Executive Summary

Summary
Title Security Recommendations to Prevent Cyber Intrusions
Informations
Name TA11-200A First vendor Publication 2011-07-19
Vendor US-CERT Last vendor Modification 2011-07-19
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

US-CERT is providing this Technical Security Alert in response to recent, well-publicized intrusions into several government and private sector computer networks. Cyber thieves, hacktivists, pranksters, nation-states, and malicious coders for hire all pose serious threats to the security of both government and private sector networks. A comprehensive security program provides the best defense against the full spectrum of threats that our computer networks face today. Network administrators and technical managers should not only follow the recommended security controls information systems outlined in NIST 800-53 but also consider the following measures. These measures include both tactical and strategic mitigations and are intended to enhance existing security programs.

Recommendations

* Deploy a Host Intrusion Detection System (HIDS) to help block and identify common attacks.

* Use an application proxy in front of web servers to filter out malicious requests.

* Ensure that the "allow URL_fopen" is disabled on the web server to help limit PHP vulnerabilities from remote file inclusion attacks.

* Limit the use of dynamic SQL code by using prepared statements, queries with parameters, or stored procedures whenever possible.
Information on SQL injections is available at
.

* Follow the best practices for secure coding and input validation;
use the secure coding guidelines available at:
and
.

* Review US-CERT documentation regarding distributed denial-of-service attacks:
and
.

* Disable active scripting support in email attachments unless required to perform daily duties.

* Consider adding the following measures to your password and account protection plan.* Use a two factor authentication method for accessing privileged root level accounts.

* Use minimum password length of 15 characters for administrator accounts.

* Require the use of alphanumeric passwords and symbols.

* Enable password history limits to prevent the reuse of previous passwords.

* Prevent the use of personal information as password such as phone numbers and dates of birth.

* Require recurring password changes every 60-90 days.

* Deploy NTLMv2 as the minimum authentication method and disable the use of LAN Managed passwords.

* Use minimum password length of 8 characters for standard users.

* Disable local machine credential caching if not required through the use of Group Policy Object (GPO). For more information on this topic see Microsoft Support articles 306992 and 555631.

* Deploy a secure password storage policy that provides password encryption.

* If an administrator account is compromised, change the password immediately to prevent continued exploitation. Changes to administrator account passwords should only be made from systems that are verified to be clean and free from malware.

* Implement guidance and policy to restrict the use of personal equipment for processing or accessing official data or systems
(e.g., working from home or using a personal device while at the office).

* Develop policies to carefully limit the use of all removable media devices, except where there is a documented valid business case for its use. These business cases should be approved by the organization with guidelines for there use.

* Implement guidance and policies to limit the use of social networking services at work, such as personal email, instant messaging, Facebook, Twitter, etc., except where there is a valid approved business case for its use.

* Adhere to network security best practices. See
for more information.

* Implement recurrent training to educate users about the dangers involved in opening unsolicited emails and clicking on links or attachments from unknown sources. Refer to NIST SP 800-50 for additional guidance.

* Require users to complete the agency's "acceptable use policy" training course (to include social engineering sites and non-work related uses) on a recurring basis.

* Ensure that all systems have up-to-date patches from reliable sources. Remember to scan or hash validate for viruses or modifications as part of the update process.

____________________________________________________________________

The most recent version of this document can be found at:


____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA11-200A Feedback INFO#706140" in the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this mailing list, visit .
____________________________________________________________________

Produced 2011 by US-CERT, a government organization.

Terms of use:


____________________________________________________________________

Revision History

July 19, 2011: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTiXz1j6pPKYJORa3AQKUOwf+Ij8XMOYEWhPi6aZz+/Ke7DJ/e0oF3DGb
06j7yl5y6pobCu5p80W+gDN6V0A3j2Z0OddFqiqV/TnBQWiyv8Bxx5okcfE01dDk mNAuFZWqELD3l4sgeNwbZp56z5LLi8NB40Bwgquama9u/98gYHSN5xTQBqBVlV2i HMDlU2KCqXCN9XIbxpE/z3By4ADvRh6uIulRjJUnGnTWFMBQpc/YmPy+j4WZRpJz AjVY6V/V2Qe9DGM/A+K0CURqYUtaXOtB9t8OtC4WeyPIZ6GjKAjj3MQ0n8KI+YFW gBVFbTWmSwRnsX/+LWgAUGPKOrgYQnAKo0Hf4K0vsW4T1039w1sewA==
=Iaax
-----END PGP SIGNATURE-----

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA11-200A.html