Solution
David answered on
Dec 26 2021
ERM Roadmap
Friday, June 30, 2017
1
Introduction
In this report we discuss about attack surface types of attack on virtual machine and solution of
virtual machine
Attack surface
An attack surface is a combination of physical, network software attack of the vulnerabilities in
a any computing device or network that are accessible to a hacker if hacker trying to
eak into
a system starts with scanning the target’s attack surface for possible attack vector [1]
ï‚· An active attack or passive attack
ï‚· Ethical hacking
ï‚· A hacking competition
There are three type of attack
ï‚· The network attack surface.
ï‚· The software attack surface.
ï‚· The physical attack surface.
The potential part of the network attack surface is every point of network interaction. If we want
to reduced attack surface by closing unnecessarily open ports and limiting the resources that are
available to untrusted users and to the Internet.
As all running code has the possibility of having exploitable vulnerabilities, one of the first and
simplest ways to limit software attack surface is to reduce the amount of running code. The more
a piece of malware can use various exploits, the more chance it can get in via a hole in a target
system’s attack surface.[2]
Physical access also constitutes an attack surface, which overlaps with the social engineering
attack surface. This surface is exploitable by inside vectors such as rogue employees or hired
workers.
External risks include password retrieval from carelessly discarded hardware or from password
sticky notes .strong authentication, destroying hard drives before throwing them out and
efraining from leaving hard copy access data
1. USB thumb drives: With the help of USB thumbs drives attacker can infect a network from
inside a firewall. Due to USB thumbs drives are inexpensive, small, hold a lot of data and can be
used between multiple computer types so that is very easy for hacker to attack to computer
system. The ubiquity of thumb drives has driven hackers to develop targeted malware, such as
the notorious Conficker worm, that can automatically execute upon connecting with a live USB
port. [3]
2. Laptop : Laptops are portable system ,laptop work like a desktop but it easy to use , can
operate using an internal battery and come with a handy Ethernet port for directly connected into
a network. This notebook could belong to an internal employee or guest who's visiting and
working from an open cube or office. If a employee use infected laptops may leads to
compromising an internal network security, As company has some forms of sensitive
information transaction records, home addresses, phone numbers and Social Security numbers
salary information, financial information about company and business partner information
3. Wireless access points: Wireless APs provide immediate connectivity to any user within
proximity of the network. With the help of wireless attack method intruders penetrated the
computer systems that process and store customer transactions including credit card, debit card,
check and merchandise return transactions.
4. Inside connections: Internal company employees can also inadvertently or intentionally
access areas of the network that they wouldn't or shouldn't otherwise have access to and
compromise endpoints
5. The Trojan human (Physical Security): the Trojan human comes into a business in some
type of disguise like business attire or legitimate repairman (appliance, telecom, HVAC). These
types of tricksters have been known to penetrate some pretty secure environments, including
server rooms. We shouldn't forget that the human mind is a very effective at storing information.
Who is watching you when you log into your desktop? Where are your hard copies stored? What
confidential documents are you reading on laptop at the coffee shop, airplane, etc.?
6 E-mail: E-mail is frequently used within businesses to send and receive data; however, it's
often misused. Messages with confidential information can easily be forwarded to any external
target.
Unauthorized Access Using Password Brute-Forcing or Password-Guessing
Attacks
An attacker residing may achieve unauthorized access to a component. For instance, an attacker
may access a management console through random or systematic guessing of passwords.
Unauthorized Access Using Remote Application Exploitation Attacks
An attacker may be able to gain unauthorized access to the component. For instance, an attacker
with access to a management console may exploit buffer overflow vulnerability in a application
server to gain access to applications
Unauthorized Destruction Using API Exploitation Attacks
An unauthorized destruction case could involve a malicious user deleting network flows to
prevent traffic from reaching its destination by exploiting vulnerability.
Unauthorized Access Using Remote or Local Application Exploitation Attacks
A malicious user or an attacker with access to the component may be able to escalate her
privileges. For instance, an attacker could exploit a session management vulnerability to execute
commands on behalf of a more privileged user
Unauthorized Disclosure of Information Using Traffic Sniffing Attacks
An attacker could conduct a sniffing attack to take advantage of unencrypted communications or
communications using weak encryption to intercept configuration data.
Unauthorized Modification Using Identity Spoofing Attacks
An attacker may spoof the identity of a legitimate controller to attempt to interact with a network
element to instantiate flows into the network element’s flow table
Unauthorized Disclosure of Information Using Side Channel Attacks
An attacker may conduct a side channel attack to determine if a flow rule already exists by
detecting a difference in the time required for a new...