Weekly Executive Summary for Week of April 21, 2017

Keeping Browsers Updated

Mozilla has recently released security updates to address vulnerabilities within Firefox and Firefox ESR.  These vulnerabilities would allow attackers to exploit the unpatched browser and take control of the system.  These exploits can be mitigated by updating to Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1.  Other vendors such as Microsoft and Google push out security updates as well to protect their browsers from vulnerabilities and exploits.  These security updates are vital in ensuring the security and safety of your network infrastructure because the internet browser is one of the most popular attack vectors and is a widely used application.  Without these patches, many browsers are susceptible to known exploits which can run arbitrary code, take control of the system, or other malicious attacks.  Having automatic updates on the browsers will ensure that they’re up to date since there are end users that never update, which can be a big security risk.

Click on the vendor name to check to see if your browsers are up to date:
Mozilla Firefox
Google Chrome
Apple Safari
Microsoft Internet Explorer

Sources:
http://blog.trendmicro.com/those-software-updates-are-more-important-than-you-think/
https://www.us-cert.gov/ncas/current-activity/2017/04/19/Mozilla-Releases-Security-Updates

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu

Weekly Executive Summary for Week of April 14, 2017

Layer 2 Security Best Practices

Layered security is the best method in mitigating malicious attacks in a network infrastructure.  While there are many aspects in defense in depth, layer 2 (data-link) security is one that is most overlooked.  Exceptional layer 2 security can mitigate against Virtual Local Area Network (VLAN) hopping, Media Access Control (MAC) attacks, Dynamic Host Configuration Protocol (DHCP) attacks, Address Resolution Protocol (ARP) attacks, and spoofing attacks..  Configuring proper layer 2 security will not disrupt the confidentiality, integrity, and availability within the network infrastructure.  There are multiple features and protocols that can be implemented in order to mitigate these attacks.  Below is a list of Cisco’s best practices for layer 2 security but the tactics and methods can be applied to other vendors.

  • Manage the switches in a secure manner. For example, use SSH, authentication mechanism, access list, and set privilege levels.
  • Restrict management access to the switch so that untrusted networks are not able to exploit management interfaces and protocols such as SNMP.
  • Always use a dedicated VLAN ID for all trunk ports.
  • Be skeptical; avoid using VLAN 1 for anything.
  • Disable DTP on all non-trunking access ports.
  • Deploy the Port Security feature to prevent unauthorized access from switching ports.
  • Use the Private VLAN feature where applicable to segregate network traffic at Layer 2.
  • Use MD5 authentication where applicable.
  • Disable CDP where possible.
  • Prevent denial-of-service attacks and other exploitation by disabling unused services and protocols.
  • Shut down or disable all unused ports on the switch, and put them in a VLAN that is not used for normal operations.
  • Use port security mechanisms to provide protection against a MAC flooding attack.
  • Use port-level security features such as DHCP Snooping, IP Source Guard, and ARP security where applicable.
  • Enable Spanning Tree Protocol features (for example, BPDU Guard, Loopguard, and Root Guard).
  • Use Switch IOS ACLs and Wire-speed ACLs to filter undesirable traffic (IP and non-IP).

Sources:
http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=12
http://www.techrepublic.com/blog/data-center/essential-lockdowns-for-layer-2-switch-security-136059/
http://www.cisco.com/c/dam/global/en_ae/assets/exposaudi2009/assets/docs/layer2-attacks-and-mitigation-t.pdf

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu

Weekly Executive Summary for Week of April 7, 2017

Database Security

Securing the back end of any application and/or software is key to ensuring confidentiality, integrity, and availability of the information that is being stored or transported. MongoDB has compiled a security checklist that can be applied to many other databases and it goes over specific security measures to implement when installing and maintaining a database.  Besides the basic IT best practices framework, this checklist can be another great framework to follow as securing your database is vital to your organization.  Below is a brief explanation of each step of the security checklist.

