Threat Model Name: NETePay 5 Typical Configuration
Owner: Datacap Systems Inc.
Reviewer:
Contributors:
Description:
Assumptions:
External Dependencies:
| Not Started | 0 |
| Not Applicable | 5 |
| Needs Investigation | 0 |
| Mitigation Implemented | 22 |
| Total | 27 |
| Total Migrated | 0 |
| Not Started | 0 |
| Not Applicable | 5 |
| Needs Investigation | 0 |
| Mitigation Implemented | 22 |
| Total | 27 |
| Total Migrated | 0 |
| Category: | Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address. |
| Description: | SQL Database may be spoofed by an attacker and this may lead to incorrect data delivered to Native Application. Consider using a standard authentication mechanism to identify the source data store. |
| Justification: | NETePay 5 logs all ClientX access with IP source, time/date and error conditions. |
| Category: | Information disclosure happens when the information can be read by an unauthorized party. |
| Description: | Can you access SQL Database (Datacap Instance) and bypass the permissions for the object? For example by editing the files directly with a hex editor, or reaching it via filesharing? Ensure that your program is the only one that can access the data, and that all other subjects have to use your interface. |
| Justification: | NETePay 5 authenticates connection to custom SQL instance as only allowed user |
| Category: | Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes. |
| Description: | An attacker can read or modify data transmitted over an authenticated dataflow. |
| Justification: | An attacker would require Administrative Access to the machine to read or modify data from the SQL Database (Datacap Instance) |
| Category: | Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address. |
| Description: | SQL Database may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of SQL Database. Consider using a standard authentication mechanism to identify the destination data store. |
| Justification: | NETePay 5 authenticates connection to custom SQL instance |
| Category: | Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes. |
| Description: | SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker. |
| Justification: | NETePay authenticates to custom SQL instance as only authorized user with unique to NETePayinstallation creditials |
| Category: | Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec. |
| Description: | Does NETePay 5 or SQL Database (Datacap Instance) take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout. |
| Justification: | NETePay authenticates to custom SQL instance as only authorized user with unique NETePay installation creditials |
| Category: | Tampering is the act of altering the bits. Tampering with a process involves changing bits in the running process. Similarly, Tampering with a data flow involves changing bits on the wire or between two running processes. |
| Description: | An attacker can read or modify data transmitted over an authenticated dataflow. |
| Justification: | An attacker would require Administrative Access to the machine to read or modify data from the SQL Database (Datacap Instance) |
| Category: | Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address. |
| Description: | SQL Database (Datacap Instance) may be spoofed by an attacker and this may lead to incorrect data delivered to NETePay 5. Consider using a standard authentication mechanism to identify the source data store. |
| Justification: | NETePay 5 authenticates connection to custom SQL instance |
| Category: | Information disclosure happens when the information can be read by an unauthorized party. |
| Description: | Improper data protection of SQL Database (Datacap Instance) can allow an attacker to read information not intended for disclosure. Review authorization settings. |
| Justification: | NETePay authenticates to custom SQL instance as only authorized user with unique NETePay installation creditials |
| Category: | A user subject gains increased capability or privilege by taking advantage of an implementation bug. |
| Description: | An attacker may pass data into NETePay 5 in order to change the flow of program execution within NETePay 5 to the attacker's choosing. |
| Justification: | NETePay 5 does not support any configurable changes to execution |
| Category: | A user subject gains increased capability or privilege by taking advantage of an implementation bug. |
| Description: | ClientX OCX may be able to remotely execute code for NETePay 5. |
| Justification: | NETePay 5 does not support any configurable changes to execution |
| Category: | A user subject gains increased capability or privilege by taking advantage of an implementation bug. |
| Description: | NETePay 5 may be able to impersonate the context of ClientX OCX in order to gain additional privilege. |
| Justification: | NETePay does not allows impersonation of any context relative to a client request. |
| Category: | Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec. |
| Description: | An external agent interrupts data flowing across a trust boundary in either direction. |
| Justification: | CDE environment will be configured to prevent external access |
| Category: | Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec. |
| Description: | NETePay 5 crashes, halts, stops or runs slowly; in all cases violating an availability metric. |
| Justification: | If NETePay halts, stops or runs slowly, the user is instructed to terminate execution and restart |
| Category: | Repudiation threats involve an adversary denying that something happened. |
| Description: | NETePay 5 claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data. |
| Justification: | NETePay 5 logs all ClientX access with IP source, time/date and error conditions. |
| Category: | Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec. |
| Description: | An external agent interrupts data flowing across a trust boundary in either direction. |
| Justification: | CDE environment will be configured to prevent external access |
| Category: | Repudiation threats involve an adversary denying that something happened. |
| Description: | ClientX OCX claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data. |
| Justification: | There is no requirement that ClientX OCX receive data so there is no need to log such an event. |
| Category: | Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address. |
| Description: | ClientX OCX may be spoofed by an attacker and this may lead to data being sent to the attacker's target instead of ClientX OCX. Consider using a standard authentication mechanism to identify the external entity. |
| Justification: | ClientX OCX uses secure and proprietary authentication |
| Category: | Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec. |
| Description: | An external agent interrupts data flowing across a trust boundary in either direction. |
| Justification: | If NETePay halts, stops or runs slowly, the user is instructed to terminate execution and restart |
| Category: | Repudiation threats involve an adversary denying that something happened. |
| Description: | Payment Processorr claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data. |
| Justification: | NETePay 5 logs each request sent and response from the Payment Processor. It logs when a response is not received from the Payment Processor |
| Category: | Spoofing is when a process or entity is something other than its claimed identity. Examples include substituting a process, a file, website or a network address. |
| Description: | Payment Processorr may be spoofed by an attacker and this may lead to data being sent to the attacker's target instead of Payment Processorr. Consider using a standard authentication mechanism to identify the external entity. |
| Justification: | NETePay 5 uses the authentication mechanism specified by the payment processor |
| Category: | A user subject gains increased capability or privilege by taking advantage of an implementation bug. |
| Description: | An attacker may pass data into NETePay 5 in order to change the flow of program execution within NETePay 5 to the attacker's choosing. |
| Justification: | NETePay 5 does not support any configurable changes to execution |
| Category: | A user subject gains increased capability or privilege by taking advantage of an implementation bug. |
| Description: | Payment Processorr may be able to remotely execute code for NETePay 5. |
| Justification: | NETePay 5 does not support any configurable changes to execution |
| Category: | A user subject gains increased capability or privilege by taking advantage of an implementation bug. |
| Description: | NETePay 5 may be able to impersonate the context of Payment Processor in order to gain additional privilege. |
| Justification: | NETePay 5 does not support any configurable changes to execution |
| Category: | Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec. |
| Description: | An external agent interrupts data flowing across a trust boundary in either direction. |
| Justification: | If NETePay halts, stops or runs slowly, the user is instructed to terminate execution and restart |
| Category: | Denial of Service happens when the process or a datastore is not able to service incoming requests or perform up to spec. |
| Description: | NETePay 5 crashes, halts, stops or runs slowly; in all cases violating an availability metric. |
| Justification: | If NETePay halts, stops or runs slowly, the user is instructed to terminate execution and restart |
| Category: | Repudiation threats involve an adversary denying that something happened. |
| Description: | NETePay 5 claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data. |
| Justification: | NETePay logs any source connection along with its IP Address |