Covered pretty well by the ISC http://isc.sans.edu/diary/The+Recent+RSA+Breach+-+Imagining+the+Worst+Case+And+Why+it+Isn+t+Time+to+Panic+Yet+/10609
On 25 March 2011 12:19, Brumbaugh, Luke <[email protected]>wrote: > > > As you may have heard, an extremely sophisticated cyber attack was mounted > against EMC, aimed specifically at the RSA business unit. According to RSA, > the attack resulted in certain information being extracted from RSA, > including information specifically related to RSA’s SecurID two-factor > authentication products. RSA says this information *does not* enable a > successful direct attack on RSA SecureID customers. In addition, RSA does > not believe that either customer or employee personally identifiable > information was compromised as a result of this incident. > > > > Nevertheless, RSA indicates that the information obtained in the attack > could potentially be used to reduce the effectiveness of a current > two-factor authentication implementation as part of a broader attack. > > > > RSA suggests customers take a series of steps to harden their SecurID > implementations and security infrastructure. Those steps are outlined in > the document below. > > > > Please review the information and take the appropriate steps based on the > RSA products you are using and the needs of your organization. There is an > open letter to customers from Art Coviello, CEO of RSA, on RSA.com: > http://www.rsa.com/node.aspx?id=3872 > > > > As always, your CDW team is available to help you with questions and issues > unique to your organization. Please contact us for assistance. > > > > > > > > *Message from RSA* > > > > We have determined that a recent attack on RSA’s systems has resulted in > certain information being extracted from RSA’s systems that relates to RSA’s > SecurID two-factor authentication products. While at this time we are > confident that the information extracted does not enable a successful direct > attack on any of our RSA SecurID customers, this information could > potentially be used to reduce the effectiveness of a current two-factor > authentication implementation as part of a broader attack. RSA urges > immediate action. > > > > Description: > > > > Recently EMC’s security systems identified an extremely sophisticated cyber > attack in progress, targeting our RSA business unit. We took a variety of > aggressive measures against the threat to protect our business and our > customers, including further hardening of our IT infrastructure. We also > immediately began an extensive investigation of the attack and are working > closely with the appropriate authorities. > > > > Our investigation has revealed that the attack resulted in certain > information being extracted from RSA’s systems. Some of that information is > related to RSA’s SecurID two-factor authentication products. While at this > time we are confident that the information extracted does not enable a > successful direct attack on any of our RSA SecurID customers, this > information could potentially be used to reduce the effectiveness of a > current two-factor authentication implementation as part of a broader > attack. > > > > We strongly urge immediate customer attention to this advisory, and we are > providing immediate remediation steps for customers to take to strengthen > their RSA SecurID implementations. > > > > Affected Products: > > > > · The affected products are RSA SecurID implementations. > > · RSA SecurID® Authenticators > > · RSA Authentication Agents > > · RSA SecurID Software Token > > · RSA® Authentication Manager > > · RSA Authentication Manager 6.1 > > · RSA Authentication Manager 7.1 > > · RSA SecurID Authentication Engine > > > > > > Overall Recommendations: > > > > RSA strongly urges customers to follow both these overall recommendations > and the recommendations available in the best practices guides linked to > this note. > > > > · We recommend customers increase their focus on security for > social media applications and the use of those applications and websites by > anyone with access to their critical networks. > > · We recommend customers enforce strong password and pin policies. > > > · We recommend customers follow the rule of least privilege when > assigning roles and responsibilities to security administrators. > > · We recommend customers re-educate employees on the importance of > avoiding suspicious emails, and remind them not to provide user names or > other credentials to anyone without verifying that person’s identity and > authority. Employees should not comply with email or phone-based requests > for credentials and should report any such attempts. > > · We recommend customers pay special attention to security around > their active directories, making full use of their SIEM products and also > implementing two-factor authentication to control access to active > directories. > > · We recommend customers watch closely for changes in user > privilege levels and access rights using security monitoring technologies > such as SIEM, and consider adding more levels of manual approval for those > changes. > > · We recommend customers harden, closely monitor, and limit remote > and physical access to infrastructure that is hosting critical security > software. > > · We recommend customers examine their help desk practices for > information leakage that could help an attacker perform a social engineering > attack. > > · We recommend customers update their security products and the > operating systems hosting them with the latest patches. > > > > > > > > > > *Joanna Ardizzone* > Account Manager* |* Great Lakes Region - Ohio and Kentucky > *CDW* > Phone: 847-419-7403 > Direct Toll Free: 1-877-325-3352 > Fax: 847-419-8603 > E-mail: [email protected]* * > > *[image: > https://webmail.ogilvypr.com/exchange/Macy.Boehm/Inbox/Fw:%20CDW%20Sig.EML/1_multipart_xF8FF_2_CDW-Email-Sig.png/C58EA28C-18C0-4a97-9AF2-036E93DDAFB3/CDW-Email-Sig.png?attach=1] > * > > [image: Description: cid:[email protected]] > > If you do not wish to receive e-mails related to product or service offers > from your CDW representative, please reply to this e-mail with “unsubscribe” > in the subject line. > > *Confidentiality Notice: This email message and any files transmitted with > it may contain confidential information intended only for the person(s) to > whom this email is addressed. If you have received this email in error, > please notify the sender immediately by phone or email and destroy the > original message without making a copy. Thanks* > > > > > > > ********************************************************************** > > CONFIDENTIALITY NOTICE - The information transmitted in this message is > intended only for the person or entity to which it is addressed and may > contain confidential and/or privileged material. Any review, retransmission, > dissemination or other use of this information by persons or entities other > than the intended recipient is prohibited. If you received this in error, > please contact the sender and destroy all copies of this document. Thank > you. > > Butler Schein Animal Health > > ********************************************************************** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.png>>
<<image002.png>>
