HOME

TheInfoList



Click Here for Items Related To - attack surface
OR:
attack surface on:   [Wikipedia]   [Google]   [Amazon]

The attack surface of a
software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consist ...
environment is the sum of the different points (for " attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure.


Elements of an attack surface

Worldwide digital change has accelerated the size, scope, and composition of an organization’s attack surface. The size of an attack surface may fluctuate over time, adding and subtracting assets and digital systems (e.g.
websites A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and Wiki ...
,
hosts A host is a person responsible for guests at an event or for providing hospitality during it. Host may also refer to: Places * Host, Pennsylvania, a village in Berks County People *Jim Host (born 1937), American businessman *Michel Host ...
, cloud and mobile apps, etc). Attack surface sizes can change rapidly as well. Digital assets eschew the physical requirements of traditional network devices, servers, data centers, and on-premise networks. This leads to attack surfaces changing rapidly, based on the organization’s needs and the availability of digital services to accomplish it. Attack surface scope also varies from organization to organization. With the rise of digital supply chains, interdependencies, and globalization, an organization’s attack surface has a broader scope of concern (viz. vectors for cyber attacks). Lastly, the composition of an organization’s attack surface consists of small entities linked together in digital relationships and connections to the rest of the internet and organizational infrastructure, including the scope of third-parties, digital supply chain, and even adversary-threat infrastructure. An attack surface composition can range widely between various organizations, yet often identify many of the same elements, including: * Autonomous System Numbers (ASNs) *
IP Address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
and IP Blocks * Domains and Sub-Domains (direct and third-parties) * SSL Certificates and Attribution *
WHOIS WHOIS (pronounced as the phrase "who is") is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomou ...
Records, Contacts, and History * Host and Host Pair Services and Relationship * Internet Ports and Services *
NetFlow NetFlow is a feature that was introduced on Cisco routers around 1996 that provides the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine thin ...
* Web Frameworks (PHP, Apache, Java, etc.) *
Web Server A web server is computer software and underlying hardware that accepts requests via HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initia ...
Services (email, database, applications) * Public and Private Cloud


Understanding an attack surface

Due to the increase in the countless potential vulnerable points each enterprise has, there has been increasing advantage for hackers and attackers as they only need to find one vulnerable point to succeed in their attack. There are three steps towards understanding and visualizing an attack surface: Step 1: Visualize. Visualizing the system of an enterprise is the first step, by mapping out all the devices, paths and networks. Step 2: Find indicators of exposures. The second step is to correspond each indicator of a vulnerability being potentially exposed to the visualized map in the previous step. IOEs include "missing security controls in systems and software". Step 3: Find indicators of compromise. This is an indicator that an attack has already succeeded.


Surface reduction

One approach to improving
information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of Risk management information systems, information risk management. It typically involves preventing or re ...
is to reduce the attack surface of a system or software. The basic strategies of attack surface reduction include the following: reduce the amount of
code In communications and information processing, code is a system of rules to convert information—such as a letter, word, sound, image, or gesture—into another form, sometimes shortened or secret, for communication through a communicati ...
running, reduce entry points available to untrusted users, and eliminate services requested by relatively few users. By having less code available to unauthorized actors, there tend to be fewer failures. By turning off unnecessary functionality, there are fewer
security risk In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environm ...
s. Although attack surface reduction helps prevent security failures, it does not mitigate the amount of damage an attacker could inflict once a vulnerability is found.


See also

*
Vulnerability (computing) Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...
*
Computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
*
Attack Surface Analyzer Attack Surface Analyzer is a tool created for the analysis of changes made to the attack surface of the operating systems since Windows Vista and beyond. It is a tool recommended by Microsoft in its SDL guidelines in the verification stage of th ...
* Vulnerability management *
Vulnerability scanner A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses. These scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detect ...


References

{{Reflist Computer security software Mobile security