Reduce your ‘Attack Surface’ with Automation

Reducing the attack surface of a scheduler

Security is without a doubt one of the primary concerns in IT today. The added security provided by implementing a comprehensive automation strategy is often overlooked and underestimated, since the security benefits of automation are typically overshadowed by the more obvious benefits such as increased efficiency and reduction in human error.

Human error can occur every time a human logs on to a server and performs an action. Of course the possibility also exists that the person could also deliberately perform a malicious act. Intel Security published a paper in September 2015 entitled “Grand Theft Data” which states that “Internal actors were responsible for 43% of data loss, half of which is intentional, half accidental.”

In most cases, a user (or administrator) connects to a server from a device – a device which may be susceptible to malware which could be transferred to a server when a connection is made. So, the attack surface is not only made larger by every action carried out by every connected user, it is also made larger by every connected device.

Automation can significantly reduce the number of human interactions with a server, which in turn can reduce the number of devices which connect to a server. Automation can also significantly reduce the number of logins/users that need to be set up on a server, since many tasks can be run under a small number of ‘production’ users that can typically be set up to not allow interactive connections.

Minimizing human interaction with a system has long been viewed as a major step towards making a system more secure – extending even as far as operating system design and implementation.

Microsoft’s introduction of the ‘Server Core’ option with Windows Server 2008 is an example of this. Microsoft describes Server Core as follows:

“Server Core is a minimal server installation option for the Windows Server 2008 R2 operating system. Server Core provides a low-maintenance environment capable of providing core server roles.

Server Core is designed to provide an environment that reduces:

  • Servicing requirements
  • Management requirements
  • Attack surface
  • Disk space usage

To accomplish its core, critical roles, the Server Core installation option only installs the binaries required by its supported roles. For example, the Explorer shell is not installed with Server Core. Instead, the Server Core user interface is the command prompt.”

Just as Server Core provides those benefits for Windows Server implementations, Automation provides the same benefits (with the exception of significantly reducing disk space usage) for ALL servers. Reducing the ‘Attack Surface’ has, in the past been, viewed as a positive side effect of automation. With an ever-increasing number of cyber-attacks being reported, making a system more secure has become an explicit reason to implement automation, not just a positive side effect. Automation not only helps reduce the risk of cyber-attack from sources outside an organization, it also reduces the risk of deliberate attacks from inside an organization. Furthermore, it reduces the risk of damage by human error.

In the article “Why is Server Core Useful?” (https://msdn.microsoft.com/en-us/library/dd184076.aspx), the Attack Surface is described as the “possible vectors for malicious attacks on the server”. The problem with that definition is that it assumes all ‘attacks’ are planned and ignores the fact that human error can have consequences as severe as any malicious attack. In fact, IBM states that 95% of all security incidents involve human error. This is discussed in an excellent article published by IBM at https://securityintelligence.com/the-role-of-human-error-in-successful-security-attacks/.

Every human interaction with a system has the potential to inflict damage on that system, either deliberately or accidentally. Every entry point to the system increases the area of the Attack Surface exposed by that system. CIOs, CTOs and IT administrators should be paying ongoing attention to minimizing the Attack Surface of every one of their systems. Automating as many human tasks as possible is an effective aid in this regard.