Â
Following recent news about a reported APT (Advanced Persistent Threat) against RSA Security, we would like to highlight the follwing information:
RSA Security have published an open letter to their customers on their website here.
RSA Security have also issued a SecurCare Online Advisary Notice, which can be found on the SecurCare Online Portal.
Â
Overall Recommendations:
RSA strongly urges customers to follow both these overall recommendations and the recommendations available in the best practices guides available at the SecurCare Online website.
Â
- We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.
- We recommend customers enforce strong password and pin policies.
- We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators.
- We recommend customers re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts.
- We recommend customers pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories.
- We recommend customers watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes.
- We recommend customers harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software.
- We recommend customers examine their help desk practices for information leakage that could help an attacker perform a social engineering attack.
- We recommend customers update their security products and the operating systems hosting them with the latest patches.
Recent Blog Entries
Why SSL VPN Still matters
In fact, it matters even more.
NetWitness Visualise
Your Network: Know everything, Answer anything.
How would you know that you have been hacked?
Think about it for a minute.
How can you secure ActiveSync traffic?
In the second of our series looking at how to secure mobile workers, we concentrate on the ActiveSync Protocol.
How should you develop a Mobile Security Policy?
For the next couple of weeks, we are going to focus on the move towards mobile working and explore the impact that this could have on existing security processes.
Is AntiVirus software really the answer?
AV Signature as Standalone Defence - Failure No Matter Where You Put It