3.2 Secure enterprise infrastructure
📘CompTIA Security+ (SY0-701)
1. Attack Surface
What is an Attack Surface?
The attack surface is all the possible points where an attacker can try to enter or affect your system. Every device, application, network, or connection that can be accessed is part of your attack surface.
Think of it as the “exposed parts” of your IT environment that can be attacked.
Types of Attack Surfaces
- Network Attack Surface
- Any service or port open on your network that someone could reach remotely.
- Examples:
- Open ports like HTTP (80) or SSH (22) on a server
- VPN access points
- Wireless networks
- Attackers can scan your network and look for these points.
- Software/Application Attack Surface
- Any application feature, interface, or API that can be exploited.
- Examples:
- Web applications accepting user input
- Mobile apps connected to corporate servers
- Database query interfaces (like SQL)
- Bugs or misconfigurations here can allow unauthorized access.
- Physical Attack Surface
- Physical access to hardware or devices can lead to compromise.
- Examples:
- Servers in data centers
- Laptops with sensitive data
- USB ports, network jacks
- Human Attack Surface (Social Engineering)
- Humans are often the weakest link.
- Examples:
- Phishing emails
- Phone scams
- Weak password use
Why it matters
- A larger attack surface = more opportunities for attackers.
- Security professionals aim to reduce the attack surface to limit exposure.
2. Connectivity
What is Connectivity?
Connectivity refers to how devices, networks, and applications are connected. Every connection adds potential risk.
Types of Connectivity to Consider
- Internal Network Connectivity
- Connections within the organization, such as servers, desktops, and printers.
- Poor segmentation here can allow an attacker to move laterally across the network once inside.
- External Connectivity
- Connections to the internet or third-party services.
- Examples:
- Email servers
- Cloud services (like Office 365, AWS, Google Cloud)
- Remote access (VPNs, RDP)
- Remote/Cloud Connectivity
- Employees, contractors, or partners connecting remotely.
- Requires secure methods like VPNs, MFA (multi-factor authentication), and endpoint protection.
3. How Attack Surface & Connectivity Work Together
Think of it like this:
- Every connection to your system (connectivity) creates a potential point an attacker can exploit (attack surface).
- Security must consider both reducing the attack surface and controlling connectivity.
Key Strategies
- Reduce Attack Surface
- Disable unused services and ports
- Remove unnecessary applications
- Regular patching of software
- Secure Connectivity
- Network segmentation (separate critical servers from user devices)
- Firewalls and access control lists (ACLs) to limit traffic
- VPNs or secure tunnels for remote access
- Encryption for data in transit (HTTPS, TLS, IPsec)
- Monitor and Detect
- Use intrusion detection/prevention systems (IDS/IPS)
- Monitor logs for unusual activity
- Use vulnerability scanning to identify exposed areas
4. Exam Focus Points
For Security+ (SY0-701), make sure to know:
- Definition of attack surface: all potential points of entry for attackers.
- Examples of attack surfaces: network ports, applications, users, physical devices.
- Impact of connectivity on security: more connections = larger attack surface.
- Ways to reduce attack surface: minimize open services, patch software, remove unnecessary features.
- Ways to secure connectivity: segmentation, firewalls, secure remote access, encryption.
- Monitoring: detection tools to identify attacks or vulnerabilities.
Quick Memory Tip for Students
Think “SAFETY”:
- S – Secure all devices and services
- A – Analyze connections (internal & external)
- F – Firewalls and filters
- E – Eliminate unnecessary services
- T – Test & monitor continuously
- Y – Your attack surface minimized
By understanding attack surface and connectivity, students can analyze risks, design secure networks, and protect enterprise systems effectively.
