Project 4: Minimize Attack Surfaces

After completing a vulnerability assessment you probably have a very large list of mitigations to complete. Want an easy way to reduce the number of vulnerabilities in your environment?

By removing nonessential attack surfaces you're reducing the number of attack surfaces (and vulnerabilities) for an attacker to exploit. Some basic steps include:

• Ensure that all exposed forms of remote access are as secure as possible

• Removal of default or test accounts that exist on systems, devices, and applications

• Ensure that administrator accounts don't have the same credentials for multiple systems

• Introduce multi-factor authentication, if appropriate

• Close non-essential ports on Internet-facing and internal systems

• Review and update Access Control Lists (ACLs)

• Remove non-essential software

Some of these activities may introduce new hardware into your environment. Be sure to continue ongoing assessments to identify new vulnerabilities. Use the results of the ongoing assessments to make configuration adjustments as needed.