Exercise 2

 


 

STRIDE Thread Model

 

No

Target

Threat

STRIDE

Techniques & technologies

1

HTTP connection between Web browser and Web Server

A malicious user views or tampers with personal payroll data en route from the Web server to the client or from the client to the Web server

T, I

Kerberos authentication requires the users to authenticate themselves before the communications channel is established.

Use SSL/TLS to protect the data from prying eyes as it travels between the client and the Web server.

 

Access Control List

 

No

Subject

Resource

Access Rights

1

Interactive Users

Web Pages

Deny All Access