SlideShare ist ein Scribd-Unternehmen logo

RSA Advisory Part I

‱
‱
Onomi
Onomi

RSA issued an updated note to help customers assess their risk and prioritize remediation steps following a cyber attack that extracted some information related to RSA SecurID authentication products. The note provides a customer FAQ, updated best practices guides, and recommends securing authentication databases and logs, educating users on social engineering, and strengthening PIN policies. RSA SecurID remains effective if customers take steps to protect the additional information needed for attacks.

Technologie
1 von 7
Downloaden Sie, um offline zu lesen
RSA SECURCARE ONLINE NOTE Dear RSA SecurCareÂź Online Customer, Summary: As previously reported, a recent attack on RSA’s systems resulted in certain information being extracted related to RSA SecurIDÂź authentication products. This note is being provided in order to help customers further assess their risk and prioritize their remediation steps as necessary in relation to this event. RSA SecurID technology continues to be a very effective authentication solution. Whoever attacked RSA has certain information related to the RSA SecurID solution, but not enough to complete a successful attack without obtaining additional information that is only held by our customers. We have provided best practices so customers can strengthen the protection of the RSA SecurID information they hold. Based on feedback from customers, we are issuing this follow-up RSA SecurCare note to help customers assess their risk and prioritize their remediation steps. We strongly urge you to initiate these steps immediately, if they are not already part of your environment. These remediation steps are those we have implemented across RSA's and EMC's business, with respect to our RSA SecurID authentication system. Description: Updated content is being provided to help customers further assess their risk and prioritize their remediation steps in relation to this event. All content is available on the RSA SecurCare website, and links to that content are provided in this note. Updated information includes:  A Customer FAQ providing answers to help customers further assess their risk and prioritize their remediation steps, if they are not already part of your environment. The FAQ is part of this document.  Updates to our best practices guides based on customer feedback, including more detailed Log Monitoring Guidelines related to RSAÂźAuthentication Manager 6.x and 7.x implementations. Affected Products: The only affected products are RSA SecurID authentication products. 1
Overall Recommendations: RSA strongly urges customers to review all documents referenced in this note. Based on customer requests for prioritization of remediation, below are the most important remediation steps being recommended to customers:  Secure your Authentication Manager database and ensure strong policy and security regarding any exported data (see Best Practices Guides for specific instructions)  Review recent Authentication Manager logs for unusually high rates of failed authentications and/or next token code events, both of which could indicate suspicious activity (see Authentication Manager 6.x and 7.x Log Guidelines and Best Practices Guides for specific instructions)  Educate your help desk and end users on best practices for avoiding social engineering attacks such as targeted phishing (see Best Practices Guides for specific instructions)  Establish strong PIN and lockout policies for all users (see Best Practices Guides for specific instructions) Please follow the links below to the Security Best Practices Guides. For the latest and most current information on RSA’s recommendations, please join one of RSA’s ongoing series of customer conference calls. Click here for more information. Even if you have been on a previous call, we encourage you to join future calls for updated information. If you are unable to access the files via RSA SecurCare Online, please contact support at: U.S.: 1-800-782-4362, Option #5 for RSA, Option #1 for RSA SecurCare note Canada: 1-800-543-4782, Option #5 for RSA, Option #1 for RSA SecurCare note International: +1-508-497-7901, Option #5 for RSA, Option #1 for RSA SecurCare note For additional global contact numbers please reference: http://www.emc.com/collateral/contact- us/h4165-csc-phonelist-ho.pdf 2
CUSTOMER FAQ Incident Overview 1. What happened? Recently, our security systems identified an extremely sophisticated cyber attack in progress, targeting our RSA business unit. We took a variety of aggressive measures against the threat to protect our customers and our business including further hardening our IT infrastructure and working closely with appropriate authorities. 2. What information was lost? Our investigation to date has revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is related to RSA SecurID authentication products. 3. Why can’t you provide more details about the information that was extracted related to RSA SecurID technology? Our customers’ security is our number one priority. We continue to provide our customers with all the information they need to assess their risk and ensure they are protected. Providing additional specific information about the nature of the attack on RSA or about certain elements of RSA SecurID design could enable others to try to compromise our customers’ RSA SecurID implementations. 4. Does this event weaken my RSA SecurID solution against attacks? RSA SecurID technology continues to be an effective authentication solution. To the best of our knowledge, whoever attacked RSA has certain information related to the RSA SecurID solution, but not enough to complete a successful attack without obtaining additional information that is only held by our customers. We have provided best practices so customers can strengthen the protection of the RSA SecurID information they hold. RSA SecurID technology is as effective as it was before against other attacks. 5. What constitutes a direct attack on an RSA SecurID customer? To compromise any RSA SecurID deployment, an attacker needs to possess multiple pieces of information about the token, the customer, the individual users and their PINs. Some of this information is never held by RSA and is controlled only by the customer. In order to mount a successful direct attack, someone would need to have possession of all this information. 6. What constitutes a broader attack on an RSA SecurID customer? To compromise any RSA SecurID deployment, the attacker needs to possess multiple pieces of information about the token, the customer, the individual users and their PINs. Some of this 3
information is never held by RSA and is controlled only by the customer. In order to mount a successful direct attack, someone would need to have possession of all this information. The broader attack we referenced most likely would be an indirect attack on a customer that uses a combination of technical and social engineering techniques to attempt to compromise all pieces of information about the token, the customer, the individual users and their PINs. Social engineering attacks typically target customers’ end users and help desks. Technical attacks typically target customers’ back end servers, networks and end user machines. Our prioritized remediation steps in the RSA SecurID Best Practices Guides are focused on strengthening your security against these potential broader attacks. 7. Have my SecurID token records been taken? For the security of our customers, we are not releasing any additional information about what was taken. It is more important to understand all the critical components of the RSA SecurID solution. To compromise any RSA SecurID deployment, the attacker needs to possess multiple pieces of information about the token, the customer, the individual users and their PINs. Some of this information is never held by RSA and is controlled only by the customer. In order to mount a successful attack, someone would need to have possession of all this information. 8. Has RSA stopped manufacturing and/or distributing RSA SecurID tokens or other products? As part of our standard operating procedures, while we further harden our environment some operations are interrupted. We expect to resume distribution soon and will share information on this when available. 9. Are any other RSA or EMC products affected? We have no evidence that customer security related to other RSA products has been similarly impacted by this attack. We also are confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information has been compromised. 10. What new information are you disclosing in this note, and why are you issuing it now? We are not disclosing new information related to the incident. Customers have asked us to provide more specific best practices and also help them prioritize the remediation steps. They also asked us to clarify some of the terms we used in the original communication. We are responding to these requests. 4
Immediate Guidance for RSA SecurID Customers 11. What are the top four steps I should take to protect my system? RSA strongly recommends that each customer review the RSA SecurID Security Best Practices available on SecurCare Online and take immediate action to address non-conforming areas in your deployment. Specific areas of focus include the following:  Secure your Authentication Manager database and ensure strong policy and security regarding any exported data (For more information see the Protecting Sensitive Data and Protecting the Authentication Manager Environment section in the RSA Authentication Manager Security Best Practices Guide)  Review recent Authentication Manager logs for unusually high rates of failed authentications and/or next token (For more information see the Authentication Manager Log Monitoring Guidelines)  Educate your help desk and end users on best practices for avoiding social engineering attacks such as targeted phishing. (For more information see the Preventing Social Engineering Attacks section in the RSA Authentication Manager Security Best Practices Guide)  Establish strong PIN and lockout policies for all users (For more information, see the PIN Management section in the RSA Authentication Manager Security Best Practices Guide) We have also included three other security best practice guides for customers who are interested in taking additional measures to further secure their RSA SecurID implementations. 12. How do I secure my RSA Authentication Manager Database and exported data? To protect the data stored in your Authentication Manager database: a. Do not store any copies of data extracted from Authentication Manager online. You should keep an encrypted secure copy offline. b. Remote access to Authentication Manager hosts should be reviewed and limited. c. Physically control access to your Authentication Manager servers within your datacenter environment. d. Use firewalls to isolate your Authentication Manager network. For more information see the Protecting Sensitive Data and Protecting the Authentication Manager Environment section in the RSA Authentication Manager Security Best Practices Guide 13. How can I monitor my deployment for unusual authentication activity? To detect unusual authentication activity, the Authentication Manager logs should be monitored for abnormally high rates of failed authentications and/or “Next Tokencode Required” events. If these 5
types of activities are detected, your organization should be prepared to identify the access point being used and shut them down. The Authentication Manager Log Monitoring Guidelines has detailed descriptions of several additional events that your organization should consider monitoring. 14. How do I protect users and help desks against Social Engineering attacks such as targeted phishing? Educate your users on a regular basis about how to avoid phishing attacks. Be sure to follow best practices and guidelines from sources such as the Anti-Phishing Working Group (APWG) at http://education.apwg.org/r/en/index.htm . In addition, make sure your end users know the following:  They will never be asked for and should never provide their token serial numbers, tokencodes, PINs, passwords, etc.  Do not enter tokencodes into links that you clicked in an email. Instead, type in the URL of the reputable site to which you want to authenticate. It is also critical that your Help Desk Administrators verify the end user’s identity before performing any Help Desk operations on their behalf. Recommended actions include:  Call the end user back on a phone owned by the organization and on a number that is already stored in the system.  Send the user an email to a company email address. If possible, use encrypted mail.  Work with the employee’s manager to verify the user’s identity  Verify the identity in person  Use multiple open-ended questions from employee records (e.g., “Name one person in your group” or, “What is your badge number?”). Avoid yes/no questions Important: Be wary of using mobile phones for identity confirmation, even if they are owned by the company, as mobile phone numbers are often stored in locations that are vulnerable to tampering or social engineering. For more information see the Preventing Social Engineering Attacks section in the RSA Authentication Manager Security Best Practices Guide. 15. How do I strengthen my PIN and Lockout Policy? The most effective method to strengthen RSA SecurID authentication is to establish strong PIN policies and to reinforce the importance of secure PIN management with your end users. Note: It is important to strike the right balance between security best practices and user convenience. If system generated alpha numeric 8 digit pins are too complex, find the strongest pin policy that best suits your user community. 6
RSA recommends the following baseline for PIN management:  Configure Authentication Manager to require the use of 8 digit PINs.  Do not use 4-character numeric pins. If you must use a short PIN (e.g. 4 characters), require alphanumeric characters (a-z, A-Z, 0-9) when the token type supports them.  Configure Authentication Manager to randomly generate PINs. Do not allow your users to choose their PINs.  Instruct all users to guard their PINs and to never tell anyone their PINs. Administrators should never ask for or know the user’s PIN.  Configure Authentication Manager to lockout a user after three failed authentication attempts. Require manual intervention to unlock users who repeatedly fail authentication. For more information, see the PIN Management section in the RSA Authentication Manager Security Best Practices Guide 7

