
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
1
Chapter 1
CHAPTER 1
Threat Modeling and
Risk Management
Since this book is about building secure Linux Internet servers from the ground up,
you’re probably expecting system-hardening procedures, guidelines for configuring
applications securely, and other very specific and low-level information. And indeed,
subsequent chapters contain a great deal of this.
But what, really, are we hardening against? The answer to that question is different
from system to system and network to network, and in all cases, it changes over
time. It’s also more complicated than most people realize. In short, threat analysis is
a moving target.
Far from a reason to avoid the question altogether, this means that threat modeling is
an absolutely essential first step (a recurring step, actually) in securing a system or a
network. Most people acknowledge that a sufficiently skilled and determined
attacker
*
can compromise almost any system, even if you’ve carefully considered and
planned against likely attack vectors. It therefore follows that if you don’t plan for
even the most plausible and likely threats to a given system’s security, that system
will be particularly vulnerable.
This chapter offers some simple methods for threat modeling and risk management,
with real-life examples of many common threats and their ...