Five Eyes 悪意のある活動の発見と修復のための技術的アプローチ
こんにちは、丸山満彦です。
米国、英国、カナダ、ニュージーランド、オーストラリアのサイバーセキュリティ当局の共同研究の成果として、悪意のある活動の発見と修復のための技術的アプローチが公開されていますね。。。インシデント調査のプレイブックの位置付けですね。。。
5つの国のセキュリティ当局は、
[1] Australian Cyber Security Centre (ACSC)
[2] Canada’s Communication Security Establishment
[3] New Zealand National Cyber Security Centre (NZ NCSC)
[4] New Zealand CERT NZ
[5] United Kingdom National Cyber Security Centre (UK NCSC)
[6] United States Cybersecurity and Infrastructure Security Agency (CISA)
となりますね。。。
実務的な内容も含んでいて参考になるように思います。。。
● CISA
・2020.09.01 Alert (AA20-245A) Technical Approaches to Uncovering and Remediating Malicious Activity
CONTENTS
Overview
Key Takeaways
Description
Recommended Artifact and Information Collection
Host-Based Artifacts
Network-Based Artifacts
Common Mistakes in Incident Handling
Recommended Investigation and Remediation Processes
General Mitigation Guidance
Restrict or Discontinue Use of FTP and Telnet Services
Restrict or Discontinue Use of Non-approved VPN Services
Shut down or Decommission Unused Services and Systems
Quarantine and Reimage Compromised Hosts
Disable Unnecessary Ports, Protocols, and Services
Restrict or Disable Interactive Login for Service Accounts
Disable Unnecessary Remote Network Administration Tools
Manage Unsecure Remote Desktop Services
Credential Reset and Access Policy Review
Patch Vulnerabilities
General Recommendations and Best Practices Prior to an Incident
User Education
Allowlisting
Account Control
Backups
Workstation Management
Host-Based Intrusion Detection / Endpoint Detection and Response
Server Management
Server Configuration and Logging
Change Control
Network Security
Network Infrastructure Recommendations
Host Recommendations
User Management
Segregate Networks and Functions
Additional Best Practices
Resources
● NSCS (UK)
・2020.09.01 UK joins international allies in issuing cyber defence advice for organisations
Cyber security advisory highlights technical approaches for uncovering and dealing with malicious activity.
Comments