Microcontroller Tips

Microcontroller engineering resources, new microcontroller products and electronics engineering news

Securing devices for the IoT — minimize the attack surface

By Leave a Comment

An attack surface is the sum of all the attack vectors or ways an attacker can gain malicious access to a network or system. The growth in remote work and the adoption of cloud services have increased the number of attack vectors and the attack surface size for most organizations and applications.

This FAQ reviews the different types of attack surfaces, examines some of the more common attack vectors, and concludes with a brief review of how Attack Surface Management (ASM) and Cloud Native Application Protection (CNAPP) can address enterprise security challenges.

Historically, the attack surface has been divided into three segments: the digital attack surface, the physical attack surface, and the social engineering attack surface. More recently, two new attack surfaces have emerged, the artificial intelligence (AI) attack surface and the Internet of Things (IoT) attack surface, and more continue to appear, as shown in Figure 1:

Figure 1: The potential attack surface continues to expand with new developments like AI and the IoT. (Image: JupiterOne)
  • Digital attack surface includes all external vulnerabilities accessible through the internet like system access points, websites, ports, and services.
  • The physical attack surface includes all access points to the network hardware, including equipment on-premises, equipment connecting to the network from outside, and malicious employees who share access with unauthorized individuals.
  • Social Engineering attack surfaces include malicious individuals posing as employees to gain information, capturing credentials through phishing, or sending infected files to an employee.
  • AI attack surface takes advantage of inherent weaknesses in AI systems, such as their vulnerability to manipulation by specially engineered data posted to the system. Systems can also be attacked using a technique called adversarial machine learning, which can identify unanticipated security weaknesses.
  • IoT attack surfaces can be surprisingly dangerous. IoT devices are often small, like wireless sensors, but hacking into them can send false readings to control equipment, potentially affecting production or damaging large and expensive machinery. Other IoT devices are important for facility security. The large numbers and variety of IoT devices can provide an attractive target for gaining access to the wider network.

Types of attack vectors

There can be hundreds of potential attack vectors and large attack surfaces for major operations. Security is a continuous process, especially in large organizations where new software, applications, websites, and hardware constantly appear or evolve. The common types of attack vectors can be obvious or common sense, but they continue to threaten network security, including:

  • Compromised credentials like weak or unprotected passwords
  • Phishing attacks or other ways to manipulate employee behavior to grant access to an unauthorized individual
  • Malicious and disgruntled employees who intentionally share credentials or sensitive data
  • Poor encryption implementations like expired SSL certificates and unpatched data transfer protocols
  • Excessive traffic from distributed denial of service (DDoS) attacks
  • Misconfigured infrastructure or services
  • Unsecured connection with third parties like vendors or customers
Structure of a typical attack surface vector
Figure 2: Structure of a typical attack vector. (Image: CloudFlare)

Protection options

ASM and CNAPP are designed to solve different challenges related to enterprise security. ASM is a broad-based analysis of all available network resources and cyber assets. It considers every aspect of security, from edge devices to the cloud. ASM can be used to define an organization’s attack perimeter and all vulnerable attack surfaces. It aggregates every aspect of the system into a holistic security analysis.

CNAPP is a focused dive into all aspects of a public cloud infrastructure. While ASM provides a broad analysis of internal threat surfaces, CNAPP focuses on finding security issues related to cloud infrastructure and associated services like AWS and Microsoft Azure. CNAPP tools check cloud configurations and scan for misconfigurations and vulnerabilities.

Summary

Minimizing attack surfaces is an important element in IoT and general network security. It involves identifying and minimizing or eliminating the attack vectors that comprise the attack surface. The number and types of attack surfaces and attack vectors are growing, increasing the challenges for security engineers. Tools like ASM and CNAPP are available to help analyze networks and identify potential attack vectors and threat surfaces.

References
8 Immediate Actions to Reduce the Cyber Attack Surface, Cybeready
How do I Reduce My Attack Surface?, Armis
The IoT Attack Surface: Threats and Security Solutions, Trend Micro
Understanding the differences between Cloud Native Application Protection Platforms and Attack Surface Management, JupiterOne
What Is An Attack Surface?, Fortinet
What is an attack surface?, IBM
What is an Attack Surface? (And the Best Way to Reduce It), StrongDM
What is an attack vector?, CloudFlare

 

You may also like:

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *