Service

Purpose

A Service object is used to represent a piece of software that is ready to respond to client requests coming from a network. This is, in turn, represented by the connection to a Dataflow object. A Service is equal to an open network port. If the Service provides remote login/administration functionality, like SSH/RDP/VNC, the Service shall be connected to a Host using a Shell type of connection.

Connections

Service and Neighboring Objects
Service and Neighboring Objects

 

ObjectConnectionDescriptionFunction
Access ControlAuthorizationProvides login prompt for the Service.A missing Access Control means full access on an Application Service, and for the Shell Service, either user access or compromise of the underlying Host. A Shell Service should use the same AccessControl as the Host. Additionally, full access on an Application Service makes it easier for the Attacker as the attack surface gets bigger.
DataflowCommunicationA connection to a Dataflow denotes an information flow between the Service and a Client.A missing Dataflow means that there is no communication with the Client from a Service, thus preventing server side attacks.
HostRoot Application ExecutionA Service run by the root user, not providing remote login/shell functionality but instead more limited application specific tasks.Mandatory.
HostNon-Root Shell ExecutionA Service run by a regular system user, providing remote login/shell functionality.Mandatory.
HostRoot Application ExecutionA Service run by a regular system user, not providing remote login/shell functionality but instead more limited application specific tasks.Mandatory.
Web ApplicationWeb Service ExecutionThe Service is running/hosting a WebApplication "on top" of it. E.g. the Service being the Apache web server and the WebApplication being a business portal system run by it.A missing web application prevents attacks through XSS, RFI, CI and SQLi exploits.
DatastoreDatabase ExecutioDenotes information storage that is reachable by the Service e.g. a database.A missing Datastore has no direct impact on the service but can prevent Read and Write access to the Datastore from the Service.
KeystoreKeystore ExecutionA connection to a Keystore object denotes that the Keystore is hosted by the Service.A missing connection to a Keystore prevents Read access on a Keystore through Services.
NetworkNetwork ExposureA connection to a Network denotes what Network the Service is exposed on.If there is no connection to a Network, the Service is not reachable from that network. If the Host of the Service is only connected to one Network, the Service is automatically exposed on that Network.
Software ProductSoftware PropertiesA Service always needs to be connected to a Software Product which denotes what software it is running e.g. an OpenVPN server.This association is mandatory.

Existence

The Service object has an extra attribute; Existence. Existence can be either On, Off or set to a probability between 0 and 1. Existence is used to set a probability to an object being present or not. Examples of use cases are found in the Attack Vector chapter. The default value for Existence is On.

Service Existence
Service Existence

Attack Steps and Defenses

Service Attack Steps and Defenses
Service Attack Steps and Defenses

 

Attack StepDescriptionLeads to
ApplicationLoginThe possibility to log in to the Service as any user of the application.Service: DeployExploit
Service: UserAccess
BypassAntiMalwareBypassing the anti malware solution (running on the Host) that is protecting the Service.Service: Compromise
BypassIDSBypassing the IDS solution (running on the Host) that is protecting the Service.Service: BypassAntiMalware
CompromiseThe possibility to control/own it.Service: Connect
Dataflow: Respond
Dataflow: Access
Datastore: Read
Datastore: Write
Datastore: Delete
Keystore: Read
Keystore: Delete
Host(root): Compromise
Host(non-root): UserAccess
ConnectThe possibility to reach the Service from a network point of view (but not log in and use it).AccessControl: Access
Service: DenialOfService
WebApplication: DiscoverNewVulnerability
WebApplication: BypassWAFViaCI
WebApplication: BypassWAFViaRFI
WebApplication: BypassWAFViaSQLInjection
WebApplication: BypassWAFViaXSS
Service: UserAccess
Service: ApplicationLogin
Service: NonRootShellLogin
Service: RootShellLogin
DenialOfServiceThe possibility to block the service this application is supposed to provide.Dataflow: DenialOfService
DeployExploitThe possibility to use a vulnerability of the service.Service: BypassIDS
FindExploitThe possibility to discover a vulnerability related to this service.Service: DeployExploit
NonRootShellLoginThe possibility to log in to the Service and gain remote login/shell functionality as a normal qualified non-root user.Host: UserAccess
RootShellLoginThe possibility to log in to the Service and gain remote login/shell functionality as a root user.Service(non-root): Host.UserAccess
Service(root): Host.Compromise
UserAccessThe possibility to connect to the service and be prompted for login credentials (but not log in and use it).Service: FindExploit

 

DefenseDescriptionImpactDefault
PatchedDenotes whether the Service has all applicable software security patches implemented.Can prevent an Attacker from obtaining an exploit.0.5