How does RSA's Security Breach affect your Enterprise?

Entisys Solutions, Inc., the West Coast’s #1 provider of enterprise virtualization and access delivery solutions from the datacenter to the desktop, and its Southern California division, Agile360, offer tips on how organizations can mitigate risk while implementing the recommendations made by security solutions provider RSA, in the aftermath of a recent cyber attack.

According to a statement made by RSA following the incident, "Recently, our security systems identified an extremely sophisticated cyber attack… this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."

This begs the question, if the self-described premier provider of security solutions for business acceleration can be compromised, what is protecting your organization?

First of all, organizations should be aware that two-factor authentication requires the user to have multiple pieces of information in order to breach your network security.  The possession of a token simply does not provide enough information.  However, possession of the token serial number and the organization that owns it opens up the door for a variety of social engineering attacks. 

For example, image that a person were to call your helpdesk and request a pin reset on their token.  Under most circumstances, the serial number of the token is all that is required for the person on the phone to reset the pin.  At this point, you might assume that if the user name does not match the token, then this will raise a red flag. You may be correct in assuming this, however, a smart hacker will have already found a valid user name at your organization, and undoubtedly will have little trouble convincing the person at the other end of the line that it must be an administrative mistake.  So, now there is a person with a username, a token ID, a new pin and the ability to create that token in their own network to generate the corresponding code.

Sounds like a longshot right?  Not so fast. Social engineering has been the most successful form of hacking long before computers were even around. The concept is simple - get the person on the phone to believe you and security is thrown out the window. This is the primary reason why two-factor authentication was implemented in the first place.  If you can demonstrate that you have possession of the key and the code, you are presumed to be who you say you are.

An RSA official document states:

"RSA strongly urges customers to follow both these overall recommendations and the recommendations available in the best practices guides linked to this note. 

• We recommend customers increase their focus on security for social media applications and the use of those applications and websites by anyone with access to their critical networks.
• We recommend customers enforce strong password and pin policies.
• We recommend customers follow the rule of least privilege when assigning roles and responsibilities to security administrators.
• We recommend customers re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority. Employees should not comply with email or phone-based requests for credentials and should report any such attempts.
• We recommend customers pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories.
• We recommend customers watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM, and consider adding more levels of manual approval for those changes.
• We recommend customers harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software.
• We recommend customers examine their help desk practices for information leakage that could help an attacker perform a social engineering attack.
• We recommend customers update their security products and the operating systems hosting them with the latest patches."

The reality is that potentially everyone has the key, and the likely ability to access the code for your enterprise, so what can your organization do to protect itself?

Entisys Solutions and Agile360 recommend several approaches for handling this issue that range from education to implementing various tools, Such as Citrix® XenDesktop™ and XenApp™ that can protect your infrastructure:

1. Educate and re-educate your users on the importance of always being sure they are working with the organization’s help-desk.  It’s a very rare occasion that the helpdesk will call a user unless they initiated a ticket to begin with.  Users should never give out their PIN and should always ask to have it reset rather than give it out to be ‘tested’ for access.
2. VPN provides the keys to the car, the alarm code and a full tank of gas to any potential hacker.  Use of it should be limited to a specific subset of users that ‘must have’ access by this method. 
1. By replacing standard VPN with Citrix Access Gateway Enterprise Edition, policies control that has access under which circumstances and the level of access that is to be provided based upon defined policies.
3. Implement access to corporate resources through the use of Citrix XenDesktop and XenApp with SSL encryption provided by Citrix Access Gateway Enterprise Edition products which make use of client end-point detection.
1. End point detection validates the system accessing resources is a corporate machine, and can be used to exclude IP addresses from countries known to harbor hackers. 
2. End point access policies are configured to allow differing access based upon the findings of that analysis.  For instance, Microsoft® Outlook web-mail may be the only allowed resource to someone coming from a foreign machine. Or, downloading/printing may be disabled if granted access to Citrix XenApp and/or XenDesktop.
3. Citrix XenApp and Citrix XenDesktop provide added security by requiring a user to access the network and have all their activities subject to logging, as opposed to gaining access to a local PC that is protected with RSA but can be taken off-line once access is granted.

Matt General, CTO for Entisys Solutions, Inc. says, “Entisys has been working with our customers to help them secure their infrastructure and resources, providing for scalable, secure architectures, and peace of mind, for more than 20 years.”

Please contact your Entisys or Agile360 account executive to learn more about how we can provide your organization not only peace of mind but security for the long-term.

About Entisys Solutions, Inc. and Agile360
Entisys Solutions, Inc. and its Southern California division, Agile360 are leading the way in virtualization and modernization – from the data center to the desktop – through the delivery of state of the art methodologies and broad solution offerings around Citrix Application Delivery Virtualization, VMware Virtualization, NetApp Storage Virtualization, Microsoft infrastructure and HP converged infrastructure of products. Entisys and Agile360 also offer comprehensive Professional Support Services, complementary managed services and consulting and engineering services to mid-tier and enterprise organizations as well as government agencies.

With two decades of experience, and a deep understanding of today’s most advanced technologies, Entisys Solutions and Agile360 have become trusted advisors to some of the most prominent companies in California. Together, the companies hold several industry-leading distinctions including Citrix Platinum Partner, VMware Premier Partner, and Microsoft Managed Partner.

Among the many awards that Entisys Solutions and Agile360 have won over the years are U.S. Western Region Winning on Value award from Microsoft Corp. for 2010; Top 500 Technology Integrator by Everything Channel for 2010; the 2009 Western Region Partner of the Year by Citrix Systems; and 2009 Highest Year-over-Year Growth – West for NetApp sales from Arrow Enterprise Computing Solutions; the 2009 Healthcare Partner of the Year for North American by Citrix Systems; 2008 and 2009 State & Local Partner of the Year for North America by Citrix Systems; Top North American Reseller Partner for the Citrix Application Networking Group (ANG) in 2007; 2007 Citrix Partner of the Year; Top Performing Citrix Solution Advisor Partner for North American sales and revenue influence for Citrix XenServer™ and Citrix Desktop™ virtualization software solutions; runner-up for Citrix Solution Provider of the Year in North America in 2006; and,VMware Market Maker – Americas Region – for 2005 and 2006.

The corporate headquarters for Entisys Solutions are located in Concord, Calif. Agile360 has offices in Irvine, Calif. and Pasadena, Calif. For more information, visit www.entisys.com or www.agile360.com, or call 1-877-ENTISYS (877-368-4797).

# # #