NetworkTigers on determining your total attack surface.
An attack surface is the total number of entry points for unauthorized access to sensitive information. This includes all endpoints and vulnerabilities that cybercriminals may exploit to launch attacks. Your attack surface includes all the overlooked gaps in your security measures that are vulnerable to hacking.
For example, data centers, web applications, web servers, operating systems, mobile and IoT devices, software, and physical controls such as your workers and locks that can be susceptible to social engineering attacks like phishing.
Types of attack surfaces
There are three types of attack surfaces:
- Physical attack surfaces – Encompass endpoint devices like laptops, USB ports, desktops, and mobile devices. Physical break-ins, passwords on paper, or improperly discarded hardware containing user login credentials and data are also included.
- Digital attack surfaces – Comprise code, servers, apps, websites, ports, and unauthorized access points. Vulnerabilities left by poorly maintained software, default operating system settings, poor coding, exposed application programming interfaces, and weak passwords are part of the digital attack surface.
- Social engineering attack surfaces – Exploits human psychology and vulnerability to manipulate victims into providing sensitive data or performing actions that violate usual security controls. Social engineering examples include fake service people like electricians or janitors gaining access to routers or servers, as well as whaling attacks that target employees in accounts payable.
How to determine the attack surface of your business
Your total attack surface is the number of attack vectors criminals can use to gain access to your company and the confidential information they could extract. When determining your attack surface, consider:
- The security standards that protect this information including operational security controls, access auditing, encryption, data integrity, and checksums.
- All the important information that’s used by your business internally such as keys and secrets, valuable business and personal data, as well as intellectual property.
- All the paths crucial information gets into and out of your business plus all the security measures that protect those paths like activity logging, authentication, and encoding.
How to minimize your attack surface
Below are security controls you can implement to minimize your company’s attack surface:
Use vulnerability management
This is the process of identifying, accessing, prioritizing, and reporting security threats in computers, software, web applications, and mobile applications. Ongoing vulnerability management is crucial to network security and cybersecurity. Businesses need to continuously acquire, evaluate and take the necessary actions on new data so as to identify threats and reduce the window of opportunity for criminals.
Mitigate man-in-the-middle attacks
Ensure all publicly accessible domains have valid SSL certificates enabled, do not have SSL certificates that are expiring soon, do not have HTTP accessible, do not have weak SSL algorithms, do not use insecure TLS/SSL versions, use the includeSubDomains HSTS header, use secure cookies, enforces HSTS, are on the HSTS preload list, and their hostnames match their SSL certificates.
Enable HTTPOnly cookies
This prevents cross-site scripting attacks. Although these attacks are perceived to be less harmful than SQL injection attacks, the outcome can be very dangerous because cross-site scripting attacks that rely on JavaScript can access the objects your web pages have access to, read your browser’s domain and modify it, send HTTP requests using the XMLHttpRequest object, and access the user’s microphone, files on their computer, webcam and even the geolocation using HTML5 APIs.
Register typosquatting domains
These domains are not dangerous. But the owners tend to monetize pop-ups, install ransomware and malware, phish login credentials or personal information, or steal credit card numbers. Buy typosquatting protection software that can highlight potential domains that may have been registered by bad actors or can suggest domains to register.
Close open ports
Open ports aren’t dangerous but they can pose risks if the service listening has weak network security rules, is misconfigured, susceptible to exploits, or unpatched. You can use security controls like firewalls with the latest security updates and patches to minimize the attack surface. Since every open port represents a threat, the firewall can restrict the number of ports intruders can access.
Remove unnecessary services and software
Stop running services you no longer use. For instance, if you are not using telnet, close port 23. Remember each networked device, open port, and software is a potential attack vector. If you’ve an old operating system that’s running Microsoft Vista Windows on your company network, decommission or update it.
Invest in cybersecurity training
Focusing on technology-based solutions is highly recommended. However, the biggest risk most companies face is their workers. It doesn’t matter how well your data security measures are if your employees don’t understand how to implement them. Tailgating, whaling, and phishing are attacks your workers should know about.
Monitor active IP addresses and domains
Consider enabling domain registrar detection, transfer protection, update, and autorenewal since domain hijacking relies on your domain being flagged for deletion, inactive, or expiring.
How NetWorkTigers can help
NetWorkTigers network security software is layered to protect your company’s entire attack surface. The Cisco Meraki Cloud Managed Firewalls not only block the latest malware from entering your network but also identify potential cyber attackers. By reducing the attack surface, you’ll make it difficult for criminals to infiltrate your network.