Empfohlen

PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance Strategy
AlienVault
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
Hai Nguyen
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
HyTrust
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
SecurityMetrics
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabilties
Sneha .
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_web
Derrick McBreairty
 

Empfohlen

PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance Strategy
AlienVault
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
Hai Nguyen
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
HyTrust
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
SecurityMetrics
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabilties
Sneha .
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_web
Derrick McBreairty
 
Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016
patmisasi
 
Make IR Effective with Risk Evaluation and Reporting
Make IR Effective with Risk Evaluation and ReportingMake IR Effective with Risk Evaluation and Reporting
Make IR Effective with Risk Evaluation and Reporting
Priyanka Aash
 
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet ENITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust - Cybersecurity as a Service
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
Pöyry
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
Anton Chuvakin
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
VISTA InfoSec
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
Adeo Security
 
Forecast odcau6 100_eb
Forecast odcau6 100_ebForecast odcau6 100_eb
Forecast odcau6 100_eb
Open Data Center Alliance
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
Anton Chuvakin
 
Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013
Federation for Identity and Cross-Credentialing Systems (FiXs)
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Olivia Grey
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Michael Bunn
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
manoharparakh
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - ApresentaçãoAdoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Clavis Segurança da Informação
 
CYBER-i Corporate Dossier
CYBER-i Corporate Dossier CYBER-i Corporate Dossier
CYBER-i Corporate Dossier
AGC Networks Ltd
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
Shah Sheikh
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
Kimberly Simon MBA
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company Presentation
Shah Sheikh
 
Media A2 Evaluation
Media A2 EvaluationMedia A2 Evaluation
Media A2 Evaluation
guestf07e12
 
