National Cyber Awareness System | US-CERT

Posted: June 26, 2018

The Department of Homeland Security, through its website www.us-cert.gov, periodically issues security-related warnings to businesses and citizens of the US.  Most often they’re specific in nature, citing deprecating protocols, software vulnerabilities that need patching or hardware-related notifications, like your parents’ home router from ’97 that is now considered the Swiss cheese of firewalls (shut it down).

Other times they’re vague, citing upcoming holidays that normally coincide with a spike in criminal activity or sector-related notifications that in general terms warn the banking industry doing business in Eastern Europe, as an example.

The most recent release was general in nature and had mention of Ukraine’s upcoming Constitution Day Holiday.  The release (https://www.us-cert.gov/ncas/current-activity/2018/06/21/Global-Threats-Information-Systems) provided links for best practices in securing network devicesand to the UK’s National Cyber Security Centre for guidance on Internet Edge Device Security.  Both are excellent resources for hardening systems and validating hardware and software integrity.

As a Managed Security Services provider, CompliancePoint takes these warnings very seriously, and we always encourage our customers to keep up with the latest notifications. Homeland Security releases the alerts in conjunction with the FBI, so we must assume the best of the best are behind the release of information and even the vaguest of warnings are far more than just a hunch.

The Federal Government maintains strict reporting guidelines for public and private sector organizations to protect its citizens from the latest threats.  Use this information.  Read the alerts, determine if your business is at risk, act, and plan accordingly.

Suggested best practices from Homeland Security that we at CompliancePoint absolutely agree with:

  • Segregate networks and functions.
  • Limit unnecessary lateral communications.
  • Harden network devices.
  • Secure access to infrastructure devices.
  • Perform out-of-band network management.
  • Validate hardware and software integrity.

So how do you keep up with the latest alerts from the Feds?

US-CERT is the United States Computer Emergency Readiness Team that maintains the information needed to reduce risk.

Question?  We can help. Please contact us Connect@CompliancePoint.com

Matt Howard

Author: Matt Howard

Matt is a Senior Security Analyst with CompliancePoint in the greater Atlanta area.
He brings a personal touch to security by forming strong relationships with clients.
In his spare time, Matt volunteers to help seniors with technology, beats on acoustic
guitars and fly fishes for anything that swims.
Compliance Point is an AlienVault MSSP partner and reseller.

Leave a Reply

Your email address will not be published. Required fields are marked *

Reduce risk, maintain a compliant posture, and protect info