Join Lisa Bock for an in-depth discussion in this video Minimizing the attack surface, part of IT Security Foundations: Core Concepts.
- An attack surface represents any known, unknown or potential vulnerabilities across these main areas of exposure. Software, hardware, network and users. Reducing the attack surface can reduce risk. An attack is anything that can compromise the security of data. A specific set of conditions must be met in order to successfully perform an action. There are two main types of attacks, passive and active.
A passive attack is non-invasive. Simply monitoring transmissions with the hope of capturing information such as passwords or data files without the consent or knowledge of the user. An active attack. This is where an attacker tries to break into secured systems in order to steal or modify information, or introduce malicious code. A vulnerability is a flaw in a system that can be exploited by threats to gain unauthorized access to an asset.
The software attack surface represents the applications, services, configurations, executables, dll's, web pages and apps available to authorized users. Software vulnerabilities are common. They're found in all types of software and operating systems and are not limited to a specific vendor. Users may not notice software vulnerabilities, which present as a flaw or glitch.
A software attack is designed to target vulnerabilities, which can cause anything from a minor annoyance to a system crash. Updating systems with the latest security patches can protect against attacks. In addition, enact software restriction policies to control what software users are allowed to install to minimize the security threat to your environment. Although software represents the largest attack surface, hardware can represent an avenue for attack.
Although in most cases physical access to the device is required, attacks can be executed via a network communication connection. One example is an attack on a wireless sensor network called denial of sleep. A wireless sensor network is a communication infrastructure used to monitor everything from power line voltage, military sensing chemical concentrations, and health monitoring at diverse locations.
The use of wireless sensor networks continues to increase. The sensor networks have a small energy reserve used to power the node, and will periodically place the node to sleep in order to extend the network lifetime. A wireless sensor network has only primitive defenses that are vulnerable to attack. This attack is essentially not allowing the nodes to go into sleep mode, and therefore draining their energy reserves. This is a denial of sleep attack, and is essentially a hardware attack.
The network attack surface includes exposure to protocols, channels, ports, devices, applications and interfaces. The network attack surface can be minimalized by ensuring only required features are enabled, close unnecessary ports, and limit resources to trusted users with techniques such as MAC address filtering, proper implementation of intrusion prevention systems, firewalls, and adaptive security appliances are recommended.
The weakest link in an organization are the users, which can introduce malicious behavior into the network either accidentally or maliciously. Malicious attacks can be monitored, and in some cases prevented, by logging and auditing. Many times however, it is simply a lack of security education on the user's part that can lead to a security breach. A security education, training and awareness program can ensure employees are in tune with common security issues such as reporting unusual activity, deleting emails requesting sensitive information, and keeping all devices updated with automated malware protection.
With the internet of everything, the attack surface continues to grow, and all attack surfaces must be monitored. Here we see Marco Ramilli's blog on the automotive attack surface. As you can see, there are a lot of entry points. You can go to Microsoft and download an attack surface analyzer, and run it on your own system.
Note: This course maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals 98-367 certification exam and is recommended test prep viewing.
- Differentiate between risks, threats, and vulnerabilities.
- Explain how to avoid worms and viruses.
- Define cookies, and explain how they preserve user information.
- Describe the WPA2 wireless security method.
- Cite the differences between public and private key encryption.
- Summarize how to use a virtual private network.
- Identify ways to minimize the attack surface.