Microsoft's threat-modeling guide: Think like an attacker

Microsoft offers up security advice on how to fend off attacks against corporate IT resources by looking at ways that attackers can undermine an organization in its “IT Infrastructure Threat Modeling Guide” published today.

“Look at it from the perspective of an attacker,” says Russ McRee, senior security analyst for online services at Microsoft, the primary author of the 32-page guide that discusses the fundamentals and tactics of network defense. McRee said the “IT Infrastructure Threat Modeling Guide” is actually the outcome of a lot of thinking about the topic at Microsoft, which itself is using the guide as a reference.

The guide is not about Microsoft products and in fact “needs to be agnostic so it can work for anyone,” says McRee. “An organization has to figure out what their threats are.”

The guide offers ways that IT staff -- especially those without formal security training -- can analyze their own wired and wireless networks, model them for security purposes, in some cases along the lines of “trust boundaries and levels,” to determine where defenses should be.

The guide briefly explains the basic “pillars of IT security” as being “confidentiality, integrity and availability,” and spells out the major threats to data as “spoofing identity,” “tampering with data,” “repudiation,” “information disclosure,” “denial-of-service,” and “elevation of privilege.”

The guide states that “IT infrastructure threat modeling should be incorporated into an organization’s mindset as a matter of policy much like any other part of the validation, implementation and installation process.”

McRee said the guide is the first time Microsoft has published this type of security reference document, and it’s intended to offer “vision and use scenarios” to help IT managers think creatively in their risk-management programs.