none
Specific modeling question - database secured in separate network segment RRS feed

  • Question

  • Hi,

    I am modeling our new PCI-DSS compliant part of our system, and I have a question:

    I can't foresee any threats to our database servers since they are in a separate, secure network segment, and all the components that are talking to these servers are (will be) fully modeled according to SDL standards.

    How do I model these databases? I read that data stores within a process doesn't need to be modeled, but I am at a stump here because although logically the databases are inside secure processes, they cross a machine boundry.

    Please help!

    Thanks, Morten

    • Moved by Hengzhe Li Tuesday, June 21, 2011 12:04 PM Forum Consolidate (From:Microsoft Security Development Lifecycle (SDL) - Threat Modeling)
    Wednesday, August 25, 2010 3:23 PM

Answers

  • Would it work to model them as external entities?  You may well want to think about the spoofing threats (if you reach the wrong DB) and the threats to the dataflows to the DBs.  Alternately, you could mark them as data stores, and click the "don't autogen threats" button explaining the reason.

     

    I'd like to be clear, I have no idea if this will satisfy the PCI-DSS requests, I'm commenting only on the tool end of things.

    Thursday, August 26, 2010 2:39 AM

All replies

  • Would it work to model them as external entities?  You may well want to think about the spoofing threats (if you reach the wrong DB) and the threats to the dataflows to the DBs.  Alternately, you could mark them as data stores, and click the "don't autogen threats" button explaining the reason.

     

    I'd like to be clear, I have no idea if this will satisfy the PCI-DSS requests, I'm commenting only on the tool end of things.

    Thursday, August 26, 2010 2:39 AM
  • Thanks,

    I'll start with "don't autogen threats" and see how that flows with the auditor...

    Monday, August 30, 2010 8:01 AM