Minimise Attack Surface
From The Secure Arc Wiki
Contents |
Assertion
The number of entry points into a system at every layer should be kept to a minimum and access controlled
Rationale
The "security level" of a system can be measured by the potential entry points available to an attacker.
It is arguable that all software has security vulnerabilities of some sort, particularly complex software such as application servers. A Defence in Depth strategy that incorporates Compartmentalisation and Simplicity should help Minimise the Attack Surface exposed in a system.
For example, a system that just has a web server in the DMZ has far less potential exploits than if it had a J2EE application server as well. Compromise of the internet facing firewall would expose far less potentially vulnerable systems to an attacker as a compromise of the operating system hosting an application server could allow an attacker to change security credential propagation settings of the application server itself.
Similarly, an application server in the Restricted Zone that has appropriate J2EE Roles on all of it's EJB and Web entry points is less likely to be vulnerable to direct invocation from employees. [1]
Further detailed information is available on Wikipedia. Primarily the external reference to the MSDN article.
Related References
Policies & Standards
Standard of Good Practice for Information Security
- Section C12.3.2
- Host systems should be configured to restrict or disable non essential services, services or protocols susceptible to abuse, execute permissions on sensitive commands or scripts.
NIST - sp800-14 - Generally Accepted Principles and Practices for Securing Information Technology Systems
- Section 3.11.1 Identification
- User IDs that are inactive on the system for a specific period of time (e.g., 3 months) should be disabled.
- Section 11.4.4
- Ports, services, and similar facilities installed on a computer or network facility, which are not specifically required for business functionality, should be disabled or removed.
- Section - Build and Maintain a secure network - 2.2.2
- Disable all unnecessary and insecure services and protocols (services and protocols not directly needed to perform the devices’ specified function)
