Commit adca3118 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Fully remove DOS risk factor

parent 6e9c03ff

EN-304-625.md

+19 −31
Original line number Diff line number Diff line
@@ -1706,18 +1706,6 @@ Type: Affects impact of attack. 
  * **[INT-L-1]** Product is connected to host system via internal adapter requiring disassembly to change

  * **[INT-L-2]** Product is fully integrated into and cannot be removed from host system



**[DOS]** Cumulative network bandwidth



Description: The estimated cumulative network bandwidth of deployed products that are similar enough to be similarly affected by most security problems in this product.



Rationale: The more bandwidth that can be used for a DDOS attack by exploiting a vulnerability in the product, the higher the level of security that should be required.



Type: Affects impact of attack.



  * **[DOS-L-0]** Foreseeable deployment includes little or no cumulative network bandwidth

  * **[DOS-L-1]** Foreseeable deployment includes enough bandwidth to provide 10% of a major DDoS attack

  * **[DOS-L-2]** Foreseeable deployment includes enough bandwidth to provide more than 10% of a major DDoS attack



## C.3 Assumptions



### C.3.1 Proper host system
@@ -1760,7 +1748,7 @@ The risk factors by type are: 


  * Likelihood: PHY SFT NET COM ADM LIS



  * Impact: SYS SDS SDT FUN INT DOS

  * Impact: SYS SDS SDT FUN INT



The mitigations that reduce risk by type are:
@@ -1781,10 +1769,10 @@ Attacker may use unknown exploitable vulnerabilities in the product implementati 
| max(PHY, SFT, NET) = 2 & COM = 2  | High       | WL-2, WL-3, VI-2       |



| Risk factors                | Impact | Security profiles                  |

|----------------------------------|--------|------------------------------------|

| max(SYS, SDS, SDT, FUN, DOS) = 0 | Low    | none                               |

| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium | WD-1, WD-3, WL-1, VI-1             |

| max(SYS, SDS, SDT, FUN, DOS) = 2 | High   | WD-2, WD-4, WL-2, WL-3, WL-4, VI-2 |

|-----------------------------|--------|------------------------------------|

| max(SYS, SDS, SDT, FUN) = 0 | Low    | none                               |

| max(SYS, SDS, SDT, FUN) = 1 | Medium | WD-1, WD-3, WL-1, VI-1             |

| max(SYS, SDS, SDT, FUN) = 2 | High   | WD-2, WD-4, WL-2, WL-3, WL-4, VI-2 |



Requirements that mitigate this threat: SSDD, LMII, DMIN, LMAS, LOGG
@@ -1811,10 +1799,10 @@ Attacker may use known exploitable vulnerabilities in the product implementation 
| max(PHY, SFT, NET) = 2 & COM = 2 & ADM = 2   | High       | WL-2, WL-3, VI-2             |



| Risk factors                | Impact | Security profiles                  |

|----------------------------------|--------|------------------------------------|

| max(SYS, SDS, SDT, FUN, DOS) = 0 | Low    | none                               |

| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium | WD-1, WD-3, WL-1, VI-1             |

| max(SYS, SDS, SDT, FUN, DOS) = 2 | High   | WD-2, WD-4, WL-2, WL-3, WL-4, VI-2 |

|-----------------------------|--------|------------------------------------|

| max(SYS, SDS, SDT, FUN) = 0 | Low    | none                               |

| max(SYS, SDS, SDT, FUN) = 1 | Medium | WD-1, WD-3, WL-1, VI-1             |

| max(SYS, SDS, SDT, FUN) = 2 | High   | WD-2, WD-4, WL-2, WL-3, WL-4, VI-2 |



Requirements that mitigate this threat: NKEV, SSDD, LMII, SCUD, DMIN, LMAS, LOGG, VULH
@@ -1868,9 +1856,9 @@ Attacker may use configuration errors to get unauthorized access to the product 


| Risk factors                     | Impact | Security profiles      |

|----------------------------------|--------|------------------------|

| max(SYS, SDS, SDT, FUN, DOS) = 0 | Low    | none                   |

| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium | WD-1, WD-3, VI-1       |

| max(SYS, SDS, SDT, FUN, DOS) = 2 | High   | WD-2, WD-4, WL-\* VI-2 |

| max(SYS, SDS, SDT, FUN) = 0 | Low    | none                   |

| max(SYS, SDS, SDT, FUN) = 1 | Medium | WD-1, WD-3, VI-1       |

| max(SYS, SDS, SDT, FUN) = 2 | High   | WD-2, WD-4, WL-\* VI-2 |



Requirements that mitigate this threat: CDST, SDEF, DMIN, LOGG
@@ -2009,10 +1997,10 @@ Attacker may masquerade as an authorized server to get unauthorized access to pr 
| NET = 2 & COM = 2  | High       | WL-2, WL-3, VI-2  |



| Risk factors                | Impact | Security profiles      |

|----------------------------------|--------|------------------------|

| max(SYS, SDS, SDT, FUN, DOS) = 0 | Low    | none                   |

| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium | WD-1, WD-3, VI-1       |

| max(SYS, SDS, SDT, FUN, DOS) = 2 | High   | WD-2, WD-4, WL-\* VI-2 |

|-----------------------------|--------|------------------------|

| max(SYS, SDS, SDT, FUN) = 0 | Low    | none                   |

| max(SYS, SDS, SDT, FUN) = 1 | Medium | WD-1, WD-3, VI-1       |

| max(SYS, SDS, SDT, FUN) = 2 | High   | WD-2, WD-4, WL-\* VI-2 |



Requirements that mitigate this threat: CDTX, IDTX, AUTH, SCUD, LOGG