The best way to protect an Information Asset is to reduce its attack surface. And that should always be the first line of defense. We should also implement appropriate security controls to avoid any attacks on the residual risk and to mitigate the amount of damages.
The first and most important step in reducing the attack surface is to identify the Weakness / Vulnerabilities on an Information Asset.
Steps in Identifying the Vulnerabilities include:
1. Identifying vulnerabilities in the Application
2. Identifying vulnerabilities in the Host
3. Identifying vulnerabilities in the Network
Once the vulnerabilities are identified, the next step would be reducing the attack surface.
There are many ways to reduce the attack surface of an information asset including but not limited to:
1. Limit access to the Information Assets.
2. Limit Privileges (Enforce Least Privilege policies)
3. Reduce number of services installed on the device (Remove or shutdown unwanted services)
4. Limit the number of communication Protocols
A Narrowed Attack Surface will reduce the likelihood of an attack and mitigates the extent of damage even if an attack occurs.
Access to an Information Asset can be limited by enforcing strong access control methods. Access to an Information Asset can also be limited by reducing the entry points (console access, ports etc.,). Unwanted ports and protocols should be disabled on all information systems. Critical Applications should only be installed on a dedicated systems and all unwanted ports, services should also be disabled.
I will be discussing various methods we can follow to identify vulnerabilities and to reduce the Attack Surface in Applications, Hosts and Networks in the next 3 posts.
Part 1: Identify and Reduce Attack Surface in Applications
Part 2: Identify and Reduce Attack Surface in Host
Part 3: Identify and Reduce Attack Surface in Network
Disclaimer: "What ever I discussed here are my personal opinions and they do not represent the opinions or positions of my employer".