Minimise Attack Surface

From The Secure Arc Wiki

Jump to: navigation, search

Contents

Assertion

The number of entry points into a system at every layer should be kept to a minimum and access controlled

Rationale

The "security level" of a system can be measured by the potential entry points available to an attacker.

It is arguable that all software has security vulnerabilities of some sort, particularly complex software such as application servers. A Defence in Depth strategy that incorporates Compartmentalisation and Simplicity should help Minimise the Attack Surface exposed in a system.

For example, a system that just has a web server in the DMZ has far less potential exploits than if it had a J2EE application server as well. Compromise of the internet facing firewall would expose far less potentially vulnerable systems to an attacker as a compromise of the operating system hosting an application server could allow an attacker to change security credential propagation settings of the application server itself.

Similarly, an application server in the Restricted Zone that has appropriate J2EE Roles on all of it's EJB and Web entry points is less likely to be vulnerable to direct invocation from employees. [1]

Further detailed information is available on Wikipedia. Primarily the external reference to the MSDN article.

Related References

Policies & Standards

Standard of Good Practice for Information Security

  • Section C12.3.2
    • Host systems should be configured to restrict or disable non essential services, services or protocols susceptible to abuse, execute permissions on sensitive commands or scripts.

NIST - sp800-14 - Generally Accepted Principles and Practices for Securing Information Technology Systems

  • Section 3.11.1 Identification
    • User IDs that are inactive on the system for a specific period of time (e.g., 3 months) should be disabled.

ISO 17799

  • Section 11.4.4
    • Ports, services, and similar facilities installed on a computer or network facility, which are not specifically required for business functionality, should be disabled or removed.

PCI DSS

  • Section - Build and Maintain a secure network - 2.2.2
    • Disable all unnecessary and insecure services and protocols (services and protocols not directly needed to perform the devices’ specified function)

Design Patterns

Navigation

Personal tools