  • Enable Access Control and Enforce Authentication: Ensure you are using access controls and authentication when each user is connecting to each of the systems.
  • Configure Role-Based Access Control:  Create roles per user that define the exact permissions as needed.  Following the principle of least privilege is highly recommended.
  • Encrypt Communication:  Utilize some type of encryption like TLS or SSL for all incoming and outgoing connections.
  • Encrypt and Protect Data:  Make sure to also encrypt data at rest by using built in or third party tools.  MongoDB has a built in tool called WiredTiger that provides encryption at rest. 
  • Limit Network Exposure:  Hosting your database in a trusted network environment will limit the amount of connections and clients to access the network.
  • Audit System Activity:  Track access and changes to the database and configurations regularly to verify proper controls.
  • Request a Security Technical Implementation Guide:  Using the Security Technical Implementation Guide (STIG) will provide security guidelines for deployments.
  • Consider Security Standards Compliance:  Make sure your database/application is compliant to HIPAA or PCI-DSS policies.

Sources:
MongoDB Security Checklist

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu

Weekly Executive Summary for Week of March 17, 2017

Industrial Control Systems Security Best Practices

Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems are increasingly being targeted by cyber attacks and need to be more secure than ever.  These systems are vital to the entire population because they control and manage large industrial plants that produce electricity, oil, gas, water, manufacturing and transportation. When these systems are attacked, the aftermath can be devastating.  Following some of the basic cybersecurity best practices can help reduce the amount of successful attacks on these control systems.  The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has published recommended practices when it comes to ICS and SCADA systems.  Below are most of the best practices along with the link for more details and the full document.  These documents provide an efficient framework for protecting a ICS or SCADA system and will ultimately mitigate attacks like Stuxnet.

Defense-in-Depth – Implementing layered security in ICS and SCADA systems create an aggregated, risk-based security posture that helps to defend against cybersecurity threats and vulnerabilities.
Cyber Forensics Plans – Using cyber forensics in ICSs can be difficult because of the proprietary technologies and legacy architecture, but creating a feasible cyber forensic program can aid in supporting the security posture of systems.
Incident Response Plan – Having a plan to prevent and respond to a cyber incident is key to strengthening the systems security posture.  This document will focus on the unique aspects of the industrial control systems  and how to strengthen the systems from potential attacks.
Firewall Deployment – Network segmentation and isolation is one of the key factors in protecting your ICS and SCADA systems.  This document will focus on configuring a DMZ on the firewall to provide the most effective network security solution.
Patch Management – A critical component in protecting any infrastructure is ensuring that the security posture of the control systems is exceptional.  Patch management and patches are vital in resolving security vulnerabilities in any system.
Securing Modems – This document provides guidance on analyzing the risks associated with modems and their use in an organization and offer useful methods for creating a layered defense architecture that will protect systems that utilize modems for connectivity.
Remote Access for ICS – This document provides support on remote access for ICS and SCADA systems and how to deploy this service in a manner to mitigate risks and vulnerabilities within the environment.

Sources:
ICS-CERT Recommended Practices
Breaches on the Rise in Control Systems

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu

Weekly Executive Summary for Week of March 10, 2017

WordPress Security

With the recent vulnerabilities with WordPress, it is always important to ensure that your sites are secure.  By following some of the Best Practices provided by WordPress and other resources, you can harden your site and remediate any vulnerabilities.  Many customers of WordPress use different themes and plugins from different vendors, therefore making their site more vulnerable unintentionally because it is the number 1 attack vector. Enabling automatic updates, limiting access, backing up weekly, and using trusted sources for themes and plugins will assist in making your site less vulnerable to these cyber attacks.  You can find more information on WordPress security by clicking on the links below.

Sources:
Hardening WordPress
WordPress Security (WP Beginner)

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu

Weekly Executive Summary for Week of March 3, 2017

Focusing On Basic Security Critical Security Controls

With the increasing number of breaches and security incidents, analysts and investigators reveal that the main reason behind these attacks were weak or non-existing security controls and practices.  The main problem in cybersecurity is not choosing the right security solution but choosing the most effective cybersecurity framework.  The Center of Internet Security (CIS) Critical Security Controls have proven to be a viable solution.  There are 20 controls in the latest version, 6.1, but the first six controls are what needs to be focused on to prevent disruptive attacks.  Following an effective security program like the CIS Critical Security Controls to implement mature processes can provide any organization an easy start to reducing the risks and impacts of cybersecurity attacks.

