Task 27, Day 22, Attack Surface Reduction Threats are failing all around me

Two to go…

Attack Vectors

Tool, technique, or method used to attack a computer system or network. Attacks include but not limited to:

  • Phishing emails
  • DoS or DDos
  • Web drive-by - flaws in web browsers that compromise the security of the victim by merely visiting a website
  • Unpatched Vulns - web server or network interface

Attack Surface

Surface area of the victim of an attack that can be impacted by an attack vector and cause damage. Attack surfaces generally contain:

  • email server
  • internet-facing web server
  • End-user machines connected to internet
  • Humans - manipulated or tricked by social engineering

Attack Surface Reduction

Surface can not be eliminated without fleeing battlefield, but can be reduced. Consider Greek Phalanx - front of defending army covered by shields, walls/geography cover sides, leaving no room for attacker. In cybersecurity most secure computer is one that is shut down with cables removed. Need to focus on reduction, not elimination.

How to

Based on AoC occurences:

Close the ranks

Website defaced because of open SSH port, closed the port

Put up shields

SSH port was protected by password, but not strong enough to resist brute-forcing. Make brute-forcing more expensive and less feasible by implementing stronger password and timeout after X failed attempts.

Control the flow of information

GitHub repo with sensitive info, including credentials. Made information private, best practice to ensure credentials and sensitive info not committed to GitHub repos.

Beware of deception

Phishing emails when no phishing protection enabled. Enable filtering on server so mail identified as apoofed or phishing was dropped instead of delivered.

Prepare for countering human error

Delivered phishing email contained doc with malicious macros. Mitigate the risk by disabling macros on end-user machines to avoid malicious macro-based attacks.

Strengthen every soldier

Strenghtened network as whole, then used MS’s Attack Surface Reduction rules built into Defender for Endpoint to build similar rules for own EDR (Endpoint Detection and Response) platform.

Make the defense invulnerable

Further strengthened by carryingout vuln scans highlighting vulns in internet-facing infrastructure. Patched the vulns.

The Task

Get the flag by answering questions on static site and increasing defences.

Task done, fun quiz, moving on.