每个人都知道,从安全角度来看(security standpoint),在计算机上安装大量驱动程序和软件会增加其漏洞。当您安装东西时,复杂性会增加,并且遇到安全问题的可能性也会增加。我一直想要一个工具来评估在安装您计划使用的软件时系统的安全性如何发展,但到目前为止我还没有找到。幸运的是,微软(Microsoft)发布了一个名为Attack Surface Analyzer的免费评估工具(evaluation tool)。如果您想了解有关它的更多信息以及如何使用它,请阅读本文。
必须具备先决条件(Must Have Prerequisite)- NET Framework 4
在运行Microsoft Attack Surface Analyzer的安装程序之前,下载并安装Microsoft.NET Framework 4(Web 安装程序)(Microsoft.NET Framework 4 (Web Installer))。如果在安装Attack Surface Analyzer之后安装它,您将只能访问该工具的命令行版本(command line version)。如果您更喜欢使用图形用户界面(user interface),请在安装 Microsoft 的Attack Surface Analyzer之前安装Microsoft.NET Framework 4。
您可以在此处找到(here)攻击面分析器(Attack Surface Analyzer) 。
Microsoft 攻击面分析器(Microsoft Attack Surface Analyzer)- 它有什么作用?
可以在Attack Surface Analyzer 自述(Attack Surface Analyzer Readme)文件中找到有关该工具的完整信息。我强烈建议您下载并阅读此文档。
总结关键点,攻击面分析器(Attack Surface Analyzer)执行以下操作:
- 扫描(Scans)您的操作系统(operating system)以创建其安全性和漏洞级别(security and vulnerability level)的基线;
- 它会随时再次运行(在您安装驱动程序、更新、应用程序等之后)以捕获系统中发生的更改;
- 将您的基线与任何后续扫描进行比较,并从(scan and shares)安全和漏洞的角度(security and vulnerability perspective)分享已发生变化的报告。
该报告包括检测到的安全问题(易受攻击的可执行文件、具有易受攻击的可执行文件的目录、弱注册表设置、易受攻击的进程、线程和服务等)以及有关系统内部发生变化的完整信息(正在运行的进程、打开的窗口、系统模块、服务、驱动程序、文件注册、Internet Explorer错误配置、防火墙规则等)。
如何使用微软(Microsoft)的攻击面分析器(Attack Surface Analyzer)
运行攻击面分析器(Attack Surface Analyzer)。确保选中“运行新扫描”("Run new scan"),然后按运行扫描(Run Scan)。
等待(Wait)数据收集过程(collection process)结束。这需要一段时间,所以请耐心等待。
数据收集完成后,您将返回初始屏幕并显示此扫描信息的存储路径。不应删除此文件,因为它将是您将来进行比较的基准。
安装应用程序、驱动程序以及要安装和评估的所有内容后,再次运行该工具并进行新的扫描。
完成新扫描后,让工具保持打开状态并选择“生成标准攻击面报告”("Generate standard attack surface report")。
然后,选择基线文件(baseline file)加上最近一次扫描生成的文件,然后按Generate。
将在Internet Explorer中显示 HTML 报告,其中包含三个部分:报告摘要、安全问题(Report Summary, Security Issues)和攻击面,所有这些都显示有关系统安全的有用信息以及与(Attack Surface)基线扫描(baseline scan)相比它的变化情况。
这个工具什么时候有用?
攻击面分析器(Attack Surface Analyzer)是一个复杂的工具,它以非常详细的方式显示重要数据。因此,其目标受众(target audience)主要由具有良好技术技能的专业人士和高级用户构成。
该工具在许多情况下都很有用,包括:开发新软件并测试其安全漏洞,在安装所需的标准软件(standard software)后评估网络中计算机上存在的安全问题,评估您自己的安全问题计算机,在安装您计划定期使用的所有软件后。
Evaluate How the Apps & Drivers Installed Weaken the Security of a PC
Everybody knows that installing lots of drivers аnd software on a computer increases its νulnerabilitу from a security standpoint. As you install ѕtuff, the cоmplexity incrеases as well as the likelihood of encounterіng security іssues. I always wanted a tool to evaluate how the security of a system evolves while installing software that you plan to use and so far I haven't found one. Luckily, Microѕoft released a free evaluаtion tool named Attack Surface Analyzer. If you want to learn more about it and how to use it, read this article.
Must Have Prerequisite - NET Framework 4
Download and install Microsoft.NET Framework 4 (Web Installer) prior to running the setup for Microsoft Attack Surface Analyzer. If you install it after you install Attack Surface Analyzer, you will have access only to the command line version of the tool. If you prefer to use a graphical user interface, install Microsoft.NET Framework 4 prior to installing Microsoft's Attack Surface Analyzer.
You can find the Attack Surface Analyzer here.
Microsoft Attack Surface Analyzer - What Does It Do?
Complete information about the tool can be found in the Attack Surface Analyzer Readme document. I strongly recommend that you to download and read this document.
To summarize the key points, Attack Surface Analyzer does the following:
- Scans your operating system to create a baseline of its security and vulnerability level;
- It is run again at any time (after you install drivers, updates, applications, etc) to capture the changes taking place in your system;
- Compares your baseline with any subsequent scan and shares a report of what has changed from a security and vulnerability perspective.
The report includes the security issues that were detected (vulnerable executables, directories with vulnerable executables, weak registry settings, vulnerable processes, threads and services, etc.) and complete information about what has changed inside your system (running processes, open windows, system modules, services, drivers, file registrations, Internet Explorer misconfigurations, firewall rules, etc).
How to Use Microsoft's Attack Surface Analyzer
Run Attack Surface Analyzer. Make sure "Run new scan" is selected and press Run Scan.
Wait for the data collection process to end. It will take a while, so arm yourself with some patience.
When, the data collection is done, you are returned to the initial screen and shown the path where the information from this scan was stored. This file should not be deleted as it will be the baseline against which you will make future comparisons.
After you install applications, drivers, everything you want to install and evaluate, run the tool again and make a new scan.
When the new scan is done, leave the tool open and select "Generate standard attack surface report".
Then, select the baseline file plus the file generated by the latest scan and press Generate.
An HTML report will be shown in Internet Explorer, with three sections: Report Summary, Security Issues and Attack Surface, all displaying useful information about your system's security and how it has changed compared to the baseline scan.
When Is This Tool Useful?
The Attack Surface Analyzer is a complex tool which displays important data in a very detailed manner. Therefore, its target audience is formed mostly by professionals and power users with good technical skills.
The tool can be useful in many scenarios, including: developing new software and testing its security vulnerabilities, evaluating the security issues existing on computers that are part of a network after you install the standard software that is required, evaluating the security issues of your own computer, after installing all the software you plan to use on a regular basis.
