What’s the attack surface in infosec?

Print anything with Printful



An attack surface is any area where an unauthenticated user can execute or inject code into a system. It is broken down into three areas: network, software, and human. Attack surfaces can be reduced by limiting functions available to unauthenticated users and giving new employees minimal freedom until they are entrusted with data. However, reducing attack surfaces does not reduce the damage an attack can deal, only the chances of an attack occurring.

An attack surface in information security is any area where an unauthenticated user can execute or inject code into the system. This is broken down into three areas: network, software and human attack surface. While surfaces are technically just a measure of how unauthenticated users can access your system, another attack can come from a trusted employee. There are ways to reduce an attack, such as creating fewer functions that users can add code to, having less code overall, and breaking down these functions so only trusted users can access them. Reducing attack surfaces does not reduce the damage an attack can deal, only the chances of an attack occurring.

When it comes to programs, networks and websites, there will always be an attack surface. Some surfaces can be reduced or eliminated, but others are vital to the success of a program. For example, an input form that allows users to write messages is considered a security threat. At the same time, if there is a program or website that needs to collect information from users and the user has to type the information manually, an input field is the only way to make this possible.

Attack surfaces are measured in three categories. Network attack surfaces are found in the network and are mainly caused by open ports or sockets or by the presence of tunnels piercing the network. Tunnels are sometimes hard to find, because they can appear to be regular traffic on the network. A software attack surface is any area or function in a program that a user can use, regardless of location or authentication.

The human attack surface is different from the other two, because the network and software surfaces rely on unauthenticated users. The human surface involves disgruntled or unscrupulous employees stealing or destroying data. If an employee leaves the company and a new employee needs access to the data, this is also considered a security threat, because it is not yet clear how much trust can be placed in the new employee.

The reduction of an attack surface varies depending on the area being reduced. With network surfaces, all ports and sockets must be closed to all users other than trusted sources. In software surfaces, the amount of overall code should be kept to a minimum, and the amount of functions available to unauthenticated users should be limited to a few areas. Reducing human footprint can be difficult, and this can only be done effectively by giving new employees minimal freedom to perform functions until he or she is entrusted with the data.




Protect your devices with Threat Protection by NordVPN


Skip to content