Correct usage of DFD
I have just started a cybersecurity assignment and this is my first use of DFD. I have started off by attempting to build one according to literature on the web. I just wanted to know if somebody could give feedback on improvements and referring to the correct usage of DFD principles
Here is what I have made:
Which is according to the brief given A hospital has just started using tablet computers to view patient records and organise employee TO-DO lists (e.g., patients to be seen by a specific doctor). Beds with sensors are connected to a local area network. A medical team space will have a projector, PC for medical image display and voice over IP (voip) devices for conference calls. They have setup two servers: 1) A imaging database that holds patient scans; and 2) a relational database with patient and employee task information (table names: PATIENTS, STAFF, STAFF_TASKS). A secure area exists where patient scanning is carried out and radioactive sources are stored. Doctors will have access to limited data from home computers and mobile devices typically using a Wi-Fi network – including their work/office Wi-Fi network. They use this access to review images and organise tasks for the following day.
The primary danger in a DFD, is to add a process for every element found in the narrative, and show all the elements at the same level.
In a DFD, the rectangles are processes that process data. Wifi and internet are not processes, but media that transfer the information. They are part of the arrows between the processes. Therefore mixing high level system elements such as databases and services with low level network elements like wifi and modems will make difficult to analyse the real issues. For example, a cell phone connected to the wifi and at the same time to the internet via cellular might create a way to (involuntarily) circumvents the firewall.
This causes several inconsistencies in your diagram. For example:
- Tablet seems to be isolated on the local network and only be connected to the doctor PC. But this does not seem to correspond the reality that the tablet is connected to the wifi and can access to the internet without passing through the doctor's PC.
- The remote services seems to be something that separates the database services from the rest of the network, whereas in reality it's just a concept. Doctor'sPC or Tablet my access directly to each of these services separately.
- GET/PUT scans is an HTTP view of the db interface. This is an implementation detail, whereas in reality, you'd have a node that offers the scan or the patient resource as a service. Maybe http is only one way it is offered. Moreover, perhaps the db server is connected to the network as ell allowing to circumvent security measures implemented by the services.
- Does "Bed with sensor" really only receives data from the firewall?
- We see VOIP, which is in fact the network protocol family used, but we don't see the videoconferencing part of the system. In fact, the videoconferencing system, as soon as it is connected to the network, is at risk of attack with other protocols than the VOIP for which it is designed.
A better approach is to draw your DFD in layers: You start with the high level system components that matter to the user, and see how they exchange information. And you then go down in more detailed diagrams that will show the technical details like the network interfaces that are used by each of these high-level components.
- How to make Google Analytics respond to "Do Not Track"
- Implementing Custom Expression Handling with Spring Security 6
- What are the security concerns for JSF?
- App attestation failed with Firebase App check in release on Android
- SQL Server returns error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." in Windows application
- When should I use the deny access functions in Symfony 4.4 controllers?
- Install two traefik ingress controller on same kubernetes Cluster
- Logon events from within credential provider
- How to give access to my API for a mobile app?
- How to verify a JWKS's integrity and authenticity
- Changes in the front-end (Vue.js) part of the PatrolHears project (open source code)
- ECPrivateKey to ECPublicKey without BouncyCastle
- What TargetName to use when calling InitializeSecurityContext (Negotiate)?
- java.security.NoSuchAlgorithmException:Cannot find any provider supporting AES/ECB/PKCS7PADDING
- Which procedure is more secure for encryption using Password and Seed
- Source security group isn't working as expected in AWS
- Google Authenticator available as a public service?
- Where do you store your salt strings?
- Can other software programs deny access to data sealed in a PCR of a TPM by extending measurements to that PCR?
- How do I skip certains rules for parameter in a path in ModSecurity?
- Facebook image URLs - how are they kept from un-authorised users?
- How to serve attachments privately using Rails?
- java.lang.SecurityException: Permission Denial: starting Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER]
- <app> would like to access data from other apps - macOS Sonoma
- IdentityServer4 and SSO
- How to prevent Screen Capture in Android
- Prevent QR code from being copied and QR code should be scanable by my mobile app only
- How to pin the Public key of a certificate on iOS
- Preventing to send requests from different devices
- Clarification regarding SOC-2 compliance in multiple locations