SaaS 2001
SaaS 2001SaaS 2001
SaaS 2001
Onomi
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016
patmisasi
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
Pöyry
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
Anton Chuvakin
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
Anton Chuvakin
 
Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013
Federation for Identity and Cross-Credentialing Systems (FiXs)
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Michael Bunn
 
CYBER-i Corporate Dossier
CYBER-i Corporate Dossier CYBER-i Corporate Dossier
CYBER-i Corporate Dossier
AGC Networks Ltd
 

Was ist angesagt? (20)

Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016
 
Make IR Effective with Risk Evaluation and Reporting
Make IR Effective with Risk Evaluation and ReportingMake IR Effective with Risk Evaluation and Reporting
Make IR Effective with Risk Evaluation and Reporting
 
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet ENITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet EN
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
 
Forecast odcau6 100_eb
Forecast odcau6 100_ebForecast odcau6 100_eb
Forecast odcau6 100_eb
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
 
Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - ApresentaçãoAdoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
Adoção do PCI no Brasil - 10o Workshop SegInfo - Apresentação
 
CYBER-i Corporate Dossier
CYBER-i Corporate Dossier CYBER-i Corporate Dossier
CYBER-i Corporate Dossier
 
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber ResilienceISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
ISACA 2019 Amman Chapter - Shah Sheikh - Cyber Resilience
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
DTS Solution - Company Presentation
DTS Solution - Company PresentationDTS Solution - Company Presentation
DTS Solution - Company Presentation
 

Andere mochten auch

Media A2 Evaluation
Media A2 EvaluationMedia A2 Evaluation
Media A2 Evaluation
guestf07e12
 
Hist20sppnt
Hist20sppntHist20sppnt
Hist20sppnt
guest3cd7df
 
Super Bowl Xliv
Super Bowl XlivSuper Bowl Xliv
Super Bowl Xliv
paforlenza
 
Rabbit mq frame work
Rabbit mq frame workRabbit mq frame work
Rabbit mq frame work
Bhaskar Yerneni
 
Shikshadaan v15
Shikshadaan v15Shikshadaan v15
Shikshadaan v15
Krishnan V G
 
Poverty and education report
Poverty and education reportPoverty and education report
Poverty and education report
Krishnan V G
 
Mediemarkedet; Hvor Endte 2009 Og Hva Tror Vi Om 2010
Mediemarkedet; Hvor Endte 2009 Og Hva Tror Vi Om 2010Mediemarkedet; Hvor Endte 2009 Og Hva Tror Vi Om 2010
Mediemarkedet; Hvor Endte 2009 Og Hva Tror Vi Om 2010
Catharine Mitlid
 
Evolucio Del Compostador2
Evolucio Del Compostador2Evolucio Del Compostador2
Evolucio Del Compostador2
pepepol
 

Andere mochten auch (16)

Media A2 Evaluation
Media A2 EvaluationMedia A2 Evaluation
Media A2 Evaluation
 
SaaS 2001
SaaS 2001SaaS 2001
SaaS 2001
 
Interoute Intelligent Monitoring
Interoute Intelligent MonitoringInteroute Intelligent Monitoring
Interoute Intelligent Monitoring
 
Buku "Ibu Pertiwi Memanggilmu Pulang" dan buku "Ranjau Biografi"
Buku "Ibu Pertiwi Memanggilmu Pulang" dan buku "Ranjau Biografi" Buku "Ibu Pertiwi Memanggilmu Pulang" dan buku "Ranjau Biografi"
Buku "Ibu Pertiwi Memanggilmu Pulang" dan buku "Ranjau Biografi"
 
Quantix - Cloud Computing Congress (15/10)
Quantix - Cloud Computing Congress (15/10)Quantix - Cloud Computing Congress (15/10)
Quantix - Cloud Computing Congress (15/10)
 
Hist20sppnt
Hist20sppntHist20sppnt
Hist20sppnt
 
Super Bowl Xliv
Super Bowl XlivSuper Bowl Xliv
Super Bowl Xliv
 
Cloud Business Continuity White Paper
Cloud Business Continuity White PaperCloud Business Continuity White Paper
Cloud Business Continuity White Paper
 
Bedah Buku Citizen Journalism
Bedah Buku Citizen JournalismBedah Buku Citizen Journalism
Bedah Buku Citizen Journalism
 
