Attack Surfaces

Loading...

From the course by University of Colorado System

Introduction to Cybersecurity for Business

105 оценки

University of Colorado System

Introduction to Cybersecurity for Business

105 оценки

Course 1 of 4 in the Specialization Cybersecurity for Business

The world runs computers. From small to large businesses, from the CEO down to level 1 support staff, everyone uses computers. This course is designed to give you a practical perspective on computer security. This course approaches computer security in a way that anyone can understand. Ever wonder how your bank website is secure when you connect to it? Wonder how other business owners secure their network? Wonder how large data breaches happen? This is practical computer security. It will help you answer the question – what should I focus on?

From the lesson

Attack Surfaces

This is the course project. You will assess attack surfaces and risk based off of the attack surfaces. This will sum up what you have worked on throughout the course.

Attack Surfaces8:44

Meet the Instructors

Greg Williams
Lecturer
Department of Computer Science

Today's lesson, we're going to discuss attack's surfaces.

Attack surfaces are any way that we can get into a system.

Something that an attacker might use to get into a system.

So today's objectives are to discuss what attack surfaces are,

learn how to find them and learn how to mitigate them as well.

Systems generally have hardware, software, users, location.

All of these could be attack surfaces.

Each area of a system might be under attack depending on all those different variables.

So let me explain a little bit about how attack surfaces are mitigated.

Think about your home for example.

A typical home has windows.

It has doors.

It has maybe a garage door which has an interior door as well.

Maybe your front door has a screen door on it.

So those are points of entry into the home.

What about vents. You probably didn't think about those either.

All of these are ways that either attackers could get in or something else could get in.

Let's say wind or dirt or snow, whatever.

How do we seal up those cracks?

How do we make sure that snow doesn't get in our house while we close the front door?

Same thing in systems.

So attack surfaces are any way to get into a system.

So if we leave passwords or we have weak passwords in the system,

that's like the front door.

A password is protecting a system or service from attack so people can't get in.

Updates are another way that we're closing that gap on attackers.

If somebody leaves your front door open,

or somebody leaves your window open at your home.

Do we go around every night and check to make sure everything is closed up? I know I do.

Takes me a few minutes but I go around make sure that front door is locked,

make sure the inside door is locked.

But we need to do the same thing with our systems.

We need to have a constant auditing of our systems

to make sure all those points of entry are closed.

Common areas of intrusion: insecure passwords.

If somebody has a weak password.

Like I said it's like the front door.

They can enter that service.

So every year there's a list that comes out of the top most insecure passwords.

For years it's been one two three four five six

and followed by one two three four five six seven or

one two three four five six seven eight or password or admin or let me in.

Or there's there's all kinds of passwords.

But those are weak passwords.

We need to make strong passwords to make sure that somebody doesn't get in.

Think about how, we again,

secure a front door if we have a cardboard door for our front door.

Is it easy for somebody to kick it in?

So making a strong password is like protecting your front door.

What about management ports?

Management ports I would consider like Windows in your home.

So there are ways to let things in and out.

They allow breezes to come in and out of your house.

Think about a mysql server with port 3 3 0

6 support 3 3 0 6 allows us to communicate to the server on mysql.

Allows database transactions to happen between systems.

If we don't secure that port and lock it down to what we only need access to,

certain systems for example,

and let it out to the world,

how large is that attack surface?

If I open my entire window can an attacker enter?

Probably. But what if I just open a little crack and have something above that

allows us to mitigate that attack?

Configuration pages are also a problem.

Let's say that we're installing a service on a Linux system and

we forget to take down the installation page.

That installation page has a lot of sensitive information on it.

So if we leave that page up and don't delete it out of the directory after installation,

that's a way for an attacker to get in.

Vulnerable services also are another way.

So patching your systems regularly alleviates some of that attack surface.

Finally users that have more access than they should.

This goes into least privilege.

Only allowing users to access things that they should have access to limits

the overall area where they have to exploit the system.

Maybe they do it intentionally.

Maybe they do it unintentionally.

But it's still a risk,

it's still an attack surface.

We have three different kinds of attacks surfaces.

We have the network attack services which really looks at

ports and we could mitigate that with firewalls.

Software attack surfaces, like

vulnerabilities we can mitigate that with software patches.

And the human aspect as well.

Social engineering, if we train our users how to become more vigilant in security,

that is mitigating our attack surface.

So in conclusion attack surfaces can be numerous.

We need to be looking at things constantly,

just like you look at your home constantly for security.

Making sure that things are always locked up, always secure.

Making sure that the front doors only unlocked when we need it to

be unlocked is a best practice at your home.

Why wouldn't you do that to your systems?

So let me end with a story.

So several years ago we had a server that was providing enterprise video.

We actually forgot about it.

And it was let outside the firewall because it needed to be let outside the firewall.

And we have firewall logs for everything.

So when we didn't see that system we forgot about it.

Well when that service was decommissioned,

there was still the vulnerable system out there.

And what happened is one day we realized, hey,

we're using a lot of bandwidth here and we dug

down and noticed there's this thing sitting out there that is vulnerable.

And of course it was compromised.

And so we took that off the network. And what did that do?

It immediately alleviated our attack surface,

because now we have something that was causing us problems and was vulnerable.

Now we've mitigated it to decrease our attack surface.

Ознакомьтесь с нашим каталогом

Присоединяйтесь бесплатно и получайте персонализированные рекомендации, обновления и предложения.

Coursera делает лучшее в мире образование доступным каждому, предлагая онлайн-курсы от ведущих университетов и организаций.

© Coursera Inc., 2018 Все права защищены.

Загрузить из App Store

Загрузить в Google Play