If your job is to guard your company's network, you'd do well to employ a fundamental naval defense tactic and avoid exposing your network's broadside to the enemy. When you employ attack surface reduction in the virtual world of computers, you reduce any set of functionality that can be attacked. Attack surface reduction can be effective against both automated malware and malicious intruders. Systems can be penetrated through compromised passwords, security misconfigurations, or unpatched components, and in all cases attackers are successful because a service, port, or other feature presented them with a target. When you eliminate unneeded functionality, you eliminate such targets and implement an additional layer in your defense-in-depth strategy. Let's look at some specific ways you can reduce your company network's attack surface.
Batten Down the Network
Start with the network itself. Many small businesses run a simple broadband gateway firewall router, such as is available from vendors such as Netgear (http://www.netgear.com), Linksys (http://www.linksys.com), and D-Link (http://www.d-link.com). Firewalls reduce a network's attack surface by using Network Address Translation (NAT) to present one IP address to the Internet and hiding the internal network's components from view. But don't forget about the attack surface of the firewall itself. Firewall routers have an option that allows remote administration through a Web browser. Although this option offers the convenience of administering your firewall from any Internet-connected machine, if you enable the option, you significantly increase the attack surface of your firewall. . . .
Register
