www.recordedfuture.com
Open in
urlscan Pro
104.18.43.111
Public Scan
URL:
https://www.recordedfuture.com/security-implications-management-interfaces-remote-login-consoles
Submission: On November 23 via api from US — Scanned from US
Submission: On November 23 via api from US — Scanned from US
Form analysis
0 forms found in the DOMText Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. Accept * Careers * Contact Us * Login * ENJPKO EN * Platform * Solutions * Products * Services * Research * Resources * Company Get a demo Book a demo Blog THE IMPLICATIONS OF CISA BOD 23-02 ON INTERNET-EXPOSED MANAGEMENT INTERFACES FOR FEDERAL ORGANIZATIONS Posted: 6th July 2023 By: Sam Langrock & Esteban Borges THE IMPLICATIONS OF CISA BOD 23-02 ON INTERNET-EXPOSED MANAGEMENT INTERFACES FOR FEDERAL ORGANIZATIONS In a recent effort to alert federal civilian institutions and similar governing bodies about the risks of exposing network management interfaces to the internet, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Binding Operational Directive (BOD). This directive offers specific guidelines and recommendations aimed at minimizing the attack surface. Issued as BOD 23-02, this latest best practices document highlights a 14-day timeline from identifying any exposed asset(s) to proper remediation. This post will explore its scope and required actions, helping you take appropriate measures if necessary. UNDERSTANDING THE RISKS First, it’s crucial to understand the risks associated with any exposed network and device management interfaces to the public internet to maintain a robust cyber defense. When these interfaces are accessible from the internet (see below), they become potential entry points for malicious actors to exploit, compromising critical infrastructure, sensitive data, and organizational resources. Practice banned by CISA’s BOD 23-02—Source: cisa.gov For instance, CISA's new directive addresses current and past incidents where threat actors exploited previously unknown vulnerabilities in popular networking products. These exploits led to ransomware and cyber espionage attacks against targeted organizations. Affected devices include firewalls or routers, often with remote management capability over protocols such as HTTP or RDP. BEST PRACTICES FOR MITIGATION According to BOD 23-02's main document and accompanying implementation guide, after two weeks of receiving notification from CISA or upon discovering a networked management interface falling under the purview of the directive, agencies must take at least one of the following actions and protections: 1. Isolate the interface from the internet, restricting access solely to the internal enterprise network (CISA suggests implementing an isolated management network or a VLAN). 2. Deploy access control mechanisms aligned with a Zero Trust Architecture where technically feasible, thereby regulating interface access through a separate policy enforcement point (preferred course of action). In particular, Zero Trust's role "in enforcing accurate, least privilege per-request access decisions in information systems and services" cannot be overstated. CISA considers this model to be an absolute requirement for network management interfaces to “remain accessible from the internet on networks where agencies employ capabilities to mediate all access to the interface in alignment with OMB M-22-09, NIST 800-207, the TIC 3.0 Capability Catalog, and CISA's Zero Trust Maturity Model.” COLLABORATIVE EFFORTS AND INDUSTRY SOLUTIONS Before establishing any controls or enforcement policies, CISA expects a thorough analysis and understanding of the attack surface—this involves correctly identifying all networked management interfaces (a foundational first step to risk mitigation.) In other words, proactive monitoring of these assets is crucial for effectively detecting and responding to potential threats. Recorded Future Attack Surface Intelligence helps organizations gain visibility into their networked management interfaces. For example, we recently examined the risks and potential consequences of having login panels exposed to the Internet and how Attack Surface Intelligence addresses these challenges, specifically when it comes to finding remote management interfaces over public internet in popular protocols such as the HTTP and HTTPS, this includes, but is not limited to out of band server management interfaces (such as iLo and iDRAC), mobile security platforms, SSL VPN interfaces, or popular Firewalls. Exposed login panels detected by Recorded Future Attack Surface Intelligence Similarly, the principles and best practices outlined in BOD 23-02 align with the importance of protecting publicly-exposed network management interfaces (which login panels can be part of) and utilizing Attack Surface Intelligence to identify and manage such risks. FINAL WORDS In summary, safeguarding network management interfaces from exposure to the public internet is paramount in mitigating critical cybersecurity risks. Initiatives like CISA's BOD 23-02 underscore the need for comprehensive risk mitigation strategies, emphasizing these interfaces' identification, protection, and monitoring. By implementing the best practices detailed in the directive, assisted by Attack Surface Intelligence, organizations can fortify their security posture, swiftly detect and respond to potential threats, and safeguard critical assets from unauthorized access and exploitation. Maintaining a comprehensive understanding of the attack surface and leveraging appropriate security measures are crucial to building resilience in the face of evolving cyber threats. Learn more about how Attack Surface Intelligence can keep your organization secure by booking your demo today. RELATED BLOG Blog SHELL NO! ADVERSARY WEB SHELL TRENDS AND MITIGATIONS (PART 1) Posted: 30th Jun 2016 Blog THE ART OF DEFENDING YOUR ATTACK SURFACE Posted: 15th Nov 2023 Blog VETERANS DAY: CELEBRATING STORIES OF SERVICE AND SUCCESS Posted: 9th Nov 2023 ABOUT US * Intelligence Cloud * Services & Support * Why Recorded Future * Research * Resources * Company HELPFUL LINKS * Careers * Contact Us * Get a Demo * The Intelligence Graph -------------------------------------------------------------------------------- JOIN US ONLINE * * * * * READY TO JOIN? Contact us today Copyright © 2023 Recorded Future, Inc. * Security FAQ * Cookies * Privacy Policy * Terms & Conditions