...
- DIA format : cassecurity_tickets_storage_1.1.dia
- VDX format : cassecurity_tickets_storage_1.1.vdx
Threats on storage
Identifier | Type | Threat | Mitigation |
---|---|---|---|
STO_1 | Information Disclosure | Attack on network : For memcached/database (whatever the number of nodes) or Ehcache/JBoss cache (on multinodes), data are transfered between nodes using TCP. These data can be intercepted and scanned to know which TGT is linked to which identity. | Is there a network solution to secure data ? Should we encrypt data ? All data ? Just the key so that an attacker can find profiles but cannot find the profile given the TGT or ST ? |
STO_2 | Information Disclosure | Attack on disk : For database/Ehcache cache storage on disk, an attacker can read the content of the stored files and find the identities and their associated TGT. | Should we really use Ehcache to store data on disks : not really performant and secure ? For database, some encryption mechanism can be enabled on disk stored data. |
STO_3 | Spoofing | The attacker can generate false data and send them to the storage system. | Use hash / cryptographic algorithm to prevent attackers from being able to forge keys and store data. |