{"id":368,"date":"2024-05-07T11:54:28","date_gmt":"2024-05-07T09:54:28","guid":{"rendered":"https:\/\/juergenrinelli.de\/?p=368"},"modified":"2024-05-21T16:37:20","modified_gmt":"2024-05-21T14:37:20","slug":"easily-minimize-attack-surfaces-and-security-gaps","status":"publish","type":"post","link":"https:\/\/juergenrinelli.de\/?p=368","title":{"rendered":"Easily minimize attack surfaces and security gaps"},"content":{"rendered":"\n<p><\/p>\n\n\n<figure class=\"wp-block-post-featured-image\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1333\" height=\"448\" src=\"https:\/\/juergenrinelli.de\/wp-content\/uploads\/2024\/05\/mimimizing_attack_surfaces-1.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"\" style=\"object-fit:cover;\" srcset=\"https:\/\/juergenrinelli.de\/wp-content\/uploads\/2024\/05\/mimimizing_attack_surfaces-1.png 1333w, https:\/\/juergenrinelli.de\/wp-content\/uploads\/2024\/05\/mimimizing_attack_surfaces-1-300x101.png 300w, https:\/\/juergenrinelli.de\/wp-content\/uploads\/2024\/05\/mimimizing_attack_surfaces-1-1024x344.png 1024w, https:\/\/juergenrinelli.de\/wp-content\/uploads\/2024\/05\/mimimizing_attack_surfaces-1-768x258.png 768w\" sizes=\"(max-width: 1333px) 100vw, 1333px\" \/><\/figure>\n\n\n<p><\/p>\n\n\n\n<p>As a senior consultant for endpoint management and security, I deal with many companies on a daily basis. Each has its own philosophy when it comes to patch management or closing security gaps. I have also been to various security events and have followed or taken part in countless discussions.<\/p>\n\n\n\n<p>For me, there is a very simple starting point that EVERY company can implement:<\/p>\n\n\n\n<p><strong>Minimize attack surfaces through minimal software installations!<\/strong><\/p>\n\n\n\n<p>What do I mean by that?<br>In general, in most companies I know, EVERY software that could be needed in the company is pre-installed on newly issued or freshly installed systems.<\/p>\n\n\n\n<p>To illustrate this:<br>Let&#8217;s take 500 clients with a simple Adobe Reader or 7zip. If I install this software on all systems, then I also have to keep it up to date on all systems to close security gaps. That is a broad attack surface.<\/p>\n\n\n\n<p>Especially if you assume that this software is only used on a fraction of the systems! Assuming 100 systems. That leaves 400 potential security risks.<\/p>\n\n\n\n<p>Solution and recommendation:<br>Only install what the user really needs on the systems that you issue. The easiest way to do this is via a self-service portal. Every user should install the software they really need from the self-service portal themselves!<\/p>\n\n\n\n<p>Some systems even allow the software to be repaired or uninstalled from this self-service portal. This also saves resources in support, because a ticket is only opened if a software error has not been repaired.<\/p>\n\n\n\n<p>Here is my recommendation: <br>Endpoint Central from <a href=\"https:\/\/www.manageengine.com\">ManageEngine<\/a> contains a self-service portal that offers precisely these functions. It also contains a patch management system that handles Microsoft and 3rd party patches.<\/p>\n\n\n\n<p>You can find more information about Endpoint Central here:<br>Vendor: <a href=\"http:\/\/www.manageengine.com\/products\/desktop-central\/\">www.manageengine.com\/products\/desktop-central\/<\/a><br>Regional Partner: <a href=\"http:\/\/www.manageengine.com\/me_partners.html\/\">www.manageengine.com\/me_partners.html\/<\/a><br>German Partner MicroNova: <a href=\"http:\/\/www.manageengine.de\">www.manageengine.de<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A easy way to minimize attack surfaces and security gaps on Endpoints.<\/p>\n","protected":false},"author":1,"featured_media":372,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":7,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-368","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it-blog"],"_links":{"self":[{"href":"https:\/\/juergenrinelli.de\/index.php?rest_route=\/wp\/v2\/posts\/368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/juergenrinelli.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/juergenrinelli.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/juergenrinelli.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/juergenrinelli.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=368"}],"version-history":[{"count":2,"href":"https:\/\/juergenrinelli.de\/index.php?rest_route=\/wp\/v2\/posts\/368\/revisions"}],"predecessor-version":[{"id":809,"href":"https:\/\/juergenrinelli.de\/index.php?rest_route=\/wp\/v2\/posts\/368\/revisions\/809"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/juergenrinelli.de\/index.php?rest_route=\/wp\/v2\/media\/372"}],"wp:attachment":[{"href":"https:\/\/juergenrinelli.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/juergenrinelli.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/juergenrinelli.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}