Cyber Self Defense: Reduce your attack surface
I hope that you’re planning to attend because we’ll be focusing on real-time attacks and practical advice rather than discussing hypothetical catastrophes that may never occur. Frankly, the real world of cyber conflict is scary enough and that’s rarely covered in mainstream media.
When I give presentations on this subject, I include a slide that lists two general principles and 4 high level actions that are applicable to individuals, enterprises, and government departments:
The two “truisms” shouldn’t need further explaining, except to say that if anyone tries to sell you a product or service that makes claims to the contrary, you should run, not walk, in the other direction. The four tactics that follow, however, do require further explanation. This article will focus on the first one -
Reduce Your Attack Surface
Once you understand that you cannot stop every attack, and that the attacker has a vast advantage over the defender, the next logical action to take is to reduce the number of attack vectors that a potential adversary may choose from.
Adobe and Microsoft. The vast majority of exploits today are run against Adobe and Microsoft client products, therefore the first step in reducing your attack surface is to switch from those clients to anything else that accomplishes the same task. In my case, for example, I replaced Adobe Acrobat Reader with an alternative free .pdf reader that I found on Cnet. I un-installed the entire Microsoft Office suite in favor of OpenOffice and a different email client. I also deactivated Internet Explorer (you cannot uninstall it from a Windows 7 machine) and use alternative browsers instead. Remember, this is not about brand loyalty. It’s about security. By making these changes, you’ve just shrunk your attack surface by a considerable margin.
LinkedIn, Facebook, Twitter. Social networking applications have permeated our personal and professional lives. As a result, they represent a veritable gold mine of personal data which adversaries use to construct spear phishing attacks, target opposition groups, and mine for competitive advantage. The intelligence services of most nations use them to collect data on military deployments, for example, or to discern troop levels and conditions on the ground at various strategic locales. Since its almost impossible to defend against a pure social engineering attack, and since family members are often involved as well, the best plan of action is to reduce the size of your social networking footprint.
This strategy will serve you well regardless of how large or small your enterprise or government department is. Bring your own suggestions, questions, or arguments on this topic. We’ll have plenty of time for a discussion.
Ultimately, if you protect the endpoint you’ve taken most of the targets out of play. Whitelisting, done well, does that. http://www.naknan.com/php/helpdesk-0.9.9/UserGuide/index.html will give you a look at our User Guide, but creative use of the four major functions provided by Naknan’s Security Assistant (anti-unauthorized software; secure remote command without userID/password; patch management; and filesystem audit by inspection) makes this a powerful IT security tool.
Your strategy is useful for low assurance systems currently in play, but the assumptions change when you are able to inject internal controls and convert systems into high assurance systems.
Excellent advice. Adobe has been a target of choice of hackers and Internet Explorer 8 on Windows 7 was hacked in about 2 minutes at a recent security hacking contest (Pwn2Own). Ubuntu is looking really nice about now. It’s my favorite Linux distro and is pretty intuitive for users switching from Windows.
On the social networking side, I have friends in the military that are getting a lot of horribly misspelled Facebook messages that link to malware sites from friends that didn’t send them. Crazy…