[HN Gopher] Attack Surface Analyzer helps you analyze your OS's ...
___________________________________________________________________
Attack Surface Analyzer helps you analyze your OS's security
configuration
Author : Tomte
Score : 97 points
Date : 2021-06-22 10:25 UTC (12 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| sloshnmosh wrote:
| Will this alert you if your OS is phoning home with telemetry? /s
| srcmap wrote:
| if it alerts/blocks apps from phoning home....
| rjzzleep wrote:
| How does this compare to security baselines with say inspec?
| csydas wrote:
| I've not used inspec but since I intercept a lot of security
| related concerns/complaints from my client base, I decided to
| try this out with my company's product.
|
| Honestly, I'm not impressed, as it's about as it's just a
| straight up diff of some collected metrics from different
| snapshots with no real context or even mapping of events it
| diffs to the application/user/process responsible, and the
| discoverability of what actually changed isn't great.
|
| The reports simply show as HTML text lists (all in red
| strangely, which I don't like), and unless I'm mistaken,
| there's no interactivity with them. I suppose it's a nice
| before and after, but it feels very limited in the information
| it offers, and I honestly don't like the UI presentation at
| all. Similarly, the documentation references UI elements that
| don't exist (for example, it mentions a Results item on the
| main menu that is not present, and I believe they mean
| Analyze).
|
| Edit: added to last paragraph since I hit submit too soon.
| rjzzleep wrote:
| Interesting, anything you would recommend then?
| IncludeSecurity wrote:
| Recommend for OS diffing, or OS config vuln scanning?
|
| Former, no idea, the latter is fine with any major COTS
| product that does vuln scanning (Nessus/Rapid7/whatever)
| they're all pretty decent for doing an authenticated scan
| of a host's local config.
| s_gourichon wrote:
| "OS" is not specified. Page mentions "COM objects" which suggests
| OS is Windows.
| meowkit wrote:
| "Attack Surface Analyzer (ASA) is a Microsoft-developed
| Security tool that analyzes the attack surface of a Windows,
| Linux or MacOS system and reports on system changes that may
| have potential security implications that are introduced by the
| installation of software or by system misconfiguration."
|
| https://github.com/Microsoft/AttackSurfaceAnalyzer/wiki
| Krasnol wrote:
| https://github.com/microsoft/AttackSurfaceAnalyzer/releases/.
| ..
|
| ASA_linux_2.3.146-beta.zip
|
| ASA_macos_2.3.146-beta.zip
|
| ASA_netcoreapp_2.3.146-beta.zip
|
| ASA_win_2.3.146-beta.zip
| [deleted]
| user3939382 wrote:
| So this is like Microsoft's take on OpenSCAP but targeted at
| Windows?
| abarringer wrote:
| Definitely beta.
|
| I installed using dotnet tool install -g --version
| 2.3.141-beta-g9aa8b4e9b5 Microsoft.CST.AttackSurfaceAnalyzer.CLI
|
| None of the CSS components load when launch with asa gui.
|
| This one needs to bake a few more months.
| staticassertion wrote:
| It's many many years old.
|
| edit: Oh, so this is a new, open version of the 2012 system. So
| perhaps not.
| prettyWise wrote:
| It's notable that if you run this tool on a computer that has
| onedrive set up, it will start downloading cloud-hosted onedrive
| files during the filesystem scan phase.
| You-Are-Right wrote:
| ONE MANTRA OF WISDOM ALWAYS TRUE:
|
| Security and closed source OS do not live in the same house.
| johnklos wrote:
| To use the "Attack Surface Analyzer", you need to install
| software that significantly alters your attack surface.
___________________________________________________________________
(page generated 2021-06-22 23:01 UTC)