Threat Modeling Report

Created on 31.12.2021 00:19:49

Threat Model Name:

Owner:

Reviewer:

Contributors:

Description:

Assumptions:

External Dependencies:

Threat Model Summary:

Not Started	20
Not Applicable	0
Needs Investigation	0
Mitigation Implemented	0
Total	20
Total Migrated	0

Diagram: Docker Sample

Docker Sample diagram screenshot

Docker Sample Diagram Summary:

Not Started	20
Not Applicable	0
Needs Investigation	0
Mitigation Implemented	0
Total	20
Total Migrated	0

Interaction: HTTP

HTTP interaction screenshot

1. Container network traffic [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Unsecured communication and gistries unrestrictedCommunications with Docker registries should be encrypted over TLS network traffic. By default all network traffic is allowed between containers on the same host. This increases the risk of unintended and unwanted disclosure of information to other containers
Justification:	Ops Resilience and Security Requirement
Action Items:	1. Communications with Docker registries should be encrypted over TLS 2. Only allow intercommunication that is necessary by linking specific containers 3. Deactivate the following Ports: Port 2375/TCP & 2376/TCP: docker daemon and Port 5000/TCP: registry
Comments:	Docker Capabilities: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

2. Container breakout [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	ge escalation
Justification:	<no mitigation provided>
Action Items:	1. Drop capabilities that are not required 2. Monitor dangerous mountpoints from the host ( e.g., the Docker socket (/var/run/docker.sock), /proc, /dev OR e.g., the Docker socket (/var/run/docker.sock), /proc, /dev) 3. Create an isolated user namespace to limit the maximum privileges of the containers over the host to the equivalent of a regular user
Comments:

3. Container image vulnerabilities [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Inconsistent update and patching leads to Security vulnerabilities present in the static image. A container is running version X.Y.Z of the web server which happens to suffer from a critical security flaw. This flaw has been fixed long ago upstream, but not in the local image
Justification:	<no mitigation provided>
Action Items:	1. Update and rebuild images periodically to grab the newest security patches 2. Integrate a vulnerability scanner (Clair, Trivy) as a mandatory step of the CI/CD
Comments:

Interaction: HTTPS

HTTPS interaction screenshot

4. Container image vulnerabilities [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Inconsistent update and patching leads to Security vulnerabilities present in the static image. A container is running version X.Y.Z of the web server which happens to suffer from a critical security flaw. This flaw has been fixed long ago upstream, but not in the local image
Justification:	<no mitigation provided>
Action Items:	1. Update and rebuild images periodically to grab the newest security patches 2. Integrate a vulnerability scanner (Clair, Trivy) as a mandatory step of the CI/CD
Comments:

5. Container network traffic [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Unsecured communication and gistries unrestrictedCommunications with Docker registries should be encrypted over TLS network traffic. By default all network traffic is allowed between containers on the same host. This increases the risk of unintended and unwanted disclosure of information to other containers
Justification:	Ops Resilience and Security Requirement
Action Items:	1. Communications with Docker registries should be encrypted over TLS 2. Only allow intercommunication that is necessary by linking specific containers 3. Deactivate the following Ports: Port 2375/TCP & 2376/TCP: docker daemon and Port 5000/TCP: registry
Comments:	Docker Capabilities: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

6. Container image authenticity [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Running unverified software and/or from sources not trusted explicitly
Justification:	<no mitigation provided>
Action Items:	1. Download images from trusted sources, like trusted Docker registry 2. Enable docker trust enforcement (export DOCKER_CONTENT_TRUST=1) 3. Enforce mandatory signature verification for any image that is going to be pulled or run
Comments:

7. Compromised secrets [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Compromised secrets
Justification:	<no mitigation provided>
Action Items:	1. Do not use environment variables for secrets 2. Do not embed any secrets in the container image 3.Use a credentials/secrets storage (Vault)
Comments:

Interaction: HTTPS

HTTPS interaction screenshot

8. Container image authenticity [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Running unverified software and/or from sources not trusted explicitly
Justification:	<no mitigation provided>
Action Items:	1. Download images from trusted sources, like trusted Docker registry 2. Enable docker trust enforcement (export DOCKER_CONTENT_TRUST=1) 3. Enforce mandatory signature verification for any image that is going to be pulled or run
Comments:

9. Container network traffic [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Unsecured communication and gistries unrestrictedCommunications with Docker registries should be encrypted over TLS network traffic. By default all network traffic is allowed between containers on the same host. This increases the risk of unintended and unwanted disclosure of information to other containers
Justification:	Ops Resilience and Security Requirement
Action Items:	1. Communications with Docker registries should be encrypted over TLS 2. Only allow intercommunication that is necessary by linking specific containers 3. Deactivate the following Ports: Port 2375/TCP & 2376/TCP: docker daemon and Port 5000/TCP: registry
Comments:	Docker Capabilities: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

10. Container image vulnerabilities [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Inconsistent update and patching leads to Security vulnerabilities present in the static image. A container is running version X.Y.Z of the web server which happens to suffer from a critical security flaw. This flaw has been fixed long ago upstream, but not in the local image
Justification:	<no mitigation provided>
Action Items:	1. Update and rebuild images periodically to grab the newest security patches 2. Integrate a vulnerability scanner (Clair, Trivy) as a mandatory step of the CI/CD
Comments:

