Solution for the above question
An attack surface is simply the possible number ways an attacker
can get into the system. So to prevent such conditions, Consultant
must use the following to identify the attack surface.
1. WHO IS registry :
- WHOIS is a domain name internet registrar and they manages the
reservations of internet domain names.
- Using WHOIS, one can query multiple WHOIS databases on the
internet locating the suspected IP allocations or finding the
suspected domain names etc.
2. Company's firewall ACL
- ACLs are used to permit or deny requests on the system.
- Routers in our network has ACLs that filters traffic.
- We always want to include a deny ip any any
statement in our ACL at the end.
- This is not necessary to drop traffic, but it does have the
router keep statistics on the number of matches on this
statement.
- This can be useful in determining whether an attack is
occurring.
- ACLs are most common is determining DOS attacks.
- Reasons why rest of the options are not preffered but they can
help in some way.
1. Web Crawler :
- Web crawler's job is to get the requested page in the
internet.
- And since web crawlers get infected or malicious and also the
fact that they just get the pages and have no logs about it so
there is no efficient way of extracting any information from the
web crawler.
2.DNS record :
- DNS Record provide information regarding domain names.
- It can only be used to get the IP information about the domain
names that are suspected.
- Whereas WHOIS registry can give a lot more information that
that.
3. Internet Routing Tables :
- Routing tables just typicaly stores the routing addresses of
all the routers in the networks.
- They can only be used to know the address of an suspected
router and nothing more.
4. Directory service queries :
- They are used to extract information about the network
addresses given we have the network resources or vice versa.
- This is also not a great help in determining the attack
surfaces.