The Cybersecurity and Infrastructure Security Agency (CISA) has released a notice regarding updates to the Iranian Cyber Threat Profile.
You can view the original article online: https://www.us-cert.gov/ncas/alerts/aa20-006a.
CISA advises that organizations consider these action items:
- Adopt a state of heightened awareness.
- Minimize gaps in personnel coverage, consistently consume relevant threat intelligence, and ensure contact lists are up to date.
- Increase organizational vigilance.
- Ensure security personnel are monitoring key internal security capabilities and know how to identify anomalies.
- Confirm reporting processes.
- Ensure personnel know how and when to report an incident.
- Exercise organizational incident response plans.
- Ensure personnel are familiar with the key steps they need to take during an incident.
Acumera advises customers to review their current network security profile, including (but not limited to) these actions:
- Review Firewall Policy rules for policies with “open” port forwarding.
- If a policy permits remote access to a device (such as a DVR or tank gauge) from any IP address, changing this to a more limited range of IP addresses and/or isolating the device via segmentation will improve the security profile of that location. To get a current report of all Firewall Policies from AcuVigil, go to PCI Tools > Firewall Policy Report.
- Reassign all devices on the Unrestricted policy to a custom policy.
- The Unrestricted policy is intended for troubleshooting purposes only and opens up more access than is typically needed in a production location.
- Ensure that devices with an InternetAccess policy are properly isolated.
- Unfettered outbound access can be used by malicious actors to spread malware and egress sensitive data. This should be reserved for special use cases, preferably limited to devices that are isolated from the CDE.
- Evaluate access permitted between HQ and sites using Virtual Private Networks (VPNs).
- Firewall rules should be used to limit VPN access from HQ to only those administrative workstations and/or services that require that access. Permitting access to stores from the entire HQ network can aid malware in spreading rapidly across the network and should be avoided.
As always, if you have any questions, please contact the Acumera NOC at 512-687-7401 or firstname.lastname@example.org.
If you would like to learn more about Acumera’s Enhanced Security Services portfolio, including our network analysis framework with Intrusion Detection System (IDS), internal and external scanning, as well as Managed Detection and Response services, please contact Sales at 512-687-7410 or email@example.com.
Edge computing can increase efficiencies and drive ROI through many innovative and practical uses. The value of edge computing is that it speeds up data processing and saves bandwidth costs by locally processing computations, storing data and delivering services. Edge computing reduces latency and the time …
Organizations that require an annual PCI compliance audit have many options when it comes to choosing a Qualified Security Assessor (QSA) company. While the PCI Security Standards Council validates each QSA company’s adherence to the PCI DSS, there are still differences between QSA companies, their approaches …
Organizations can improve their compliance status and reduce the internal burden of compliance by carefully choosing PCI compliant service providers. Selecting the right provider for your company requires careful attention to detail since there is a wide variety of service providers and levels of services they …