(Reposted and updated from my previous blog”)
Over at Mike Maschino’s Cybersecurity VCast site, readers can find a video titled ‘101-Biological analogy of the ontology of cyber vulnerabilities and attacks against the attack surface’.
I found the title more than a little daunting until I watched the video, but once the concept’s understood it becomes a handy method of visualising the threats and vulnerabilities of a given system. And anyone can understand it with a little background knowledge.
The Cyber Attack Surface
Previously I dismissed the term ‘attack surface‘ as jargon, later to find it’s actually a decent visualisation of the flaws and threats in relation to a system’s complexity and scale. There are probably different definitions of ‘attack surface’ but here I’m referring to a network after deployment. It’s generally true that a corporate/enterprise network will have more vulnerabilities and a highr potential for a compromise than a home network, by virtue of the number of hosts, users and services it accommodates. The attack surface is the ground an infosec professional must somehow cover.
The vulnerabilities in the system or network can be visualised as holes in the attack surface, and the number of these holes increases with the area of the surface. There are also the threats looking for those holes (the vulnerabilities).
The Biological and Cyber Cells
So, what’s all this got to do with biology? At some point before the dark ages of the 1990s, before information security became a profession, and when ‘cyber’ meant robots and virtual reality stuff, some IT security people in the US decided to use it as an analogy, and it’s probably how the terms ‘virus’ and ‘anti-virus’ came to be used in relation to malware.
The cells in the human body consist of a surface/wall and a nucleus. The surface is porous and designed to let certain things in and out. If I remember correctly, viruses also manage to penetrate the surface of those cells if they’re unrecognised by the immune system as a threat.
So, with immune systems, threats and semi-porous attack surfaces, we can use this as a model for a ‘cyber security cell’, with the nucleus being a local network, and the cell surface the ‘attack surface’.
And just like local networks, countless cells co-exist in an ecosystem. Most of them communicate in various ways, and there are cells that attack others. In the case of the Internet, the attacking cells could be zombie networks or the origin of targeted attacks.
Again, the area of the attack surface will depend on the scale and complexity of the network. The holes represent the flaws and vulnerabilities caused by:
* Incorrect configuration
* Insecure channels
* Insider threats
There will be numerous threats in the ecosystem trying to penetrate the attack surface:
* Authentication attacks
* Code injection
* Vulnerability exploits
* Privilege escalation
* Physical attacks
* Denial of service
* Social engineering
Like the biological ecosystem, cyberspace also has something of an evolving immune system that adapts to common threats. This immune system consists of the various communities and organisations, such as Infosecurity Europe, Sophos Labs, Tenable Network Security, and others that collaborate, analyse threats, share intelligence, develop security products, and provide the training.