Chapter 1: Attack Surfaces and Attack Trees Flashcards
What is an attack surface?
It is the reachable ann exploitable vulnerabilities in a system
What 3 categories can attack surfaces be divided into?
Network attack surface: the vulnerabilities over an enterprise network, WAN, or Internet. Including network protocol vulnerabilities, disruption of communication links, intruder attacks.
Software attack surfaces: vulnerabilities in application, utility or OS code. One focus is web server software.
Human attack surface: vulnerabilities created by personnel or outsiders, i.e social engineering, human error and trusted insiders.
What is the purpose of an attack surface analysis and what can it help with?
It assesses the scale and severity of threats to a system. It helps in discovering where security mechanisms are required. Can also help in making the attack surface smaller when it has been defined. Gives guidelines for setting priorities for testing, strengthening security measures or modifying the service or application.
Defense in depth and attack surface reduction complement each other in mitigating security risks.
What is an attack tree?
It is a branching, hierarchal data structure that represents a set of potential techniques for exploiting security vulnerabilities.
What is the basic structure of an attack tree?
The root node represents the goal of the attack.
The ways the goal can be reaches i represented as branches and sub-nodes. Each sub-node represents a sub-goal and each sub-goal can have its own set of sub-goals.
Each node (except leafs) are either AND- or OR-nodes.
Why are attack trees used?
They can efficiently represent attacks in a structured manner.
Can guide the design and the choice and strength of countermeasures.
