The RSA Hack FAQ

Here are some key questions and answers about the situation

In the aftermath of RSA saying that its SecureID two-factor authentication tokens may have been compromised in a data breach of the company's network, here are some key questions and answers about the situation.

The answers in quotations come from a public letter signed by RSA's Executive Chairman Art Coviello.

What happened?

RSA's corporate network suffered what RSA describes as a successful advanced persistent threat attack, and "certain information" was stolen that can somehow affect the security of SecureID authentication.

MORE ON SECURITY: 20 hot IT security issues

What does that mean?

RSA clarifies by saying what the stolen information does not enable. "[T]he information extracted does not enable a successful direct attack on any of our RSA SecurID customers."

Then why is RSA making a big deal out of it, and what good is the information to the people who stole it?

Without knowing exactly what information was taken it's hard to say, but given the apparent sensitivity of the stolen materials and the widespread use of SecureID to protect the most sensitive corporate data, the thieves can probably cash it in somehow.

Here's what RSA says: "[T]his information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations."

What are those steps?

RSA recommends nine steps, which amount to following pretty basic security principles:

1. Focus on use of social media applications by anyone with access to corporate networks.

2. Enforce strong passwords and PINs.

3. Follow the rule of least privilege when assigning access rights to security administrators.

4. Tell users to avoid suspicious e-mails and not to give out user names and other credentials when they are solicited by e-mail or phone call. They should report such attempts.

5. Implement two-factor authentication to directories and use SIEM products to keep an eye on directory activity.

6. Closely watch changes in user access privileges and require more manual approvals to increase them.

7. Tighten all security surrounding critical security software.

8. Review help desk procedures with an eye toward blocking social engineering attacks.

9. Update operating systems and security products' software.

What's RSA going to do about it directly?

It says it will help strengthen customers' security: "We are committed to applying all necessary resources to give our SecurID customers the tools, processes and support they require to strengthen the security of their IT systems in the face of this incident. Our full support will include a range of RSA and EMC internal resources as well as close engagement with our partner ecosystems and our customers' relevant partners."

How did the hackers get in?

RSA is describing the attack as an advanced persistent threat, but isn't detailing what happened.

When will they?

It's not clear that they ever intend to: "As appropriate, we will share our experiences from these attacks with our customers, partners and the rest of the security vendor ecosystem and work in concert with these organizations to develop means to better protect all of us from these growing and ever more sophisticated forms of cybersecurity threat."

How did RSA react when it discovered the breach?

The company says in a statement that it took aggressive measures against the attack and hardened its IT infrastructure. It says it has also investigating and has notified appropriate authorities. It doesn't detail the measures, hardening efforts or who the authorities are.

When did this happen?

"Recently" is the closest RSA comes to telling. The company notified the Securities and Exchange Commission yesterday, and is reported to have been working with government customers on the fallout for more than a week.

Read more about wide area network in Network World's Wide Area Network section.

Tags RSA hacksecuritylegalcybercrime

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?