The Cybersecurity and Infrastructure Security Agency (CISA) has released a notice regarding updates to the Iranian Cyber Threat Profile.
You can view the original article online: https://www.us-cert.gov/ncas/alerts/aa20-006a.
CISA advises that organizations consider these action items:
- Adopt a state of heightened awareness.
- Minimize gaps in personnel coverage, consistently consume relevant threat intelligence, and ensure contact lists are up to date.
- Increase organizational vigilance.
- Ensure security personnel are monitoring key internal security capabilities and know how to identify anomalies.
- Confirm reporting processes.
- Ensure personnel know how and when to report an incident.
- Exercise organizational incident response plans.
- Ensure personnel are familiar with the key steps they need to take during an incident.
Acumera advises customers to review their current network security profile, including (but not limited to) these actions:
- Review Firewall Policy rules for policies with “open” port forwarding.
- If a policy permits remote access to a device (such as a DVR or tank gauge) from any IP address, changing this to a more limited range of IP addresses and/or isolating the device via segmentation will improve the security profile of that location. To get a current report of all Firewall Policies from AcuVigil, go to PCI Tools > Firewall Policy Report.
- Reassign all devices on the Unrestricted policy to a custom policy.
- The Unrestricted policy is intended for troubleshooting purposes only and opens up more access than is typically needed in a production location.
- Ensure that devices with an InternetAccess policy are properly isolated.
- Unfettered outbound access can be used by malicious actors to spread malware and egress sensitive data. This should be reserved for special use cases, preferably limited to devices that are isolated from the CDE.
- Evaluate access permitted between HQ and sites using Virtual Private Networks (VPNs).
- Firewall rules should be used to limit VPN access from HQ to only those administrative workstations and/or services that require that access. Permitting access to stores from the entire HQ network can aid malware in spreading rapidly across the network and should be avoided.
As always, if you have any questions, please contact the Acumera NOC at 512-687-7401 or email@example.com.
If you would like to learn more about Acumera’s Enhanced Security Services portfolio, including our network analysis framework with Intrusion Detection System (IDS), internal and external scanning, as well as Managed Detection and Response services, please contact Sales at 512-687-7410 or firstname.lastname@example.org.
Secure, remote connections to POS, ATG, DVR and other devices for fewer onsite tech visits and faster issue resolution
In the current environment of social distancing and uncertainty, as a store or restaurant operator, you are focusing on protecting staff, customers and your business. However, it’s also critical to make sure you don’t let your guard down when it comes to protecting your network. Even …
Granting secure, PCI compliant remote access to network devices for authorized employees and service providers
Legacy equipment, like DVRs and ATGs, often expose an attack vector to the digital estate of the store, so how do you provide secure remote access to these and other network-connected devices for authorized employees, third-party service providers and business partners? Standards for PCI compliance included …
How to select a Verifone certified Managed Network Service Provider (MNSP) and prepare for outdoor EMV
Verifone’s Enhanced Zone Router (EZR) is reaching its end-of-life and cannot support the ever-evolving cybersecurity threats and outdoor EMV. As a result, Verifone previously announced that new installations should deploy devices with a certified Managed Network Service Provider (MNSP). What is in included Verifone’s MNSP program? …