Service
Purpose
A Service object is used to represent a piece of software that is ready to respond to client requests coming from a network. This is, in turn, represented by the connection to a Dataflow object. A Service is equal to an open network port. If the Service provides remote login/administration functionality, like SSH/RDP/VNC, the Service shall be connected to a Host using a Shell type of connection.
Connections
Object | Connection | Description | Function |
|---|---|---|---|
Access Control | Authorization | Provides login prompt for the Service. | A missing Access Control means full access on an Application Service, and for the Shell Service, either user access or compromise of the underlying Host. A Shell Service should use the same AccessControl as the Host. Additionally, full access on an Application Service makes it easier for the Attacker as the attack surface gets bigger |
Dataflow | Communication | A connection to a Dataflow denotes an information flow between the Service and a Client. | A missing Dataflow means that there is no communication with the Client from a Service, thus preventing server side attacks. |
Host | Non-Root Application Execution | A Service run by a regular system user, not providing remote login/shell functionality but instead more limited application specific tasks. | Mandatory. |
Host | Root Application Execution | A Service run by the root user, not providing remote login/shell functionality but instead more limited application specific tasks. | Mandatory. |
Host | Non-Root Shell Execution | A Service run by a regular system user, providing remote login/shell functionality | Mandatory. |
Host | Root Shell Execution | A Service run by the root user, providing remote login/shell functionality. | Mandatory. |
Web Application | Web Service Execution | The Service is running/hosting a WebApplication "on top" of it. E.g. the Service being the Apache web server and the WebApplication being a business portal system run by it. | A missing web application prevents attacks through XSS, RFI, CI and SQLi exploits. |
Datastore | Database Execution | Denotes information storage that is reachable by the Service e.g. a database. | A missing Datastore has no direct impact on the service but can prevent Read and Write access to the Datastore from the Service. |
Keystore | Keystore Execution | A connection to a Keystore object denotes that the Keystore is hosted by the Service. | A missing connection to a Keystore prevents Read access on a Keystore through Services. |
Network | Network Exposure | A connection to a Network denotes what Network the Service is exposed on. | If there is no connection to a Network, the Service is not reachable from that network. If the Host of the Service is only connected to one Network, the Service is automatically exposed on that Network. |
Software Product | Software Properties | A Service always needs to be connected to a Software Product which denotes what software it is running e.g. an OpenVPN server. | This association is mandatory. |
Existence
The Service object has an extra attribute; Existence. Existence can be either On, Off or set to a probability between 0 and 1. Existence is used to set a probability to an object being present or not. Examples of use cases are found in the Attack Vector chapter. The default value for Existence is On.
Attack Steps and Defenses
Attack Step | Description | Leads to |
|---|---|---|
ApplicationLogin | The possibility to log in to the Service as any user of the application. | Service: DeployExploit |
BypassAntiMalware | Bypassing the anti malware solution (running on the Host) that is protecting the Service. | Service: Compromise |
BypassIDS | Bypassing the IDS solution (running on the Host) that is protecting the Service. | Service: BypassAntiMalware |
Compromise | The possibility to control/own it. | Service: Connect |
Connect | The possibility to reach the Service from a network point of view (but not log in and use it). | AccessControl: Access |
DenialOfService | The possibility to block the service this application is supposed to provide. | Dataflow: DenialOfService |
DeployExploit | The possibility to use a vulnerability of the service. | Service: BypassIDS |
FindExploit | The possibility to discover a vulnerability related to this service. | Service: DeployExploit |
NonRootShellLogin | The possibility to log in to the Service and gain remote login/shell functionality as a normal qualified non-root user. | Host: UserAccess |
RootShellLogin | The possibility to log in to the Service and gain remote login/shell functionality as a root user. | Service(non-root): Host.UserAccess |
UserAccess | The possibility to connect to the service and be prompted for login credentials (but not log in and use it). | Service: FindExploit |
Defense | Description | Impact | Default |
|---|---|---|---|
Patched | Denotes whether the Service has all applicable software security patches implemented. | Can prevent an Attacker from obtaining an exploit. | 0.5 |
Updated about 1 year ago