RSA is a big deal in information security. They are the company that develops those little dongles that generate seemingly random numbers every minute which people carry around on their keychain and use them to log in to online systems more securely. RSA estimates that they have apprioxmately 40,000,000 of these units in production right now, and, while these tokens are gaining in popularity for arguably less-important services like World of Warcraft, they are seeing adoption among end-users for sites such as Paypal.com.
And they’ve been compromised by an APT.
What does this mean for you? It’s still too soon to tell. RSA’s open letter to customers is a bit vague as to exactly what happened, and understandably so, as they probably don’t even know yet themselves.
Wired.com has a short writeup on what is known so far, and quotes several suggestions issued by RSA to their customers. The following is a subset of the list of recommendations RSA has provided to customers. I have included and paraphrased principles that apply specifically to small businesess, but this list is very similar to the main list of concerns for large enterprises and, many principles that we’ve blogged about here ourselves in the past.
- Increase focus on security for social media applications.
- Enforce strong password and pin policies.
- Follow the rule of least privilege.
- Re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority.
- Pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories.
- Watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM.
- Harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software.
- Examine help desk practices for information leakage that could help an attacker perform a social engineering attack.
- Update security products and the operating systems hosting them with the latest patches.
In the coming weeks, we will be addressing each of these topics individually, as this post just goes to underscore the importance of basic security best practices.