Minimizing The Attack Surface Area A Key To Security

While many security experts lament the death of the network perimeter, the concept of attack surface area is still very much alive

Attackers looking for way into a companys network have a lot of options: Port scans, phishing attacks, and SQL injection have all been used to identify security weaknesses that can be exploited.
The latest tool that can inform both attackers and defenders is VPN Hunter, a website created by two-factor authentication firm Duo Security. The service, which went live on Thursday, allows anyone to scan a companys domain for remotely accessible services with entries in the domain lookup tables. A search on a southern university listed two SSL virtual private networks (VPNs), a remote access port, and an Outlook Web server. Another search on a U.S. Department of Defense domain turned up an intranet gateway and another Outlook Web server.
People are a little surprised that these services are so easy to discover, says Jon Oberheide, co-founder and chief technology officer for Duo Security. It is so trivial for an attacker to do the same thing and start knocking on the door, whether that is guessing usernames and passwords or constructing more effective phishing campaigns.
The service underscores the importance for companies to detect, survey, and minimize the exposed ports, services, and interfaces into their internal network. In the world of software development, Microsoft popularized the concept of attack surface area as a measure of the attackability of a piece of software. In the network world, companies are increasingly using the term to discuss their vulnerability to outside attack.
In most cases, that vulnerability is only increasing, says Jody Brazil, chief technology officer for network-security management firm FireMon.
I would say that [network vulnerability] is going in the opposite direction of, say, Windows, he says. If you are thinking about consumerization of IT and employees bringing devices into the network, the risks may be getting less controlled rather than more.
Like application development, there are a number of ways to measure the attack surface area of a companys information systems. Where static scanning of applications reveals potential defects and vulnerable pathways in software, network discovery and analysis can discover configuration issues, unpatched vulnerabilities, and rogue devices that impact a companys security. Where dynamic application scanning can positively identify exploitable flaws in software, penetration testing and other techniques can demonstrate critical vulnerabilities that could be used by attackers.
Its important for such products to truly give you a picture of what you are choosing to expose to the network, says Brazil.
While many security experts have talked about the end of the network perimeter, thinking about the attack surface as the new perimeter can help companies better secure their networks and data, says Mike Lloyd, chief technology officer for RedSeal Networks, a provider of security intelligence and management products. For example, humans are a fundamental part of a companys attack service, and with the consumerization of IT, people and their devices have become the new perimeter.
Any device in your network that receives e-mail that a human looks at can be considered part of the attack surface area, he says.
Lloyd points out a spectrum of attack surfaces that a company can measure to determine their risk. Security managers can look at the potential paths into the network or pair that with vulnerability information and attack data to create a prioritized list of attackable pathways. Finally, measuring the security intelligence of a companys employees can help determine how difficult attacker may find targeting employees.
People are always going to be a weak point for companies and the hardest part of the attack surface to minimize, says Duo Securitys Oberheide. Attackers have certainly realized that the easiest way to get into a company is through the user, he says.
Education and training can make employees more difficult to phish, but attackers have improved their social engineering techniques. Most companies should consider multifactor authentication to further harden their workers against network-based attacks, he says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Minimizing The Attack Surface Area A Key To Security