www.recordedfuture.com Open in urlscan Pro
104.18.43.111  Public Scan

URL: https://www.recordedfuture.com/security-implications-management-interfaces-remote-login-consoles
Submission: On November 23 via api from US — Scanned from US

Form analysis 0 forms found in the DOM

Text Content

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

Accept

 * Careers
 * Contact Us
 * Login
 * ENJPKO
   
   EN
   

 * Platform
 * Solutions
 * Products
 * Services
 * Research
 * Resources
 * Company

Get a demo

Book a demo



Blog


THE IMPLICATIONS OF CISA BOD 23-02 ON INTERNET-EXPOSED MANAGEMENT INTERFACES FOR
FEDERAL ORGANIZATIONS

Posted: 6th July 2023
By: Sam Langrock & Esteban Borges



THE IMPLICATIONS OF CISA BOD 23-02 ON INTERNET-EXPOSED MANAGEMENT INTERFACES FOR
FEDERAL ORGANIZATIONS

In a recent effort to alert federal civilian institutions and similar governing
bodies about the risks of exposing network management interfaces to the
internet, the Cybersecurity and Infrastructure Security Agency (CISA) issued a
Binding Operational Directive (BOD). This directive offers specific guidelines
and recommendations aimed at minimizing the attack surface.

Issued as BOD 23-02, this latest best practices document highlights a 14-day
timeline from identifying any exposed asset(s) to proper remediation. This post
will explore its scope and required actions, helping you take appropriate
measures if necessary.


UNDERSTANDING THE RISKS

First, it’s crucial to understand the risks associated with any exposed network
and device management interfaces to the public internet to maintain a robust
cyber defense. When these interfaces are accessible from the internet (see
below), they become potential entry points for malicious actors to exploit,
compromising critical infrastructure, sensitive data, and organizational
resources.

Practice banned by CISA’s BOD 23-02—Source: cisa.gov

For instance, CISA's new directive addresses current and past incidents where
threat actors exploited previously unknown vulnerabilities in popular networking
products. These exploits led to ransomware and cyber espionage attacks against
targeted organizations. Affected devices include firewalls or routers, often
with remote management capability over protocols such as HTTP or RDP.


BEST PRACTICES FOR MITIGATION

According to BOD 23-02's main document and accompanying implementation guide,
after two weeks of receiving notification from CISA or upon discovering a
networked management interface falling under the purview of the directive,
agencies must take at least one of the following actions and protections:

 1. Isolate the interface from the internet, restricting access solely to the
    internal enterprise network (CISA suggests implementing an isolated
    management network or a VLAN).
 2. Deploy access control mechanisms aligned with a Zero Trust Architecture
    where technically feasible, thereby regulating interface access through a
    separate policy enforcement point (preferred course of action).

In particular, Zero Trust's role "in enforcing accurate, least privilege
per-request access decisions in information systems and services" cannot be
overstated. CISA considers this model to be an absolute requirement for network
management interfaces to “remain accessible from the internet on networks where
agencies employ capabilities to mediate all access to the interface in alignment
with OMB M-22-09, NIST 800-207, the TIC 3.0 Capability Catalog, and CISA's Zero
Trust Maturity Model.”


COLLABORATIVE EFFORTS AND INDUSTRY SOLUTIONS

Before establishing any controls or enforcement policies, CISA expects a
thorough analysis and understanding of the attack surface—this involves
correctly identifying all networked management interfaces (a foundational first
step to risk mitigation.) In other words, proactive monitoring of these assets
is crucial for effectively detecting and responding to potential threats.

Recorded Future Attack Surface Intelligence helps organizations gain visibility
into their networked management interfaces. For example, we recently examined
the risks and potential consequences of having login panels exposed to the
Internet and how Attack Surface Intelligence addresses these challenges,
specifically when it comes to finding remote management interfaces over public
internet in popular protocols such as the HTTP and HTTPS, this includes, but is
not limited to out of band server management interfaces (such as iLo and iDRAC),
mobile security platforms, SSL VPN interfaces, or popular Firewalls.

Exposed login panels detected by Recorded Future Attack Surface Intelligence

Similarly, the principles and best practices outlined in BOD 23-02 align with
the importance of protecting publicly-exposed network management interfaces
(which login panels can be part of) and utilizing Attack Surface Intelligence to
identify and manage such risks.


FINAL WORDS

In summary, safeguarding network management interfaces from exposure to the
public internet is paramount in mitigating critical cybersecurity risks.
Initiatives like CISA's BOD 23-02 underscore the need for comprehensive risk
mitigation strategies, emphasizing these interfaces' identification, protection,
and monitoring.

By implementing the best practices detailed in the directive, assisted by Attack
Surface Intelligence, organizations can fortify their security posture, swiftly
detect and respond to potential threats, and safeguard critical assets from
unauthorized access and exploitation. Maintaining a comprehensive understanding
of the attack surface and leveraging appropriate security measures are crucial
to building resilience in the face of evolving cyber threats.

Learn more about how Attack Surface Intelligence can keep your organization
secure by booking your demo today.



RELATED BLOG

Blog

SHELL NO! ADVERSARY WEB SHELL TRENDS AND MITIGATIONS (PART 1)

Posted: 30th Jun 2016
Blog

THE ART OF DEFENDING YOUR ATTACK SURFACE

Posted: 15th Nov 2023
Blog

VETERANS DAY: CELEBRATING STORIES OF SERVICE AND SUCCESS

Posted: 9th Nov 2023


ABOUT US

 * Intelligence Cloud
 * Services & Support
 * Why Recorded Future
 * Research
 * Resources
 * Company

HELPFUL LINKS

 * Careers
 * Contact Us
 * Get a Demo
 * The Intelligence Graph

--------------------------------------------------------------------------------

JOIN US ONLINE

 * 
 * 
 * 
 * 
 * 

READY TO JOIN?

Contact us today

Copyright © 2023 Recorded Future, Inc.
 * Security FAQ
 * Cookies
 * Privacy Policy
 * Terms & Conditions