WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

US-CERT issues ‘Security Recommendations to Prevent Cyber Intrusions’

US-CERT has published a Technical Security Alert in response to the growing number of high-profile incidents, which have impacted both government and private sector computer networks.

The Technical Security Alert provides the recommendations for preventing cyber attacks:

• Deploy a Host Intrusion Detection System (HIDS) to help block and identify common attacks.

• Use an application proxy in front of web servers to filter out malicious requests.

• Ensure that the ‘allow_URL_fopen’ is disabled on the web server to help limit PHP vulnerabilities from remote file inclusion attacks.

• Limit the use of dynamic SQL code by using prepared statements, queries with parameters, or stored procedures whenever possible.

• Follow the best practices for secure coding and input validation; use the secure coding guidelines available at: https://www.owasp.org/index.php/Top_10_2010 and
https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/305-BSI.html.

• Review US-CERT documentation regarding distributed denial-of-service attacks:
http://www.us-cert.gov/cas/tips/ST04-015.html and
http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf.

• Disable active scripting support in email attachments unless required to perform daily duties.

• Consider adding the following measures to your password and account protection plan:

  • Use a two factor authentication method for accessing privileged root level accounts.
  • Use minimum password length of 15 characters for administrator accounts.
  • Require the use of alphanumeric passwords and symbols.
  • Enable password history limits to prevent the reuse of previous passwords.
  • Prevent the use of personal information as password such as phone numbers and dates of birth.
  • Require recurring password changes every 60-90 days.
  • Deploy NTLMv2 as the minimum authentication method and disable the use of LAN Managed passwords.
  • Use minimum password length of 8 characters for standard users.
  • Disable local machine credential caching if not required through the use of Group Policy Object (GPO).
  • Deploy a secure password storage policy that provides password encryption.
  • If an administrator account is compromised, change the password immediately to prevent continued exploitation. Changes to administrator account passwords should only be made from systems that are verified to be clean and free from malware.

• Implement guidance and policy to restrict the use of personal equipment for processing or accessing official data or systems (e.g., working from home or using a personal device while at the office).

• Develop policies to carefully limit the use of all removable media devices, except where there is a documented valid business case for its use. These business cases should be approved by the organization with guidelines for their use.

• Implement guidance and policies to limit the use of social networking services at work, such as personal email, instant messaging, Facebook, Twitter, etc., except where there is a valid approved business case for its use.

• Adhere to network security best practices. See http://www.cert.org/governance for more information.

• Implement recurrent training to educate users about the dangers involved in opening unsolicited emails and clicking on links or attachments from unknown sources.

• Require users to complete the organization’s "acceptable use policy" training course (to include social engineering sites and non-work related uses) on a recurring basis.

• Ensure that all systems have up-to-date patches from reliable sources. Remember to scan or hash validate for viruses or modifications as part of the update process.

Read the full alert at http://www.us-cert.gov/cas/techalerts/TA11-200A.html

•Date: 22nd July 2011 • Region: US/World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here