Network Attack Surface
The network attack surface is all the points at which a threat actor could gain access to hosts and services.
- can use the OSI model to analyze the potential attack surface:
- Layer 1/2
- allows unauthorized hosts to connect to wall ports or wireless networks and communicate with hosts within the same broadcast domain
- Layer 3
- allows unauthorized hosts to obtain a valid network address and communicate with hosts in other zones
- Layer 4/7
- allows unauthorized hosts to establish connections to TCP or UDP ports and communicate with application layer protocols and services
- Layer 1/2
- consider the external/public attack surface separately from the internal/private attack surface
- Each layer requires its own type of security controls
- Provisioning multiple control categories and functions to enforce multiple layers of protection is referred to as defense in depth
- typical weaknesses of network architecture:
- single points of failure
- a “pinch point” relying on a single hardware server or appliance or network channel
- complex dependencies
- services that require many different systems to be available
- failure of individual systems or services should not affect the overall performance of other network services
- availability over confidentiality and integrity
- tempting to take “shortcuts” to get a service up and running
- Compromising security might represent a quick fix but creates long-term risks
- lack of documentation and change control
- network segments, appliances, and services might be added without proper change control procedures
- leads to a lack of visibility into how the network is constituted
- network segments, appliances, and services might be added without proper change control procedures
- over-dependence on perimeter security
- avoid “flat” network architecture
- single points of failure