Interaction: HTTPS

HTTPS interaction screenshot

11. Container network traffic [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Unsecured communication and gistries unrestrictedCommunications with Docker registries should be encrypted over TLS network traffic. By default all network traffic is allowed between containers on the same host. This increases the risk of unintended and unwanted disclosure of information to other containers
Justification:	Ops Resilience and Security Requirement
Action Items:	1. Communications with Docker registries should be encrypted over TLS 2. Only allow intercommunication that is necessary by linking specific containers 3. Deactivate the following Ports: Port 2375/TCP & 2376/TCP: docker daemon and Port 5000/TCP: registry
Comments:	Docker Capabilities: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

12. Container breakout [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	ge escalation
Justification:	<no mitigation provided>
Action Items:	1. Drop capabilities that are not required 2. Monitor dangerous mountpoints from the host ( e.g., the Docker socket (/var/run/docker.sock), /proc, /dev OR e.g., the Docker socket (/var/run/docker.sock), /proc, /dev) 3. Create an isolated user namespace to limit the maximum privileges of the containers over the host to the equivalent of a regular user
Comments:

13. Container image vulnerabilities [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Inconsistent update and patching leads to Security vulnerabilities present in the static image. A container is running version X.Y.Z of the web server which happens to suffer from a critical security flaw. This flaw has been fixed long ago upstream, but not in the local image
Justification:	<no mitigation provided>
Action Items:	1. Update and rebuild images periodically to grab the newest security patches 2. Integrate a vulnerability scanner (Clair, Trivy) as a mandatory step of the CI/CD
Comments:

Interaction: Process

Process interaction screenshot

14. Container image vulnerabilities [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Inconsistent update and patching leads to Security vulnerabilities present in the static image. A container is running version X.Y.Z of the web server which happens to suffer from a critical security flaw. This flaw has been fixed long ago upstream, but not in the local image
Justification:	<no mitigation provided>
Action Items:	1. Update and rebuild images periodically to grab the newest security patches 2. Integrate a vulnerability scanner (Clair, Trivy) as a mandatory step of the CI/CD
Comments:

15. Container breakout [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	ge escalation
Justification:	<no mitigation provided>
Action Items:	1. Drop capabilities that are not required 2. Monitor dangerous mountpoints from the host ( e.g., the Docker socket (/var/run/docker.sock), /proc, /dev OR e.g., the Docker socket (/var/run/docker.sock), /proc, /dev) 3. Create an isolated user namespace to limit the maximum privileges of the containers over the host to the equivalent of a regular user
Comments:

16. Container network traffic [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Unsecured communication and gistries unrestrictedCommunications with Docker registries should be encrypted over TLS network traffic. By default all network traffic is allowed between containers on the same host. This increases the risk of unintended and unwanted disclosure of information to other containers
Justification:	Ops Resilience and Security Requirement
Action Items:	1. Communications with Docker registries should be encrypted over TLS 2. Only allow intercommunication that is necessary by linking specific containers 3. Deactivate the following Ports: Port 2375/TCP & 2376/TCP: docker daemon and Port 5000/TCP: registry
Comments:	Docker Capabilities: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

17. Container image authenticity [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Running unverified software and/or from sources not trusted explicitly
Justification:	<no mitigation provided>
Action Items:	1. Download images from trusted sources, like trusted Docker registry 2. Enable docker trust enforcement (export DOCKER_CONTENT_TRUST=1) 3. Enforce mandatory signature verification for any image that is going to be pulled or run
Comments:

Interaction: Process

Process interaction screenshot

18. Container network traffic [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Unsecured communication and gistries unrestrictedCommunications with Docker registries should be encrypted over TLS network traffic. By default all network traffic is allowed between containers on the same host. This increases the risk of unintended and unwanted disclosure of information to other containers
Justification:	Ops Resilience and Security Requirement
Action Items:	1. Communications with Docker registries should be encrypted over TLS 2. Only allow intercommunication that is necessary by linking specific containers 3. Deactivate the following Ports: Port 2375/TCP & 2376/TCP: docker daemon and Port 5000/TCP: registry
Comments:	Docker Capabilities: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

19. Container breakout [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	ge escalation
Justification:	<no mitigation provided>
Action Items:	1. Drop capabilities that are not required 2. Monitor dangerous mountpoints from the host ( e.g., the Docker socket (/var/run/docker.sock), /proc, /dev OR e.g., the Docker socket (/var/run/docker.sock), /proc, /dev) 3. Create an isolated user namespace to limit the maximum privileges of the containers over the host to the equivalent of a regular user
Comments:

20. Container image vulnerabilities [State: Not Started] [Priority: High]

Category:	OWASP Container Security
Description:	Inconsistent update and patching leads to Security vulnerabilities present in the static image. A container is running version X.Y.Z of the web server which happens to suffer from a critical security flaw. This flaw has been fixed long ago upstream, but not in the local image
Justification:	<no mitigation provided>
Action Items:	1. Update and rebuild images periodically to grab the newest security patches 2. Integrate a vulnerability scanner (Clair, Trivy) as a mandatory step of the CI/CD
Comments: