Hello everyone! Apologies for the delay in this installment of Security Fridays. There have been quite a few things going on. I was in New York for a conference, and then it was my best friend's wedding followed by more wedding invitations to attend. The weather has been glorious, and I hope you have been making the most of summer so far.
Today, we're talking about the external attack surface of an organization.
When it comes to securing an organization, a huge emphasis is placed on patching workstations, securing the internal network, segregating devices, and network traffic scanning, among other things. All of this takes place internally.
However, what about your external-facing assets, systems, and interfaces? For example, think of it as a locked door that only allows certain traffic through. What if the door has a weakness? A pane of glass that has developed a hairline crack that can only be seen at the right angle. If you're not looking for it, you may not see it.
To understand the external attack surface, it's important to consider various elements:
- Network Infrastructure: Devices such as routers, firewalls, switches, and other networking components that provide internet connectivity. Misconfigurations or vulnerabilities in these devices can provide opportunities for attackers to gain unauthorized access.
- Web Apps: Websites, web portals, and other web-based applications are common entry points for attackers. Vulnerabilities in the code or misconfigurations in the application's security settings can expose sensitive data or allow unauthorized access.
- APIs (Application Programming Interfaces): Exposing insecure or poorly implemented APIs can lead to data breaches or unauthorized access to systems and services.
- Cloud Services: Misconfiguration can easily lead to a data breach or the takeover of user accounts.
- Internet of Things (IoT) Devices: Weak authentication, outdated firmware, or insecure network configurations in IoT devices can expose vulnerabilities that attackers can exploit.
- Third-Party Integrations: This can include third-party libraries or plugins.
- Social Engineering: Social engineering techniques, such as phishing emails or phone scams, can trick employees into revealing sensitive information or granting unauthorized access.
Managing and mitigating these risks begins with identifying your external attack surface, performing assessments, and working towards mitigating the vulnerabilities and risks.
Constantly scanning your external attack surface using vulnerability scanning tools such as Shodan, Microsoft Defender EASM, Scorecard.io, etc., can provide insight into how large your attack surface is.
Going back to the example of the hairline crack in the pane of glass from earlier, at some point, that crack will become more noticeable. Having the scanning in place will provide an early warning alert and help prevent a breach.
Circling back to Veeam, ensure that your Veeam B&R servers and proxies are not publicly accessible!
When backing up your data to cloud providers, restrict access to certain IPs and ports. Regularly audit permissions and ensure permissions are as precise as possible.
A word of warning: Check with third-party providers before attempting to run scans against their infrastructure and services, as it may be prohibited.