This is part three is a series of articles looking at the STRIDE Threat Model to identify and mitigate the threats risks posed to Email security.
In this article we look at Repudiation. If you missed Part 2, you can find the article here
Repudiation (the Threat)
"I didn't do it. No one saw me do it. You can't prove anything" Bart Simpson.
Repudiation is essentially the ability of denying that an action or an event has occurred, which violates non-repudiation, the assurance that someone cannot deny the validity of something. In the case of email, it is simply a case of "I didn't send that email".
Non-Repudiation (the Property)
Repudiation is intertwined with other elements of the STRIDE framework. For example, tampered logs or a spoofed account could lead to someone denying any wrongdoing.
Countermeasures - Technical Controls
There are a number of technical controls that can be implemented to prevent email repudiation:
Strong Authentication - this could be multi-factor authentication (MFA), also referred to a two-factor authentication (2FA) of accounts is of vital importance for Security and should be applied wherever possible.
Secure Logging and Auditing - ensuring logging and auditing is appropriately protected.
A Secure Email Gateway - which provides the ability for the email sender to have a full-field view of email delivery verifying and validating the delivery, confirmation, receipt of when it was opened (and what device it was opened on).
Countermeasures - Administrative Controls
Access Control - ensure mechanisms and policies are defined and in place around roles and privileges.
Monitoring and Auditing - reviewing audit logs and monitoring for signs that Email accounts may have been compromised is a useful detective control.
More Information
If you would like more information or would like StarSwift Information Security to support you with the implementation of Email Security, please do not hesitate to get in touch.
Please contact us for more information.
Comments