2021/06/08 Risk Management And The Attack Kill Chain

Risk Management And The Attack Kill Chain


The attempt to keep yourself secure online or offline can be confusing and tedious, but it is necessary. Keeping a secure platform is a process of patience, thoughtful planning, and auditing. But doing so can allow you can create a full risk report. When it comes down to the bare bones of security, most find it is not about the tools you use. It begins with understanding of the systems you use and the unique threats you face and how you can counter those threats. The process of threat modeling and risk management in computer security, is a finding a potential event that could undermine your efforts to defend your system. You can counter the threats you face by determining what you need to protect and from whom you need to protect it. I recommend taking a method used by Red-Team and Blue-Team players.

There are certain advantages of following a methodology:

Here is a breakdown of a threat model or how to take audit and assess your risks. To start let us look at a basic What/Who/How flow.

Once completed you can gauge what kind of security you are going to need. The purpose of this is to create a necessary amount of security based on the amount of risk. High Risk, High Security. Then mark your calendar for a date in the future. This will prompt you to review your threat model and check back in to assess whether it is still relevant to your situation.

A similar line of thinking is performed by the attackers perspective using the Attack/Kill Chain. These methodologies all encompass and are integrated in a framework that views the network from the perspective of an attacker, the "Kill Chain" or the "Attack Chain". The Kill Chain approach to an attack that includes the steps taken by a attacker when they are attacking a system. It does not always proceed in a linear flow as some steps may occur in parallel. Multiple attacks may be launched over time at the same target, and overlapping stages may occur at the same time. How attackers apply these steps when exploiting systems, the following shows a typical kill chain of a attacker:

A typical kill chain of a attacker can be described as follows:

Kill chains are models of a attackers behavior when they attempt to compromise a system. As a model, it can incorporate any and all attack vectors until their objective is complete. Unlike the methodologies, however, it ensures a strategic level focus on how a attacker approaches the system. This focus on the attackers activities will serve as guide on how one must think when attacking a system.