Attack Surface Analyzer

Developer computers are an essential part of SDLC. You need to ensure that the development environment has been prepared for secure development. The environment should have a minimized attack surface and free of vulnerabilities. Attack Surface Analyzer is an open-source security tool to analyze the changes in the attack surface of development machines due to newly installed software or configuration changes.

Lab 4.1: Attack Surface Analyzer

Part 1: Preparation

1. Click on the “Windows 10”.

Don't use plagiarized sources. Get Your Custom Essay on
Attack Surface Analyzer
Just from $13/Page
Order Essay

 

2. Type in “isecstudent” without quotes as the password to log in to Window 10.

3. Once you logged in, open a Command Prompt with administrator privileges.

a. Click the start button

b. Type cmd

c. Right-click on the cmd icon

d. Click on “run as administrator”.

4. Change directory to C:\Users\isecstudent\.dotnet\tools in the Command Prompt.

5. Run the command “asa gui” to open Attack Surface Analyzer in Microsoft Edge browser.

Part 2: First Run of Attack Surface Analyzer (ASA)

Assume that the Windows 10 computer is the development environment and has the company-approved baseline configuration. Now, assume the role of security administrator and create a snapshot of the computer by following the steps below.

1. Uncheck “Send usage data to Microsoft to help us improve our products”.

2. Click “Get Started”.

3. Keep “Static Scan” checked.

4. Type “First run” into the Run ID field.

5. Keep “Ports” and “Services” checked; uncheck the others.

6. Click the “Collect Data” button.

7. Minimize the Microsoft Edge window.

Part 3: Out-of-Baseline Software Installation

Now, assume the role of developer. For some reason, you want to install the FTP service on your development computer. Double click the file “FileZilla_Server-0_9_60_2.exe” on the desktop and make a default installation of the FileZilla FTP server.

Part 4: Second Run of Attack Surface Analyzer (ASA)

You are again in the role of the security administrator. You want to review any changes that might have been made to the development environment.

1. Click on the Microsoft Edge icon on the taskbar to open the ASA once again.

2. Type “Second run” into the Run ID field.

3. Leave everything else unchanged and click on the “Collect Data” button.

Part 5: Analyze Results

1. Click the “Results” tab on the top menu of ASA.

2. Select “First run” for the “Base Run Id” field.

3. Select “Second run” for the “Product Run Id” field.

4. Click the “Run Analysis” button.

5. After the analysis has been done, choose a type of result to view from the left menu.

a. Select Ports.

Confirm that port 21 is listed in the results pane. Take a screenshot.

b. Select Services.

Confirm that the “FileZilla Server FTP server” service is listed in the results pane. Take a screenshot.

Questions

1. Submit screenshots.

2. What is the difference between a vulnerability and an attack surface?

3. Summarize what you’ve done in this lab as if you are explaining it to a non-technical person.

 

ORDER NOW »»

and taste our undisputed quality.