counter free hit unique web
Home Company Solutions Markets Partners News and Events Client Login Knowledge Center Contact

Knowledge Center

Security Bulletins
The Perimeter EDGE

 

NewsLetter Sign Up button

Perimeter Security Bulletin concerning US-CERT Critical Infrastructure Information Notice CIIN-07-332-01 Dated November 28, 2007

Recently, we received many inquires pertaining to the US-CERT Infrastructure Information Notice CIIN-07-332-01.  This notice issues a warning about suspected Cyber Incidents potentially targeting Private Sector Networks and outlines specific security solutions to protect against this attack.

Most recently regulators have asked Financial Institutions for an update response on the actions taken to protect themselves.  Perimeter has outlined the details of this bulletin and provided a summary of the actions taken for customers subscribed to the services below as well as highlighted additional technologies that should be evaluated.

It is important to emphasize that the measures taken by Perimeter pertain only to selected services, which by themselves, improve the security posture of clients who subscribe to those specific services, but do not by themselves purport to address the entirety of the threat. For this reason, we have also highlighted additional services that are very relevant to this threat. Perimeter offers a wide variety of services in order for customers to take advantage of a layered approach to security protection. If you are NOT subscribed to any of the services listed below or are unsure of your service subscriptions, please contact your account manager as soon as possible.

CERT Summary:

US-CERT is aware of sophisticated attempts to compromise private sector networks, including critical infrastructures. The level of sophistication and scope of these cyber security incidents indicate they are coordinated and targeted at private sector systems. The primary infection vector has been Trojan emails; however, there is also evidence of compromised websites redirecting users to malicious sites without the user’s knowledge. These methods attempt to exploit a variety of web browser and application vulnerabilities in addition to zero-day exploits in order to install malicious code.

Perimeter Protection Response:

Perimeter has taken proactive measures to ensure our Private Sector customers are protected from the attacks described in the Infrastructure Information Notice CIIN-07-332-01.  The primary services with the ability to defend against these attacks are listed below.  To the extent that you have subscribed to one or more of these services, Perimeter has included a brief summary of the security controls deployed to improve the protection of your environment. Clearly, if you are not subscribed to these services, Perimeter’s measures will not protect you.

Gateway Defender and Network Intrusion Detection/Prevention:  For those customer’s with Gateway IDS/IPS service, signatures are continuously uploaded to your device to identify and detect any known malicious activity.

Customer Based Network Intrusion Detection/Prevention: For customers with individual IDS/IPS sensors managed remotely by Perimeter, signatures are continuously uploaded to your device to identify and detect any known malicious activity.

Host Intrusion Detection/Prevention: For customers with host intrusion agents deployed on critical servers, the local security policy of these agents is configured to identify malicious code installation attempts on servers with agents installed.

Email Anti-Virus - Perimeter’s Email AV service has been updated with the latest signature patterns that will block malicious attachments and quarantine known Trojan emails.

Anti-SPAM: Perimeter’s anti-SPAM service has been configured to block malicious attachments and quarantine known Trojan emails.

Web Browsing Anti-Virus - Perimeter’s Web Browsing AV service has been updated with the latest signature patterns that will block malicious attachments and quarantine known Trojan emails.

Desktop and Server Anti-Virus - Perimeter’s Desktop and Server AV service has been updated with the latest signature patterns that will block malicious attachments and quarantine known Trojan emails.
 
Web Content Filtering: Perimeter has collaborated with our Web Content filtering vendors to ensure that all sites listed in the Infrastructure Information Notice CIIN-07-332-01 have been uploaded to our content filtering engines. This would apply to clients that are subscribed to the malicious code module. If you are uncertain as to whether or not you have this module, you can check with your account manager.

Additional Perimeter Options:

Perimeter always recommends a layered approach to security by deploying multiple services in order to best protect their environments.  In addition to the services highlighted above we have also outlined some critical supplementary services that would help mitigate future exposure to similar attacks.

  • Patch management (OS and applications)
  • End User Security Awareness Training
  • SSL Certificate Monitor (If you host a website)
  • Web Page Defacement Monitoring (If you host a website)


Please do not hesitate to call our Security Operations Center at 1-800-234-2175 with any questions you have concerning the CERT Infrastructure Information Notice CIIN-07-332-01

 


© 2008 Perimeter eSecurity™ All Rights Reserved. | Privacy Policy