Exchange server 2010 archiving and retention
Exchange server 2010 archiving and retentionExchange server 2010 archiving and retention
Exchange server 2010 archiving and retention
 
Rabbit mq frame work
Rabbit mq frame workRabbit mq frame work
Rabbit mq frame work
 
Shikshadaan v15
Shikshadaan v15Shikshadaan v15
Shikshadaan v15
 
Poverty and education report
Poverty and education reportPoverty and education report
Poverty and education report
 
Mediemarkedet; Hvor Endte 2009 Og Hva Tror Vi Om 2010
Mediemarkedet; Hvor Endte 2009 Og Hva Tror Vi Om 2010Mediemarkedet; Hvor Endte 2009 Og Hva Tror Vi Om 2010
Mediemarkedet; Hvor Endte 2009 Og Hva Tror Vi Om 2010
 
Evolucio Del Compostador2
Evolucio Del Compostador2Evolucio Del Compostador2
Evolucio Del Compostador2
 
Kap From Boats
Kap From BoatsKap From Boats
Kap From Boats
 

Ähnlich wie RSA Advisory Part I

9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808
Hai Nguyen
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
SafeNet
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
Octogence
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
CA Technologies
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Security Innovation
 

Ähnlich wie RSA Advisory Part I (20)

9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
Experience Premium Hosting with Japan VPS by Onlive Infotech.
Experience Premium Hosting with Japan VPS by Onlive Infotech.Experience Premium Hosting with Japan VPS by Onlive Infotech.
Experience Premium Hosting with Japan VPS by Onlive Infotech.
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured World
 
Unleashing Efficiency with Japan VPS by Onlive Infotech
Unleashing Efficiency with Japan VPS by Onlive InfotechUnleashing Efficiency with Japan VPS by Onlive Infotech
Unleashing Efficiency with Japan VPS by Onlive Infotech
 
Take It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security ArchitectureTake It to the Cloud: The Evolution of Security Architecture
Take It to the Cloud: The Evolution of Security Architecture
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
SAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero TrustSAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero Trust
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Data Sheet For Erg
Data Sheet For ErgData Sheet For Erg
Data Sheet For Erg
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!Security in the App Economy: How to Ride the Wave Without Wiping Out!
Security in the App Economy: How to Ride the Wave Without Wiping Out!
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
SIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystSIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analyst
 
Michael Hordych: Cybersecurity, Software Engineering & Supply Chain ĐČ ĐŁĐșŃ€Đ°Ń—ĐœŃ–...
Michael Hordych: Cybersecurity, Software Engineering & Supply Chain ĐČ ĐŁĐșŃ€Đ°Ń—ĐœŃ–...Michael Hordych: Cybersecurity, Software Engineering & Supply Chain ĐČ ĐŁĐșŃ€Đ°Ń—ĐœŃ–...
Michael Hordych: Cybersecurity, Software Engineering & Supply Chain ĐČ ĐŁĐșŃ€Đ°Ń—ĐœŃ–...
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
ISS CAPSTONE TEAM
ISS CAPSTONE TEAMISS CAPSTONE TEAM
ISS CAPSTONE TEAM
 

Mehr von Onomi

Survivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaperSurvivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaper
Onomi
 
Tactical Outsourcing (Interoute)
Tactical Outsourcing (Interoute)Tactical Outsourcing (Interoute)
Tactical Outsourcing (Interoute)
Onomi
 
Unified Computing Whitepaper
Unified Computing WhitepaperUnified Computing Whitepaper
Unified Computing Whitepaper
Onomi
 
Hybrid Cloud Case Study (Interoute)
Hybrid Cloud Case Study (Interoute)Hybrid Cloud Case Study (Interoute)
Hybrid Cloud Case Study (Interoute)
Onomi
 
SaaS exchange 2010 why make the move
SaaS exchange 2010 why make the moveSaaS exchange 2010 why make the move
SaaS exchange 2010 why make the move
Onomi
 
Exchange cloud tco analysis (Quantix)
Exchange cloud tco analysis (Quantix)Exchange cloud tco analysis (Quantix)
Exchange cloud tco analysis (Quantix)
Onomi
 

Mehr von Onomi (16)

Osdb guarantee uk eu 2016 11-20 (002)
Osdb guarantee uk eu 2016 11-20 (002)Osdb guarantee uk eu 2016 11-20 (002)
Osdb guarantee uk eu 2016 11-20 (002)
 
Survivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaperSurvivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaper
 
Tactical Outsourcing (Interoute)
Tactical Outsourcing (Interoute)Tactical Outsourcing (Interoute)
Tactical Outsourcing (Interoute)
 
Unified Computing Whitepaper
Unified Computing WhitepaperUnified Computing Whitepaper
Unified Computing Whitepaper
 
Hybrid Cloud Case Study (Interoute)
Hybrid Cloud Case Study (Interoute)Hybrid Cloud Case Study (Interoute)
Hybrid Cloud Case Study (Interoute)
 
Database as a service
Database as a serviceDatabase as a service
Database as a service
 
Oracle ISV Cloud Presentation
Oracle ISV Cloud PresentationOracle ISV Cloud Presentation
Oracle ISV Cloud Presentation
 
SaaS exchange 2010 why make the move
SaaS exchange 2010 why make the moveSaaS exchange 2010 why make the move
SaaS exchange 2010 why make the move
 
Cloud Exchange 2010
Cloud Exchange 2010Cloud Exchange 2010
Cloud Exchange 2010
 
9 Steps to Cloud Security Heaven
9 Steps to Cloud Security Heaven9 Steps to Cloud Security Heaven
9 Steps to Cloud Security Heaven
 
Exchange cloud tco analysis (Quantix)
Exchange cloud tco analysis (Quantix)Exchange cloud tco analysis (Quantix)
Exchange cloud tco analysis (Quantix)
 
TechMarketView article - Quantix Growth
TechMarketView article - Quantix GrowthTechMarketView article - Quantix Growth
TechMarketView article - Quantix Growth
 
Quantix virtualisation case study
Quantix virtualisation case studyQuantix virtualisation case study
Quantix virtualisation case study
 
Quantix cloud case study
Quantix cloud case studyQuantix cloud case study
Quantix cloud case study
 
