[HN Gopher] Attack Surface Analyzer helps you analyze your OS's ... ___________________________________________________________________ Attack Surface Analyzer helps you analyze your OS's security configuration Author : Tomte Score : 97 points Date : 2021-06-22 10:25 UTC (12 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | sloshnmosh wrote: | Will this alert you if your OS is phoning home with telemetry? /s | srcmap wrote: | if it alerts/blocks apps from phoning home.... | rjzzleep wrote: | How does this compare to security baselines with say inspec? | csydas wrote: | I've not used inspec but since I intercept a lot of security | related concerns/complaints from my client base, I decided to | try this out with my company's product. | | Honestly, I'm not impressed, as it's about as it's just a | straight up diff of some collected metrics from different | snapshots with no real context or even mapping of events it | diffs to the application/user/process responsible, and the | discoverability of what actually changed isn't great. | | The reports simply show as HTML text lists (all in red | strangely, which I don't like), and unless I'm mistaken, | there's no interactivity with them. I suppose it's a nice | before and after, but it feels very limited in the information | it offers, and I honestly don't like the UI presentation at | all. Similarly, the documentation references UI elements that | don't exist (for example, it mentions a Results item on the | main menu that is not present, and I believe they mean | Analyze). | | Edit: added to last paragraph since I hit submit too soon. | rjzzleep wrote: | Interesting, anything you would recommend then? | IncludeSecurity wrote: | Recommend for OS diffing, or OS config vuln scanning? | | Former, no idea, the latter is fine with any major COTS | product that does vuln scanning (Nessus/Rapid7/whatever) | they're all pretty decent for doing an authenticated scan | of a host's local config. | s_gourichon wrote: | "OS" is not specified. Page mentions "COM objects" which suggests | OS is Windows. | meowkit wrote: | "Attack Surface Analyzer (ASA) is a Microsoft-developed | Security tool that analyzes the attack surface of a Windows, | Linux or MacOS system and reports on system changes that may | have potential security implications that are introduced by the | installation of software or by system misconfiguration." | | https://github.com/Microsoft/AttackSurfaceAnalyzer/wiki | Krasnol wrote: | https://github.com/microsoft/AttackSurfaceAnalyzer/releases/. | .. | | ASA_linux_2.3.146-beta.zip | | ASA_macos_2.3.146-beta.zip | | ASA_netcoreapp_2.3.146-beta.zip | | ASA_win_2.3.146-beta.zip | [deleted] | user3939382 wrote: | So this is like Microsoft's take on OpenSCAP but targeted at | Windows? | abarringer wrote: | Definitely beta. | | I installed using dotnet tool install -g --version | 2.3.141-beta-g9aa8b4e9b5 Microsoft.CST.AttackSurfaceAnalyzer.CLI | | None of the CSS components load when launch with asa gui. | | This one needs to bake a few more months. | staticassertion wrote: | It's many many years old. | | edit: Oh, so this is a new, open version of the 2012 system. So | perhaps not. | prettyWise wrote: | It's notable that if you run this tool on a computer that has | onedrive set up, it will start downloading cloud-hosted onedrive | files during the filesystem scan phase. | You-Are-Right wrote: | ONE MANTRA OF WISDOM ALWAYS TRUE: | | Security and closed source OS do not live in the same house. | johnklos wrote: | To use the "Attack Surface Analyzer", you need to install | software that significantly alters your attack surface. ___________________________________________________________________ (page generated 2021-06-22 23:01 UTC)