All new systems connected to the EMREX network should be subject to a risk analysis.
This should be performed by the unit responsible for the system.
Below, you will find some risks that could be considered doing this analysis.

RiskProbabilityImpactActionsComments
New HTTPS vulnerabilities are discovered. A hacker can replace NCP-list data being downloaded from EMREG. This makes it possible to set up a fake NCP server and produce fraudulant diplomas.45

Use correct server security configuration. Use cryptographic signatures on data, in addition to HTTPS

Several critical SSL/TLS vulnerabilities have been found in recent years.

CA certificate leaked or abused

35

Use signature on data in addition to HTTPS or use custom list of custom Cas (trust store)

Comodo, diginotar, Chinese CA

EMREG is hacked. SMP is communicating with correct server but recieving false data.

25

Pen-testing regularly and before major releases to secure application.Patch OS and third party software. Log changes made by user in application.

 

NCP is hacked. Places false data in EMREG

25

Responsibility of each NCP but login solution (yubikey etc) can make abuse of EMREG more difficult

 

EMREG is DDOSed for several days during diploma deadline.

22

Anti DDOS measures and Caching

EMREG data can be cached. EMREG downtime may not matter much as long as cached data can be used

NCP is DDOSed. Unable to retrieve foreign diplomas from attacked country during attack.

24

Anti DDOS measures

Caching all diplomas is not an option

Rogue employees

15

Good practices

 

EMREG downtime

22

Redundancy and alerts

 
NCP or Result service downtime24

Redundancy and alerts

 

Hostile code injected in SMP binaries (jar-­‐file)

25

Reproducible/determenistic builds

 

Hostile code injected in mobility plugin source code. Enabling forging diplomas and hacking systems using SMP

25

Good practice, open source, code-­‐review

 

NCP sends data against user's wish

35

NCP must ask for concent and make it very clear which data will be sent and where it will be sent. A white list of approved URLs for diploma delivery could be used to prevent fake web sites from receiving diplomas. Whitelisting might not be an option if EMREX is to be used by recruiting agencies etc.

 
Open source. Makes it easy for hackers to find vulnerabilities.24

Bug bounty program.

 

Min. probability value 1 - Very low (never occured)
Max. probability value 5 ‐ Very high (daily/always)
Min. impact value 1 ­‐ Can be ignored
Max. impact value 5 - Very high/catastrophic

 

 

  • No labels