The Oracloud
The OracloudThe Oracloud
The Oracloud
 
Cloudstorm Quantix
Cloudstorm QuantixCloudstorm Quantix
Cloudstorm Quantix
 

KĂŒrzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

KĂŒrzlich hochgeladen (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 

RSA Advisory Part I

  • 1. RSA SECURCARE ONLINE NOTE Dear RSA SecurCareÂź Online Customer, Summary: As previously reported, a recent attack on RSA’s systems resulted in certain information being extracted related to RSA SecurIDÂź authentication products. This note is being provided in order to help customers further assess their risk and prioritize their remediation steps as necessary in relation to this event. RSA SecurID technology continues to be a very effective authentication solution. Whoever attacked RSA has certain information related to the RSA SecurID solution, but not enough to complete a successful attack without obtaining additional information that is only held by our customers. We have provided best practices so customers can strengthen the protection of the RSA SecurID information they hold. Based on feedback from customers, we are issuing this follow-up RSA SecurCare note to help customers assess their risk and prioritize their remediation steps. We strongly urge you to initiate these steps immediately, if they are not already part of your environment. These remediation steps are those we have implemented across RSA's and EMC's business, with respect to our RSA SecurID authentication system. Description: Updated content is being provided to help customers further assess their risk and prioritize their remediation steps in relation to this event. All content is available on the RSA SecurCare website, and links to that content are provided in this note. Updated information includes:  A Customer FAQ providing answers to help customers further assess their risk and prioritize their remediation steps, if they are not already part of your environment. The FAQ is part of this document.  Updates to our best practices guides based on customer feedback, including more detailed Log Monitoring Guidelines related to RSAÂźAuthentication Manager 6.x and 7.x implementations. Affected Products: The only affected products are RSA SecurID authentication products. 1
  • 2. Overall Recommendations: RSA strongly urges customers to review all documents referenced in this note. Based on customer requests for prioritization of remediation, below are the most important remediation steps being recommended to customers:  Secure your Authentication Manager database and ensure strong policy and security regarding any exported data (see Best Practices Guides for specific instructions)  Review recent Authentication Manager logs for unusually high rates of failed authentications and/or next token code events, both of which could indicate suspicious activity (see Authentication Manager 6.x and 7.x Log Guidelines and Best Practices Guides for specific instructions)  Educate your help desk and end users on best practices for avoiding social engineering attacks such as targeted phishing (see Best Practices Guides for specific instructions)  Establish strong PIN and lockout policies for all users (see Best Practices Guides for specific instructions) Please follow the links below to the Security Best Practices Guides. For the latest and most current information on RSA’s recommendations, please join one of RSA’s ongoing series of customer conference calls. Click here for more information. Even if you have been on a previous call, we encourage you to join future calls for updated information. If you are unable to access the files via RSA SecurCare Online, please contact support at: U.S.: 1-800-782-4362, Option #5 for RSA, Option #1 for RSA SecurCare note Canada: 1-800-543-4782, Option #5 for RSA, Option #1 for RSA SecurCare note International: +1-508-497-7901, Option #5 for RSA, Option #1 for RSA SecurCare note For additional global contact numbers please reference: http://www.emc.com/collateral/contact- us/h4165-csc-phonelist-ho.pdf 2
  • 3. CUSTOMER FAQ Incident Overview 1. What happened? Recently, our security systems identified an extremely sophisticated cyber attack in progress, targeting our RSA business unit. We took a variety of aggressive measures against the threat to protect our customers and our business including further hardening our IT infrastructure and working closely with appropriate authorities. 2. What information was lost? Our investigation to date has revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is related to RSA SecurID authentication products. 3. Why can’t you provide more details about the information that was extracted related to RSA SecurID technology? Our customers’ security is our number one priority. We continue to provide our customers with all the information they need to assess their risk and ensure they are protected. Providing additional specific information about the nature of the attack on RSA or about certain elements of RSA SecurID design could enable others to try to compromise our customers’ RSA SecurID implementations. 4. Does this event weaken my RSA SecurID solution against attacks? RSA SecurID technology continues to be an effective authentication solution. To the best of our knowledge, whoever attacked RSA has certain information related to the RSA SecurID solution, but not enough to complete a successful attack without obtaining additional information that is only held by our customers. We have provided best practices so customers can strengthen the protection of the RSA SecurID information they hold. RSA SecurID technology is as effective as it was before against other attacks. 5. What constitutes a direct attack on an RSA SecurID customer? To compromise any RSA SecurID deployment, an attacker needs to possess multiple pieces of information about the token, the customer, the individual users and their PINs. Some of this information is never held by RSA and is controlled only by the customer. In order to mount a successful direct attack, someone would need to have possession of all this information. 6. What constitutes a broader attack on an RSA SecurID customer? To compromise any RSA SecurID deployment, the attacker needs to possess multiple pieces of information about the token, the customer, the individual users and their PINs. Some of this 3
