RSA Hacked; SecurID Customers At Risk?


 

In RSA's SecurCare Online Note detailing the attack, RSA recommended that SecurID users take the following steps:

 

  • increase focus on security for social media applications and the use of those applications and Web sites by anyone with access to critical networks.

     

  • enforce strong password and PIN policies.

     

  • follow the rule of least privilege when assigning roles and responsibilities to security administrators.

     

  • re-educate employees on the importance of avoiding suspicious e-mails, and remind them not to provide user names or other credentials to anyone without verifying that person's identity and authority. Employees should not comply with e-mail or phone-based requests for credentials and should report any such attempts, RSA added.

     

  • pay special attention to security around active directories, making full use of SIEM products and also implementing two-factor authentication to control access to active directories.

     

  • watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes.

     

  • harden, closely monitor and limit remote and physical access to infrastructure that is hosting critical security software.

     

  • examine their help desk practices for information leakage that could help an attacker perform a social engineering attack.

     

  • update their security products and the operating systems hosting them with the latest patches.