...
Identifier | Type | Threat | Mitigation |
---|---|---|---|
STO_1 | Information Disclosure | Attack on network : For memcached/database (whatever the number of nodes) or Ehcache/JBoss cache (on multinodes), data are transfered between nodes using TCP. These data can be intercepted and scanned to know which TGT is linked to which identity. | Add an entry to the hardening guide to indicate that single node CAS deployments should prefer to use Ehcache since the communication between CAS and Ehcache will be internal to the JVM. Also, disk persistence should preferably turned off to avoid saving the sensitive data to the disk. Add an entry to the hardening guide to indicate that the ehcache/jboss replication or the external database/memcached should either be restricted to a private network, or else run over SSL/TLS to protected protect the data. Encryption/hashing scheme:
|
STO_2 | Information Disclosure | Attack on disk : For database/Ehcache cache storage on disk, an attacker can read the content of the stored files and find the identities and their associated TGT. | Should we really use Ehcache to store data on disks : not really performant and secure ? For database, some encryption mechanism can be enabled on disk stored data. |
STO_3 | Spoofing | The attacker can generate false data and send them to the storage system. | Use hash / cryptographic algorithm to prevent attackers from being able to forge keys and store data. |
...