  • 4. information is never held by RSA and is controlled only by the customer. In order to mount a successful direct attack, someone would need to have possession of all this information. The broader attack we referenced most likely would be an indirect attack on a customer that uses a combination of technical and social engineering techniques to attempt to compromise all pieces of information about the token, the customer, the individual users and their PINs. Social engineering attacks typically target customers’ end users and help desks. Technical attacks typically target customers’ back end servers, networks and end user machines. Our prioritized remediation steps in the RSA SecurID Best Practices Guides are focused on strengthening your security against these potential broader attacks. 7. Have my SecurID token records been taken? For the security of our customers, we are not releasing any additional information about what was taken. It is more important to understand all the critical components of the RSA SecurID solution. To compromise any RSA SecurID deployment, the attacker needs to possess multiple pieces of information about the token, the customer, the individual users and their PINs. Some of this information is never held by RSA and is controlled only by the customer. In order to mount a successful attack, someone would need to have possession of all this information. 8. Has RSA stopped manufacturing and/or distributing RSA SecurID tokens or other products? As part of our standard operating procedures, while we further harden our environment some operations are interrupted. We expect to resume distribution soon and will share information on this when available. 9. Are any other RSA or EMC products affected? We have no evidence that customer security related to other RSA products has been similarly impacted by this attack. We also are confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information has been compromised. 10. What new information are you disclosing in this note, and why are you issuing it now? We are not disclosing new information related to the incident. Customers have asked us to provide more specific best practices and also help them prioritize the remediation steps. They also asked us to clarify some of the terms we used in the original communication. We are responding to these requests. 4
  • 5. Immediate Guidance for RSA SecurID Customers 11. What are the top four steps I should take to protect my system? RSA strongly recommends that each customer review the RSA SecurID Security Best Practices available on SecurCare Online and take immediate action to address non-conforming areas in your deployment. Specific areas of focus include the following:  Secure your Authentication Manager database and ensure strong policy and security regarding any exported data (For more information see the Protecting Sensitive Data and Protecting the Authentication Manager Environment section in the RSA Authentication Manager Security Best Practices Guide)  Review recent Authentication Manager logs for unusually high rates of failed authentications and/or next token (For more information see the Authentication Manager Log Monitoring Guidelines)  Educate your help desk and end users on best practices for avoiding social engineering attacks such as targeted phishing. (For more information see the Preventing Social Engineering Attacks section in the RSA Authentication Manager Security Best Practices Guide)  Establish strong PIN and lockout policies for all users (For more information, see the PIN Management section in the RSA Authentication Manager Security Best Practices Guide) We have also included three other security best practice guides for customers who are interested in taking additional measures to further secure their RSA SecurID implementations. 12. How do I secure my RSA Authentication Manager Database and exported data? To protect the data stored in your Authentication Manager database: a. Do not store any copies of data extracted from Authentication Manager online. You should keep an encrypted secure copy offline. b. Remote access to Authentication Manager hosts should be reviewed and limited. c. Physically control access to your Authentication Manager servers within your datacenter environment. d. Use firewalls to isolate your Authentication Manager network. For more information see the Protecting Sensitive Data and Protecting the Authentication Manager Environment section in the RSA Authentication Manager Security Best Practices Guide 13. How can I monitor my deployment for unusual authentication activity? To detect unusual authentication activity, the Authentication Manager logs should be monitored for abnormally high rates of failed authentications and/or “Next Tokencode Required” events. If these 5
  • 6. types of activities are detected, your organization should be prepared to identify the access point being used and shut them down. The Authentication Manager Log Monitoring Guidelines has detailed descriptions of several additional events that your organization should consider monitoring. 14. How do I protect users and help desks against Social Engineering attacks such as targeted phishing? Educate your users on a regular basis about how to avoid phishing attacks. Be sure to follow best practices and guidelines from sources such as the Anti-Phishing Working Group (APWG) at http://education.apwg.org/r/en/index.htm . In addition, make sure your end users know the following:  They will never be asked for and should never provide their token serial numbers, tokencodes, PINs, passwords, etc.  Do not enter tokencodes into links that you clicked in an email. Instead, type in the URL of the reputable site to which you want to authenticate. It is also critical that your Help Desk Administrators verify the end user’s identity before performing any Help Desk operations on their behalf. Recommended actions include:  Call the end user back on a phone owned by the organization and on a number that is already stored in the system.  Send the user an email to a company email address. If possible, use encrypted mail.  Work with the employee’s manager to verify the user’s identity  Verify the identity in person  Use multiple open-ended questions from employee records (e.g., “Name one person in your group” or, “What is your badge number?”). Avoid yes/no questions Important: Be wary of using mobile phones for identity confirmation, even if they are owned by the company, as mobile phone numbers are often stored in locations that are vulnerable to tampering or social engineering. For more information see the Preventing Social Engineering Attacks section in the RSA Authentication Manager Security Best Practices Guide. 15. How do I strengthen my PIN and Lockout Policy? The most effective method to strengthen RSA SecurID authentication is to establish strong PIN policies and to reinforce the importance of secure PIN management with your end users. Note: It is important to strike the right balance between security best practices and user convenience. If system generated alpha numeric 8 digit pins are too complex, find the strongest pin policy that best suits your user community. 6
  • 7. RSA recommends the following baseline for PIN management:  Configure Authentication Manager to require the use of 8 digit PINs.  Do not use 4-character numeric pins. If you must use a short PIN (e.g. 4 characters), require alphanumeric characters (a-z, A-Z, 0-9) when the token type supports them.  Configure Authentication Manager to randomly generate PINs. Do not allow your users to choose their PINs.  Instruct all users to guard their PINs and to never tell anyone their PINs. Administrators should never ask for or know the user’s PIN.  Configure Authentication Manager to lockout a user after three failed authentication attempts. Require manual intervention to unlock users who repeatedly fail authentication. For more information, see the PIN Management section in the RSA Authentication Manager Security Best Practices Guide 7