Eaton Corporation plc

05/11/2021 | Press release | Archived content

Cybersecurity design principles | Cybersecurity | Eaton

Minimize attack surface area

The attack surface-the areas within a product or system that could provide opportunities to exploit in a cyberattack-grows larger with every addition of new features, such as adding new network protocols or webpages. Whenever a new feature is added to an existing product or a system, it increases a certain amount of security risk to the overall system. The attack surface area of a product or a system will always increase with time as an organization adds more interfaces or features to the product or system to integrate with other products or systems. However, from a security perspective, it is very important that an organization looks for ways to reduce and minimize the overall size of the attack surface by various means possible.

The aim of cyber secure development is to take proactive steps to reduce the overall attack surface area of the product or system when changes are made. In a product or system, this can be done with steps such as:

  • Reducing the number of user roles
  • Avoiding storage of confidential data that is not needed
  • Disabling features that are not needed or not needed all the time
  • Introducing operational controls such as a Web Application Firewall (WAF) and other intrusion detection and prevention systems

For example, a product might use various open ports and services for operation. However not all ports and services may be needed or even used at all times. You can reduce the attack surface by removing unwanted ports and services from the product, making it more secure.

Similarly, it is important to remove debug ports, headers and traces from circuit boards used during development from production hardware. Such additional mechanisms may be exploited by malicious users to compromise the product or system by dumping the firmware or extracting critical information such as keys and passwords.