Showing items from attack surface validation

Further Examination into External Attack Surface

Reducing Attack Surface Decreases Security Risk In my previous write-up I explained why tracking digital assets is important, and listed some methods to get started with it. I trust that once you read it, you immediately set off to gather a list of your IP and domain assets. Since then, Tuomas Haarala has further elaborated on discovery methods from a systems administrator perspective in a write-up of his own. Armed with these tools, we can now venture further into the realm of attack surface reduction. This write-up will concentrate on the process of moving from cataloguing assets to having an idea on the attack surface involved. As laid out in my previous post, the steps in this process are: Research the attack surface, i.e. open services, related to these assets. Determine whether there is something that needs fixing within these services. This write-up will focus on the first step, and the second will be covered in a follow-up.

Continue Reading

Practical Methods for Assessing Your External Attack Surface

Attackers Window Shop for Your Network Attack Surface The previous post Public Exposure by Lari Huttunen made good points on reducing your external attack surface. This subject has become more important than ever as the interest of attackers on network-based attacks has grown in recent years. A host of vulnerabilities in internet-facing services have been successfully used by attackers to gain an initial foothold at their victims. The trend has not gone unnoticed. As an example, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued multiple directives to mitigate network-based risks in the last three years. Their rationale: the average time between discovery and exploitation of a vulnerability is decreasing as today’s adversaries are more skilled, persistent, and able to exploit known vulnerabilities. At the same time, many if not most organisations struggle with asset and vulnerability management. They simply are not aware of all the systems they own and cannot keep up with the pace that patches are published.

Continue Reading