The Cybersecurity and Infrastructure Security Agency (CISA) has released a notice regarding updates to the Iranian Cyber Threat Profile.
You can view the original article online: https://www.us-cert.gov/ncas/alerts/aa20-006a.
CISA advises that organizations consider these action items:
- Adopt a state of heightened awareness.
- Minimize gaps in personnel coverage, consistently consume relevant threat intelligence, and ensure contact lists are up to date.
- Increase organizational vigilance.
- Ensure security personnel are monitoring key internal security capabilities and know how to identify anomalies.
- Confirm reporting processes.
- Ensure personnel know how and when to report an incident.
- Exercise organizational incident response plans.
- Ensure personnel are familiar with the key steps they need to take during an incident.
Acumera advises customers to review their current network security profile, including (but not limited to) these actions:
- Review Firewall Policy rules for policies with “open” port forwarding.
- If a policy permits remote access to a device (such as a DVR or tank gauge) from any IP address, changing this to a more limited range of IP addresses and/or isolating the device via segmentation will improve the security profile of that location. To get a current report of all Firewall Policies from AcuVigil, go to PCI Tools > Firewall Policy Report.
- Reassign all devices on the Unrestricted policy to a custom policy.
- The Unrestricted policy is intended for troubleshooting purposes only and opens up more access than is typically needed in a production location.
- Ensure that devices with an InternetAccess policy are properly isolated.
- Unfettered outbound access can be used by malicious actors to spread malware and egress sensitive data. This should be reserved for special use cases, preferably limited to devices that are isolated from the CDE.
- Evaluate access permitted between HQ and sites using Virtual Private Networks (VPNs).
- Firewall rules should be used to limit VPN access from HQ to only those administrative workstations and/or services that require that access. Permitting access to stores from the entire HQ network can aid malware in spreading rapidly across the network and should be avoided.
As always, if you have any questions, please contact the Acumera NOC at 512-687-7401 or email@example.com.
If you would like to learn more about Acumera’s Enhanced Security Services portfolio, including our network analysis framework with Intrusion Detection System (IDS), internal and external scanning, as well as Managed Detection and Response services, please contact Sales at 512-687-7410 or firstname.lastname@example.org.
Organizations that require an annual PCI compliance audit have many options when it comes to choosing a Qualified Security Assessor (QSA) company. While the PCI Security Standards Council validates each QSA company’s adherence to the PCI DSS, there are still differences between QSA companies, their approach …
Organizations can improve their compliance status and reduce the internal burden of compliance by carefully choosing PCI compliant service providers. Selecting the right provider for your company requires careful attention to detail since there is a wide variety of service providers and levels of services they …
Secure, remote connections to POS, ATG, DVR and other devices for fewer onsite tech visits and faster issue resolution
In the current environment of social distancing and uncertainty, as a store or restaurant operator, you are focusing on protecting staff, customers and your business. However, it’s also critical to make sure you don’t let your guard down when it comes to protecting your network. Even …