Understanding the Attack Surface

By Richard Arneson

Leave it Hollywood to allow the smallest in history to be breached. In the first Star Wars movie, the Death Star, which appeared to be only slightly smaller than Earth, had a tiny aperture that, if penetrated, would magically destroy the entire, menacing orb. Naturally, it was hit―it’s Hollywood. Unfortunately, the attack surface of organizations, at least in terms of networking, is quite a bit larger, probably far more so than you’d think.

The Attack Surface

Attack Surface refers to the collective sum of all points of entry or interaction that are vulnerable to malware, worms, Trojans, hackers, you name it. Attack Surfaces encompass three (3) areas of vulnerability: the network, the applications that traverse it, and people, or employees, who happen to pose the greatest security threat to organizations.

Network

The bad guys are looking for networks with multiple interfaces; the more the better. Take tunnels, for instance, which are constructed between communication points through data encapsulation―they can pose a huge threat to . For data transmission, Point-to-Protocol (PPP) and VPNs encapsulate non-routable data inside routable data. When data arrives at its intended destination, the outer packet is stripped off, which allows the inner data to enter the private network. Here’s one of the issues: it’s difficult to know exactly what has been encapsulated, which can inadvertently provide a protective shield for hackers. Talk to the folks at Home Depot or Target; they’ll tell you about VPN-related security vulnerabilities.

Any outward-facing, open ports (which means they’re open to receiving packets) can add to a network’s Attack Surface by revealing information about a particular system, even the network’s architecture. Open ports sound negligent, even irresponsible, but they’re necessary in certain situations. For instance, think back to when you set up your personal e-mail account and entered ingoing and outgoing port numbers. Those are open ports, but not adding, or opening, them means you can’t send or receive your emails. Yes, open ports are often needed, but can open the door to unseemly intentions.

Software

Thanks to the rapid evolution of Cloud services, new applications to access it are being developed by the minute. Hackers, as well, are creating ways in which to access and exploit them…by the minute. The more code that is accessed and executed, the more code is exposed to users, including those of the unauthorized variety.

No question, cloud computing has greatly added to the complexity of securing vital data. The proliferation of applications requires commensurate security measures.

The Human Factor

As previously mentioned, employees, or authorized users, far and away produce the greatest security threats to organizations; they significantly expand the Attack Surface. Unauthorized applications are downloaded, emails from unknown senders are opened, and authorizations aren’t turned off after an employee leaves the company. And if they’re disgruntled ex-employees, the Attack Surface just got bigger. Even Instant Messaging programs can crack open a once, or believed to be, closed security door.

Attack Surface Questions? Turn to the Security Experts

Attack Surfaces, whether minimal or broad in scope, cost organizations worldwide over $2 trillion. Talking to the security experts at GDT should be your first order of business. Believing a security breach won’t happen to your company is setting you up for grave, and expensive, consequences in the future. From its state-of-the-art, 24x7x365 Security Operations Center (SOC), GDT’s security analysts and engineers manage and monitor network security for some of the most noted enterprises, service providers and government entities in the world. Contact them today at SOC@gdt.com. They’d love to hear from you.