Compare and contrast an attack surface and vulnerability.

Implementing Cisco Cybersecurity Operations (210-255)

The attack surface of a piece of hardware or software is the total of all potential attack vectors. An attack vector can be a service or other entry point. To be used in an attack there must be a vulnerability present that the attacker can take advantage of.

Vulnerabilities are known or unknown issues with a device or software application. They allow an attacker to do something that was unintended. They can be used to gain access to an asset.

Security analysts always try to reduce the total attack surface for an asset to make it more likely not to have an exploitable vulnerability. This strategy of hardening an asset involves disabling services that are not needed, ensuring that the asset’s software is up to date, and using best practice configuration guides. NIST and CIS have guides for hardening various assets commonly found in enterprise networks.