If you’ve been doing research on cybersecurity for any amount of time, youve undoubtedly heard the term threat model. If you search that term you will get a whole host of definitions, usually quite in depth and using other technical definitions. Simply put, I’m here to tell you that the concept of threat model is nothing more than realizing that there is no one size fits all model. We are not all Edward Snowden or Julian Assange. We are not all living under an oppressive regime where our lives and liberty are at stake. Our reasons for wanting or needing a VPN are all unique and we must have realize expections of our techniques. Remember: Remaining anonymous is incredibly difficult, probably unrealistic, and a lot more involved than simply connected to a VPN.
Threat modeling answers questions like “Where am I most vulnerable to attack?”, “What are the most relevant threats?”, and “What do I need to do to safeguard against these threats?”.
Want Vs Need
We all have different expectations of our VPN services. Some just want to block ads at the DNS level whereas some might simply just want to encrypt and protect their traffic while using sketchy public wifi.
A threat model typically includes the following elements:
- Assets: The assets of a system or network are the resources that are valuable and need to be protected, such as data, servers, devices, and networks.
- Threats: Threats are potential risks to the assets of a system or network. These may include malicious attacks, vulnerabilities, or other types of risk.
- Attack vectors: Attack vectors are the means by which threats can potentially exploit vulnerabilities or gain access to a system or network. These may include network protocols, software vulnerabilities, or physical access to devices.
- Countermeasures: Countermeasures are the measures taken to protect against threats and reduce the risks to a system or network. These may include security software, firewalls, access controls, and other security measures.