Recommendations to Mitigate Unauthorized Cisco® ROMMON Access and Validate Boot ROMs
New attack methods have been observed targeting networking devices running Cisco Internetwork Operating System (IOS)® Classic platforms. Adversaries access the device with valid administrative credentials and then upload malicious code. Compromised devices are used to establish persistence and manipulate device...
15 July 2016 4 page(s)
IAA Protecting VPN Traffic - dated 2016 - Unclassified
In March 2015 IAD released the Information Assurance Advisory (IAA) "Protecting Virtual Private Network (VPN) Traffic". That advisory recommended utilizing a key size of 4096 bits or DH group 16. Since the release of that IAA, IAD released an advisory...
03 June 2016 pdf
Vulnerabilities in Cisco® Adaptive Security Appliances Identified in Open-Source – Version 1
On 15 August 2016, exploits targeting vulnerabilities previously not publicly known in Cisco Adaptive Security Appliances and other security devices were released on the Internet. On 17 August 2016, Cisco published an advisory (cisco-sa-20160817-asa-snmp) and released a patch for a...
19 August 2016 2 page(s) pdf
ImageMagick®1 Remote Code Execution Vulnerability CVE®2-2016-3714
This document describes a remote code execution vulnerability in earlier versions of ImageMagick, a versatile cross-platform image processing tool, and describes the mitigation actions to take.
19 May 2016 2 page(s) pdf
Linux Kernel Privilege Escalation Vulnerability CVE-2016-5195
On 17 October 2016 CVE-2016-5195 was released, affecting all older Linux kernel versions from 2.6.22 to 4.8.3. This vulnerability affects systems world-wide and is of National concern. This privilege escalation vulnerability allows any unprivileged user, defined as a user with...
26 October 2016 1 page(s) pdf
Outdated Network Devices and Unsecured Protocols and Services Expose Network Infrastructure to Compromise
Outdated network devices have known and unknown vulnerabilities that expose the network to severe risk. Unsupported, also called end-of-life, devices and software versions will not receive patches from vendors even for known vulnerabilities. Improperly secured communication protocols and services and...
01 September 2016 4 page(s) pdf
Blocking Macros from Internet Originated Microsoft® Office Files
Microsoft®1 Office files and documents may contain a macro, an embedded program written in Visual Basic®2 for Applications (VBA). Although VBA macros have legitimate uses, macros in Microsoft Office have proven themselves to be a long-lasting and increasingly popular attack...
09 November 2016 2 page(s) pdf
Reducing the Risk of Vulnerabilities in Unix/Linux-Based Operating Systems
Unix®/Linux® is a family of operating systems that underpin a large portion of government and commercial servers and infrastructure devices. Due to the prevalence of Unix®/Linux® systems in public and private infrastructure, and the existence of many exploits and implants...
03 January 2017 2 page(s) pdf
Cisco Smart Install Protocol Misuse
Adversaries are likely exfiltrating copies of configuration files on internet accessible switches using the Cisco Smart Install functionality. This protocol exposes infrastructure devices to increased operational risk, which could compromise device integrity. Malicious Smart Install protocol messages can allow an...
11 August 2017 2 page(s) pdf
12 January 2018 3 page(s) pdf
IAA - RSA SecurID Token Authentication Agent Vulnerabilities
A recent error handling vulnerability has been discovered in two RSA (Rivest Shamir Adleman) Authentication Agent toolkits and in one Authentication Agent product. This vulnerability can result in authentication bypass and affects a limited number of applications. These toolkits and...
12 December 2017 2 page(s) pdf
IAD's Top 10 Information Assurance Mitigation Strategies
Fundamental aspects of network security involve protection, detection and response measures. This provides guidance for organizations to secure and manage networks thus making the networks defensible and recommends proactive mitigation advise to counter cyber threats.
18 February 2016 2 page(s) pdf
Securely Managing Industrial Control System (ICS) Networks
The fourth in a series, this document focuses on implementing a secure ICS network management program through comprehensive network management policies and procedures. An effective network management program is an essential element of maintaining the security posture of critical ICS...
01 October 2015 16 page(s) pdf
Securing Assets Within a Closed Industrial Control System (ICS) Network
The second in a series, this document focuses on system security within a "closed" ICS perimeter. It provides a systematic approach for implementing the access control concept of Least Privilege.
01 October 2015 17 page(s) pdf
Security Configuration Guide for Browser Updates
Web browsers must be updated on a frequent basis in order to resist highly-scalable, low cost attacks. This document provides a per-browser approach for administrators to keep each major browser updated. Technical details provided in this guide are subject to...
14 October 2016 6 page(s) pdf
Seven Steps to Effectively Defend Industrial Control Systems
Securing Industrial Control Systems (ICSs) against the modern threat requires well-planned and well-implemented strategies. This paper presents seven steps that can be implemented today to counter common exploitable weaknesses in "as-built" control systems.
23 December 2015 7 page(s) pdf
Manageable Network Plan Guide (version 4.0)
A Manageable Network Plan is a series of milestones that can take an unmanageable, insecure network and make it more defensible, more secure and more manageable. Because the plan is intended to be a long-term solution, implementing milestones may require...
01 December 2015 58 page(s) pdf
Guidelines for Application Whitelisting Industrial Control Systems
This document serves as an appendix to the “Seven Steps to Defend Industrial Control Systems” document, providing additional conceptual-level guidance on implementing application whitelisting.
Application Whitelisting (AWL) can detect and prevent attempted execution of malware uploaded by adversaries. The static...
01 April 2016 7 page(s) pdf
Implementing a Secure Administrator Workstation Using Device Guard
Defenders must raise the cost for an adversary to obtain high-value domain credentials after an initial intrusion. One such way is through a dedicated administrator workstation for performing highly-privileged tasks subsequently referred to as a Secure Administrator Workstation (SAW). SAWs...
27 July 2016 8 page(s) pdf