Step 1: Identify the most exposed entry points/assets an attacker could exploit to breach the network. These include:
- open ports that shouldn’t be publicly accessible
- outdated network service versions (e.g. outdated, exploitable server software)
- internal network services exposed on the public network
- old and forgotten web technologies, and more.
Step 2: Eliminate unnecessary pathways (e.g. close ports, retire unused services, etc.) and run recurring scans with tools on our platform to validate that your network’s attack surface was reduced. Analyze the same results to identify new open ports or outdated services, among other types of relevant data.
Best practices recommend network segmentation as Step 3, to further minimize a network’s attack surface. For in-depth information about the topic, check out OWASP’s cheat sheet.