The First Six CIS Critical Security Controls for Effective Cyber Defense

Source: SANS Institute InfoSec Reading Room:
Back to Basics: Focus on the First Six CIS Critical Security Controls by John Pescatore

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu

Weekly Executive Summary for Week of February 24, 2017

Data Breach Response Best Practices

If a malicious attacker is successful in penetrating your network and extracting sensitive data, there is a need to properly respond to the incident.  The Homeland Security Department advisory committee approved a set of best practices pertaining to large scale data breaches and how to notify affected parties.  There are industry standards on incidence response but the set of best practices that the committee put out was specifically focused on the notification procedures, which include: quick compliance with legal requirements and to give the affected party ample opportunity to take defensive measures, informing the affected party with clear and concise information, and not to over-notify till the point the affected party stop taking notices seriously.  The Department of Homeland Security’s privacy office began working on this best practices guide because of the Office of Personnel Management (OPM) breach, which was one of the biggest breaches of 2016.  Protecting the people before, during, and after an attack is necessary in any information systems.

Items of Interest:

Full Article Provided By: Nextgov

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu

Weekly Patch and Update Summary for Week of February 17, 2017

For all patches and updates listed below please use the appropriate updating methods for your system.  It is advised that you patch and update your system as soon as possible.

Mozilla

Mozilla has released an update to address vulnerabilities found in Firefox  51.0.3 (Android only release).  This vulnerability allowed the possibility of installed malicious applications and tools with write access to replace files.

List of Updates:

Symantec

Symantec has released updates to address vulnerabilities found in multiple products.  Some of these vulnerabilities may allow a remote attacker to gain control of a system.

List of Updates:

VMware

VMware has released updates to address a vulnerabilities found in VMware AirWatch.  These vulnerabilities may allow a remote attacker to gain control of a system.

List of Updates:

Apple

Apple has released updates to address vulnerabilities in applications and software.  These vulnerabilities may lead to arbitrary code execution.

List of Updates:

Microsoft

Microsoft has released updates to address vulnerabilities in applications, services, and software.  These vulnerabilities may lead to arbitrary code execution or remote access of a system.

List of Updates:

Ubuntu

Ubuntu has released updates to address vulnerabilities in applications, services, and software.  These vulnerabilities may lead to arbitrary code execution or remote access of a system.

List of Updates:

Weekly Executive Summary for Week of February 17, 2017

Network Segmentation

The basic concept of network segmentation will further secure your network and mitigate network intrusion.  Even with today’s technologies, there’s always a chance that an attacker can find a vulnerability in your network and exploit it.  There are many ways to mitigate intrusion, but what happens when the attacker finds their way into your network?  There needs to be an effective control to limit lateral movement across the network, and segmenting your network by partitioning it with network security zones, security policies, and virtual local area networks (VLANs) will do the job.  A VLAN is a logical group of devices on one or more local area networks and communicate as if they were on the same wire.  Each VLAN is partitioned and isolated in a computer network at the data link layer (OSI Layer 2) and devices on one VLAN cannot communicate with other VLANs with proper configuration.  Integrating firewall access control lists (ACL), multi-layer switching, and VLANs properly will effectively mitigate lateral movement on any network.

More information on VLANs:

Cisco’s examples on network security and segmentation:

Full article provided by Security Week: Improving Security via Proper Network Segmentation

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu

Weekly Executive Summary for Week of February 10, 2017

Don’t Forget About Your Router

With the recent Mirai botnet malware,  many wireless connected home devices were infected using default usernames and passwords.  The Mirai malware then can turn the infected devices into botnets in order to issue DDoS attacks.  This malware attacked one of the largest website hosting companies in the world, which caused many well-known websites and services to a halt.  With the current move to the Internet of Things and devices such as Google Home and Amazon Echo, more home devices will be utilizing Wi-Fi which in turn can increase the surface of attack for this malware.  The single most effective and feasible way to protect against Mirai is to change the default password on your home router to a complex password.  The home router is the front door of your digital home and should not be easily accessible.  This task can easily be done and can save you and your devices from malware like Mirai.

Here are some instructions for well-known manufactures of wireless routers:

Full article provided by: Norton
Click the link to learn more about botnets: What is a Botnet?

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu