what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Technical Cyber Security Alert 2011-200A

Technical Cyber Security Alert 2011-200A
Posted Jul 20, 2011
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2011-200A - US-CERT is providing this Technical Security Alert in response to recent, well-publicized intrusions into several government and private sector computer networks. Cyber thieves, hacktivists, pranksters, nation-states, and malicious coders for hire all pose serious threats to the security of both government and private sector networks. A comprehensive security program provides the best defense against the full spectrum of threats that our computer networks face today. Network administrators and technical managers should not only follow the recommended security controls information systems outlined in NIST 800-53 but also consider the following measures. These measures include both tactical and strategic mitigations and are intended to enhance existing security programs.

tags | advisory
SHA-256 | 4a87eb5de090dc25ebd48d8673de5aafcc291456942b65ad5f05132ed3e47288

Technical Cyber Security Alert 2011-200A

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA11-200A


Security Recommendations to Prevent Cyber Intrusions

Original release date: July 19, 2011
Last revised: --
Source: US-CERT


Overview

US-CERT is providing this Technical Security Alert in response to
recent, well-publicized intrusions into several government and
private sector computer networks. Cyber thieves, hacktivists,
pranksters, nation-states, and malicious coders for hire all pose
serious threats to the security of both government and private
sector networks. A comprehensive security program provides the best
defense against the full spectrum of threats that our computer
networks face today. Network administrators and technical managers
should not only follow the recommended security controls
information systems outlined in NIST 800-53 but also consider the
following measures. These measures include both tactical and
strategic mitigations and are intended to enhance existing security
programs.


Recommendations

* Deploy a Host Intrusion Detection System (HIDS) to help block and
identify common attacks.

* Use an application proxy in front of web servers to filter out
malicious requests.

* Ensure that the "allow URL_fopen" is disabled on the web server
to help limit PHP vulnerabilities from remote file inclusion
attacks.

* Limit the use of dynamic SQL code by using prepared statements,
queries with parameters, or stored procedures whenever possible.
Information on SQL injections is available at
<http://www.us-cert.gov/reading_room/sql200901.pdf>.

* Follow the best practices for secure coding and input validation;
use the secure coding guidelines available at:
<https://www.owasp.org/index.php/Top_10_2010> and
<https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/305-BSI.html>.

* Review US-CERT documentation regarding distributed
denial-of-service attacks:
<http://www.us-cert.gov/cas/tips/ST04-015.html> and
<http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf>.

* Disable active scripting support in email attachments unless
required to perform daily duties.

* Consider adding the following measures to your password and
account protection plan.* Use a two factor authentication method
for accessing privileged root level accounts.

* Use minimum password length of 15 characters for administrator
accounts.

* Require the use of alphanumeric passwords and symbols.

* Enable password history limits to prevent the reuse of previous
passwords.

* Prevent the use of personal information as password such as phone
numbers and dates of birth.

* Require recurring password changes every 60-90 days.

* Deploy NTLMv2 as the minimum authentication method and disable
the use of LAN Managed passwords.

* Use minimum password length of 8 characters for standard users.

* Disable local machine credential caching if not required through
the use of Group Policy Object (GPO). For more information on this
topic see Microsoft Support articles 306992 and 555631.

* Deploy a secure password storage policy that provides password
encryption.

* If an administrator account is compromised, change the password
immediately to prevent continued exploitation. Changes to
administrator account passwords should only be made from systems
that are verified to be clean and free from malware.

* Implement guidance and policy to restrict the use of personal
equipment for processing or accessing official data or systems
(e.g., working from home or using a personal device while at the
office).

* Develop policies to carefully limit the use of all removable
media devices, except where there is a documented valid business
case for its use. These business cases should be approved by the
organization with guidelines for there use.

* Implement guidance and policies to limit the use of social
networking services at work, such as personal email, instant
messaging, Facebook, Twitter, etc., except where there is a valid
approved business case for its use.

* Adhere to network security best practices. See
<http://www.cert.org/governance/> for more information.

* Implement recurrent training to educate users about the dangers
involved in opening unsolicited emails and clicking on links or
attachments from unknown sources. Refer to NIST SP 800-50 for
additional guidance.

* Require users to complete the agency's "acceptable use
policy" training course (to include social engineering sites and
non-work related uses) on a recurring basis.

* Ensure that all systems have up-to-date patches from reliable
sources. Remember to scan or hash validate for viruses or
modifications as part of the update process.

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA11-200A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA11-200A Feedback INFO#706140" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2011 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

July 19, 2011: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTiXz1j6pPKYJORa3AQKUOwf+Ij8XMOYEWhPi6aZz+/Ke7DJ/e0oF3DGb
06j7yl5y6pobCu5p80W+gDN6V0A3j2Z0OddFqiqV/TnBQWiyv8Bxx5okcfE01dDk
mNAuFZWqELD3l4sgeNwbZp56z5LLi8NB40Bwgquama9u/98gYHSN5xTQBqBVlV2i
HMDlU2KCqXCN9XIbxpE/z3By4ADvRh6uIulRjJUnGnTWFMBQpc/YmPy+j4WZRpJz
AjVY6V/V2Qe9DGM/A+K0CURqYUtaXOtB9t8OtC4WeyPIZ6GjKAjj3MQ0n8KI+YFW
gBVFbTWmSwRnsX/+LWgAUGPKOrgYQnAKo0Hf4K0vsW4T1039w1sewA==
=Iaax
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close