logo

Attack Surface Modelling

   

Added on  2022-12-27

5 Pages1084 Words51 Views
Name of University
Computer Security
Student Name
Course Name
Submission Date

ATTACK SURFACE MODELLING
Attack surface is a point on a network system at which an attacker can exploit to gain
access in order to perform security violation. Attack surfaces are categorised as network attack
surface, software attack surface and human attack surface (Misra and Sumit, 2017). Network
attack surfaces are launched through the networks. Software attack surface is made up of the
source code and functionalities of software. Human attack surface are usually led by
unauthenticated users. Planet of the Grapes is vulnerable to both digital and physical attack
surfaces.
Network level attacks
These attacks are aimed at exploiting basic network protocols in order to gain access to a
system. One of the network surface attacks at Planet of the Grapes network is the user's remote
access services. According to a report by Microsoft (2019), remote code execution vulnerability
exists in Remote Desktop Services that when exploited, it can allow an attacker to execute
random code on the objective system. This vulnerability has been documented at CVE-2019-
0708. In addition, the remote access service opens up a lot of loop holes in the system since
most of the computers are configured to default user accounts -Admin and User. This can open
up attacks such as Man-in-the Middle Attacks (MiTM) and Denial of Service (Network Level
Authentication). The lack of specific user accounts exposes the network to an array of issues if
one account is compromised. Audit trail also becomes an issue since there is no central
administrative control. This could have been implemented by utilizing Active Directory security
features.
Another network surface attack is exploiting Cisco ADSL Routers CVE-2017-11587
Directory Traversal Vulnerability. This vulnerability can allow an attackers to send crafted
requests with directory-traversal sequences ('../') to read random files in the setting of the system
which may help the intruder in additional attacks. Local computers should also be well
configured to mitigate exploitation of know default setting like admin, root and user default
accounts.

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Computer Security Project: Attack Surface Modelling and Legacy Code Vulnerabilities
|13
|2389
|27

Exploiting the Eternal Blue Vulnerability (CVE-2017-0144) in SMB
|8
|1879
|487

CVE-2017-0144 Vulnerability
|4
|666
|199

ICT287 Computer Security: Planet of the Grapes
|14
|2703
|84

Windows RPC Vulnerability CVE-2008-4250: Technical Description, Attack Vectors, and Mitigation
|5
|927
|426

Cyber Security: Vulnerabilities, Exploitation, and Security Controls
|10
|2384
|453