Guidelines for Implementation of REST
This paper tries to help identify and explain the security risks (positive and negative) with REST, to facilitate development of more robust REST solutions.
25 March 2011 19 page(s) pdf
This document contains information on how to harden authentication processes by limiting remote access, augmenting authentication measures, educating users, hardening the authentication servers, and establishing robust authentication policy.
01 September 2012 2 page(s) pdf
Application Whitelisting using Software Restriction Policies (version 1.1)
Software Restriction Policies (SRP) enables administrators to control which applications are allowed to run on Microsoft Windows. SRP is a feature of Windows XP and later operating systems. It can be configured as a local computer policy or as domain...
01 August 2010 19 page(s) pdf
IAA Removal of Server Message Block 1.0
Server Message Block (SMB) 1.0 is a vulnerable, legacy file and print sharing protocol that has been deprecated by Microsoft. The SMB 1.0 protocol is susceptible to downgrade and man-in-the-middle attacks, and uses MD5 for hashing which is susceptible to...
16 March 2017 2 page(s) pdf
Hardening Authentication Update
On many networks, in order for users to be granted
access to network resources, a user must prove that he or she is an authorized user. This is the process of user authentication. A user can be authenticated by what...
03 November 2016 4 page(s) pdf
HBSS Application Whitelisting Technical Implementation Guide
This guide is intended to be used as a reference in implementing location-based application whitelisting using HBSS HIPS.
01 March 2013 78 page(s) pdf
Application Whitelisting Using Microsoft AppLocker
This guide describes Microsoft AppLocker settings recommended by the NSA’s Information Assurance Directorate (IAD) for deploying location-based application whitelisting on your network. Alternative application whitelisting implementations that may support your organizational needs are commercially available. These alternative implementations may provide...
01 August 2014 51 page(s) pdf
Outdated Software and Protocols
Outdated and unsupported software and protocols have known and unknown vulnerabilities that expose the network to severe risk. Older software versions were not developed with modern secure coding practices and do not incorporate the most recent mitigations designed to prevent...
19 July 2016 6 page(s) pdf
Mobile Device Management: A Risk Discussion for IT Decision Makers
Th is document describes the high-level architecture and capabilities of MDM solutions, and introduces key security issues to consider when deploying them.
01 August 2012 5 page(s) pdf
IAA - RSA SecurID Token Authentication Agent Vulnerabilities
A recent error handling vulnerability has been discovered in two RSA (Rivest Shamir Adleman) Authentication Agent toolkits and in one Authentication Agent product. This vulnerability can result in authentication bypass and affects a limited number of applications. These toolkits and...
12 December 2017 2 page(s) pdf
Securely Managing Industrial Control System (ICS) Networks
The fourth in a series, this document focuses on implementing a secure ICS network management program through comprehensive network management policies and procedures. An effective network management program is an essential element of maintaining the security posture of critical ICS...
01 October 2015 16 page(s) pdf
Manageable Network Plan Guide (version 4.0)
A Manageable Network Plan is a series of milestones that can take an unmanageable, insecure network and make it more defensible, more secure and more manageable. Because the plan is intended to be a long-term solution, implementing milestones may require...
01 December 2015 58 page(s) pdf
Network Device Integrity (NDI) Methodology
The Network Device Integrity (NDI) Methodology attempts to answer "How do I know if my network device has been compromised?", and provides methods for detecting unauthorized access, software modifications, and hardware modifications
23 February 2016 36 page(s) pdf
Blocking Unnecessary Advertising Web Content
Cyber adversaries can leverage malicious advertising ("malvertising") to install
malware. Exploit kits in malicious ads can take advantage of unpatched vulnerabilities to silently install malware. Administrators should ensure that software updates are
implemented promptly to prevent malware installation. Blocking potentially...
10 July 2018 4 page(s) pdf
Whitelisting Windows IIS and WebDAV Traffic
Since web servers typically serve as the public face of an organization, they are a frequent target of attacks. For this reason, web server security is essential. Microsoft's Internet Information Services (IIS) web server includes a Request Filtering module that...
18 May 2017 13 page(s) pdf
Faulty Intel Atom C2000 Processor
The Intel Atom C2000 processor series has a critical flaw, the clock signal component degrades after 18-36 months of operational usage. As a consequence, the degradation of the processor will likely result in abrupt device failure. This processor supplies critical...
03 May 2017 3 page(s) pdf
DotNetNuke Remote Code Execution Vulnerability CVE-2017-9822
DotNetNuke (DNN), also known as DNN Evoq and DNN Evoq Engage, is a web-based Content Management System (CMS) developed on the Microsoft® .NET framework. DNN is a web application commonly deployed on local or cloud Microsoft IIS servers. On July...
09 January 2018 2 page(s) pdf
Protect Against Cross Site Scripting (XSS) Attacks
01 September 2011 2 page(s) pdf
Network Device Integrity (NDI) on Cisco IOS Devices
This document describes how to perform the Network Device Integrity (NDI) Methodology specifically on Cisco IOS systems.
23 February 2016 41 page(s) pdf
Bro NSM Hunting Tips
The Bro Network Security Monitor (NSM) is used on networks worldwide for in-depth network monitoring and hunting for potential malicious activities. This document provides tips for analysts on how to raise a notice when irregular activity is observed on a...
12 December 2017 25 page(s) pdf