The Dispatch highlights cybersecurity news you can use. I share what I think is informative, relevant, interesting, and actionable. Look for //My take: for context and actionable information.
RDP brute-force attacks on the risk
In the U.S. for example, the number of brute-force attacks against Internet-facing RDP servers has increased from 200,000 per day in early-March to over 1,200,000 during mid-April.
//My take: Don’t expose RDP externally. Period. Use a VPN with MFA, then allow RDP. An alternative would be to use a RD Gateway. Make sure to monitor login activity and limit connections to geographic regions where your users connect from.
Full Article from Bleeping Computer: RDP brute-force attacks are skyrocketing due to remote working
Web Conferencing Guides
The NSA has published a guide that includes 9 key criteria for evaluating telework / web conferencing solutions. Then they compared common solutions against those criteria in a handy chart.
In addtiion, Mozilla has published a guide to privacy for "Video Call Apps". They cover business and consumer apps. Hats off to Mozilla for engaging with Zoom as part of helping to encourage encryption and privacy.
//My take: Use the 9 criteria from the NSA and guides as a part of your risk assessment. Especially if you had a hasty roll-out. Personally, I’ve stuck with Zoom. They have been responsive to concerns and version 5 addressed the encryption issues.
Links to Reports
- NSA: Selecting and Safely Using Collaboration Servicess for Telework (PDF)
- Mozilla: Privacy Not Included Video Call Apps
Credit to ZDNet: NSA security guide: How to choose safe conferencing and collaboration tools
US-CERT Microsoft Office 365 Security Recommendations
US-CERT published this alert for organizations that are rushing to the the Microsoft 365 cloud due to COVID-19. When speed dictates deployment often security is an after-thought. 365 is a fantastic platform but its also the largest attack surface in the world.
- Enable MFA for Admins
- Limit Admin Roles (RBAC)
- Enable Unified Audit Log
- Enable MFA for All Users
- Disable Legacy Protocol Authentication (IMAP / POP3)
- Enable alerts
//My take: I cannot emphasize enough how absolutely necessary each of these recommendations are to secure your 365 tenant. I listed the critical 6 above but the greatest of these is ENABLE MFA FOR ALL USERS. Kudos to US-CERT for clear, accurate, and actionable recommendations.
Read these 2 Microsoft articles on 365 Security. They are geared for SMBs and give very clear guidance.
- Practical guide to securing remote work using Microsoft 365 Business Premium
- Using Microsoft 365 Business Premium to secure your remote workforce
Full Alert from US-CERT:Microsoft Office 365 Security Recommendations