Reducing Attack Surfaces Key to Cyber Defense

By:  |  Category: Blog, Security Tuesday, May 1st, 2018  |  No Comments
Cyber Defense

In strategic warfare, it’s a good idea to limit the amount of attack surfaces available, meaning reducing the amount of areas the enemy can gain access to wage war against you.  If your enemy has to go through a moat, a castle wall, archers and boiling water to get to battle you in your Teflon armor, your odds for survival grow compared to the unarmed guy on a horse in an open meadow.

As cybersecurity transforms into modern cyber warfare, military strategy such as attack-surface reduction is increasingly becoming an integral part of a cybersecurity professional’s toolkit.

For example: In the paper Cyber Resiliency Design Principles (PDF), coauthors Deborah Bodeau and Richard Graubart focus a great deal of attention on describing digital attack surfaces and the implications of their presence. Infosec defines attack surfaces of information systems as:

“The Attack Surface is the aggregate of all vulnerabilities and controls across all systems and networks. It is the collection of targets exposed to an attacker.”

In Stephen Northcutt’s SANS Security Laboratory: Defense In Depth article The Attack Surface Problem, he offers the following examples of real-world attack surfaces:

  • Open ports on outward-facing web servers
  • Services available inside the firewall perimeter
  • Code that processes incoming data, email, XML, and office documents
  • An employee with access to sensitive information is socially engineered

Katherine Brocklehurst writes in her Tripwire article Understanding What Constitutes Your Attack Surface, “A typical attack surface has complex interrelationships among three main areas of exposure: software, network, and the often-overlooked human attack surface.” Here are her thoughts:

Software attack surfaces are unwanted vulnerabilities found across various types of software, including applications, email services, configurations, compliance policies, databases, executables, DLLs, web pages, mobile apps, and operating systems

Network attack surfaces are weaknesses associated with networking components, applications, and firmware: in particular, ports, protocols, channels, devices, and their interfaces. Depending on the organization’s infrastructure, cloud servers, data, systems, and processes may also need to be considered as network attack surfaces.

Human attack surfaces are a complex range of vulnerabilities. “Many breaches begin with an exploit directed at humans, and it’s very clear that malicious intent, inadvertent errors, and misplaced trust can all be exploited to cause great harm,” writes Brocklehurst. “Examples of successful attacks vary widely (most notably phishing and spear-phishing), and a comprehensive index should include processes, physical security, and privileges—in particular, the ability to attach, read, and write to removable devices.”

Attack surfaces are getting bigger, not smaller
The size of attack surfaces matters, and these surfaces are getting larger. The press release for the Trend Micro report Paradigm Shifts: Trend Micro Security Predictions for 2018 notes:

“Trend Micro predicts an increase in Internet of Things vulnerabilities as more devices are manufactured without security regulations or industry standards. Overall, the increased connectivity and enlarged attack surfaces present new opportunities for cybercriminals to leverage known issues to penetrate a corporate network.”

How to eliminate attack surfaces as a cybersecurity problem
Bodeau and Graubart suggest large attack surfaces are difficult to defend due to the amount of ongoing effort needed to monitor, analyze, and respond to anomalies. The coauthors of the Mitre report added, “Reducing attack surfaces lowers ongoing costs and makes the adversary concentrate efforts on a small set of locations, resources, or environments that can be more effectively monitored and defended.”

To eliminate attack surfaces as a problem, Bodeau and Graubart suggest the following.

  • Reduce the area and exposure of the attack surface by applying the principles of least privilege and least functionality (i.e., restricting ports, protocols, functions, and services), employing layered defenses, deprecating unsafe functions, and eliminating Application Programming Interfaces (APIs) that are vulnerable to cyberattacks.
  • Reduce the accessibility of the attack surface by limiting the amount of time adversaries have (i.e., the window of opportunity) to initiate and complete cyberattacks.

If you need help with a cyber security defensive strategy give EnhancedTECH a call at 714-970-9330 or contact us at 714-970-9330.

Samantha Keller

Director of Marketing and PR at EnhancedTECH
Samantha Keller (AKA Sam) is a published author, tech-blogger, event-planner and mother of three fabulous humans. Samantha has worked in the IT field for the last fifteen years, intertwining a freelance writing career along with technology sales, events and marketing. She began working for EnhancedTECH ten years ago after earning her Bachelor’s degree from UCLA and attending Fuller Seminary. She is a lover of kickboxing, extra-strong coffee, and Wolfpack football.Her regular blog columns feature upcoming tech trends, cybersecurity tips, and practical solutions geared towards enhancing your business through technology.
Samantha Keller

Latest posts by Samantha Keller (see all)

Leave a Comment
Read previous post:
New Test to Determine Your Susceptibility to Scams and Hackers

Worried about social engineering and how vulnerable your business is because of the human factor? Well, now you can give...