Photo by Sander Sammy on Unsplash

Photo by Sander Sammy on Unsplash

Reducing the Attack Surface in Windows

Strong Defense

Article from ADMIN 84/2024
By
The sum total of all possible points of attack can be defined as the attack surface, and you need to take every opportunity to minimize it to the extent possible. Windows has built-in rules that minimize the attack surface; they simply need to be enabled.

The classic protection mechanisms for corporate IT infrastructure have always included regular software updates, up-to-date virus and spam protection, one or multiple firewalls (think network segmentation), and intrusion detection and prevention systems. However, even admins that can tick each of these boxes are not automatically safe and can see their companies fall victim to hackers.

If you conceptualize an organization's IT infrastructure, you can imagine a figurative surface that might include web services offered to the outside world over a network, although it by no means comprises all the elements of the interface. The "attack surface" on which Microsoft documentation [1] focuses is the sum total of potential attack points on the computer systems of an IT network that unauthorized users could exploit. Other terms for these points of attack include security gaps or vulnerabilities, which basically also include physical access to protected hardware.

Besides all the obvious network components, including every type of hardware and the firmware installed and running on it, you also have potential points of attack for hackers on the software side. These vulnerabilities do not necessarily have to be errors in the development of the server software itself. Internet Information Services (IIS) for Windows Server, Apache or N, mail servers, and many other standard services usually come with a secure basic configuration, but the software running on or behind the server often offers direct access to further infrastructure or data in the form of APIs or comparable interfaces.

Even human interfaces can be a relevant part of the attack surface. Cybercriminals often focus on access to the employee or customer user accounts and the infrastructure resources that can be accessed from those accounts. Of course, weak, easily guessed, or compromised passwords used for multiple services pose a risk

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus