Threat LS.L.WSSH.1

URI: LS.L.WSSH.1

Description: Using admin rights at Gateway to enable access to LogicalSubnet from Space: if someone has control of device Gateway providing wired subnet LogicalSubnet, and physical access to location Space where LogicalSubnet is accessible, they can connect their own device to the subnet.

Threat Type: Primary Threat

Matching Pattern:

MP-WSSH

Finds a Wired Subnet provided by a Gateway host accessible from a Space, and optionally the process controlling access and the manager of the gateway.

(empty)

CSG-DisableGatewayHost-Runtime

Device Gateway is disabled to prevent it being involved in an attack. This strategy represents a run-time adaptation in response to a threat, which may or may not be following some contingency plan. It also triggers threats representing side effects that would be caused by such an action.

CSG-IgnorePhysicalThreatsFromWorld

Indicates that threats from as well as to the space Space can be ignored, i.e. that the risk model intentionally does not consider physical attacks from Space. This is only permitted if Space is the inferred global public space (the World) used when no locations are asserted in the model. This control strategy is a way to specify that physical security is out of scope for devices with no explicitly specified location(s), i.e. that they are considered physically secure.

Threat LS.L.WSSH.1

MP-WSSH

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (0)

Control Strategies (2)