Showing items from external attack surface

Management Interfaces - Attack Surface Hidden in Plain Sight

A management interface, who is it for? Modern web-based management interfaces help with the economy of scale. If you are a software vendor making a solution, supporting it is easier with clearly defined UI options rather than debugging obscure configuration file parameters. If you are an end-user, a management interface is there to make life easier for you as well. Having a management interface helps you: deploy the solution make complex changes to it generate management level reporting for the key KPI. These features often become tender items and a vendor will find itself in a position where developing a management interface web UI is a must have instead of a nice to have. Too often features are implemented in software through a tick box comparison, since the rationale is that we must have them since our competitor has them. It doesn’t really matter, whether the features actually serve the customer and their business function or not.

Continue Reading

Practical Methods for Assessing Your External Attack Surface

Attackers Window Shop for Your Network Attack Surface The previous post Public Exposure by Lari Huttunen made good points on reducing your external attack surface. This subject has become more important than ever as the interest of attackers on network-based attacks has grown in recent years. A host of vulnerabilities in internet-facing services have been successfully used by attackers to gain an initial foothold at their victims. The trend has not gone unnoticed. As an example, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued multiple directives to mitigate network-based risks in the last three years. Their rationale: the average time between discovery and exploitation of a vulnerability is decreasing as today’s adversaries are more skilled, persistent, and able to exploit known vulnerabilities. At the same time, many if not most organisations struggle with asset and vulnerability management. They simply are not aware of all the systems they own and cannot keep up with the pace that patches are published.

Continue Reading

Public Exposure

What can the Arctic teach us about external attack surface management? Spending time outside in -26 degrees centigrade is an experience, which makes you observant of exposure to the elements. Even more so, when you are standing on the bank of the Kemijoki river with your camera gear in tow and: the moisture rising from the flowing water is freezing over your face, gear and clothes the bitter cold is biting into your core despite your gazillion layers of clothing. I remember struggling to steady my hands in order to secure my camera on a tripod and trying to find the mental fortitude to take my time in framing the exposures properly. Through my pictures of the scene, I wanted to convey the harsh reality of the wintry landscape in front of me. Looking at the Jätkänkynttilä bridge, I could not but marvel the solidity of its structure, which since 1989 has stood the test of time and harsh elements in this city situated at the Arctic Circle in Finland.

Continue Reading