows a user to safely, "...send and receive data across shared or public networks as if their computing devices were directly connected to the private network." All of which is accomplished with strong encryption.
Resources for helping Internet users permanently delete their accounts with various Web Service(s) providers, such as Google or Netflix.
There are a healthy number of reliable techniques and dozens of powerful tools available to the averge person for staying safe, private and informed while Online. This document brings the best of them to you; the "tools most fit for the average person".
Over the coming months, the information and resources found herein will continue to grow; ideally becoming a first class resource for those interested in the serious topic of personal Online OpSec. Many thanks to those who have already suggested improvements to this project.