RSA Strongly Urges Customers to Act Immediately
Security vendor RSA is providing remediation steps for customers to strengthen their RSA SecurID implementations in light of an advanced persistent threat attack against the company, which it says was directed at its SecurID two-factor authentication product (see Hackers Target RSA's SecurID Products).
Here are the nine steps RSA recommends customers take:
1. Increase focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.
2. Enforce strong password and PIN policies.
3. Follow the rule of least privilege when assigning roles and responsibilities to security administrators.
4. Re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person's identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts.
5. Pay special attention to security around their active directories, making full use of their SIEM (Security Information and Event Management) products and implement two-factor authentication to control access to active directories.
6. Watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes.
7. Harden, closely monitor and limit remote and physical access to infrastructure that is hosting critical security software.
8. Examine help desk practices for information leakage that could help an attacker perform a social engineering attack..
9. Update security products and the operating systems hosting them with the latest patches.
"We strongly urge immediate customer attention to this advisory," the company said.