Security Guidance 22-001 - Cybersecurity mitigation measures against critical threatsWednesday, March 9, 2022 1:01:00 PM CEST
On February 14, ENISA and CERT-EU made a joint publication strongly encouraging all EU- based organisations to implement a set of cybersecurity best practices.
Building on this joint publication, CERT-EU is making available the following specific imple- mentation recommendations. By applying these systematically, organisations can boost their cybersecurity defence and resilience. This would allow them to:
1. Improve their cybersecurity posture to fend off a wide range of attacks and limit the number of cybersecurity incidents.
2. Detect and react to cyber operations that may be carried off by sophisticated threat actors.
Security Guidance 22-002 - Hardening SignalThursday, March 3, 2022 3:15:00 PM CEST
Signal is a well-known, secure, encrypted instant messaging service developed by the non-profit Signal Technology Foundation and Signal Messenger LLC. It uses standard cellular telephone numbers as identifiers and all communications between Signal users are secured with end-to end encryption.
Staff of public and private organisations, including senior management, may be using Signal sometimes to quickly coordinate and exchange information on work-related matters. Signal groups may also have been set up for business continuity reasons in case corporate instant messaging tools become unavailable.
The following document provides clear and pragmatic recommendations for hardening the configuration of Signal apps. If you have suggestions that could help improve it, contact us at firstname.lastname@example.org. We always appreciate constructive feedback.
Security White Paper 2019-001 - PowerShell -- Cybersecurity PerspectiveFriday, July 19, 2019 3:31:00 PM CEST
In the last years we have seen an increasing use of PowerShell for malicious purposes. This was mainly caused by its powerfulness and lack of means to counter this kind of usage. On the other hand PowerShell also evolved, providing currently also more means for defenders. The aim of this document is to present PowerShell from a cybersecurity perspective. Described are also controls that can be implemented in the prevention and detection of cyberattacks using PowerShell.
Security White Paper 2017-004 - Mitigating Risks Related to Network DevicesFriday, October 6, 2017 2:12:00 PM CEST
Network devices, such as routers, switches, or firewalls, are essential components of every IT infrastructure. All traffic has to go through several such network devices. Compromising network devices allows an adversary to steal sensitive data, corrupt communications, or disrupt activity of the targeted organization. The range of attacks against network devices has been growing for the past years, from exploitation of undocumented access to development of complex implants modifying the behavior of devices. The purpose of this white-paper is to provide recommendations on how to assess, prevent, and detect network devices
Security White Paper 2017-003_DDoS Overview and Response GuideFriday, October 6, 2017 1:30:00 PM CEST
The evolution of DDoS attack techniques and targets has been continuously followed in the past by the specialists ranging from large companies to security expert blogs. However, recently it has caught general attention due to several incidents that might mean a change of paradigm in the way such attacks have been addressed so far. Strategies to mitigate DDoS need to be adopted, and should focus initially on prevention, but eventually on designing multi-layered defense strategies. In this white-paper, CERT-EU has focused on procedures for securing IT infrastructure from threats against availability. The white-paper is based on proven DDoS identification and mitigation methods that can effectively and efficiently respond to DDoS attacks.
Security White Paper 2017-002_Detecting Lateral Movements in Windows InfrastructureTuesday, April 18, 2017 4:27:00 PM CEST
Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APTs). An adversary uses these techniques to access other hosts from a compromised system and get access to sensitive resources, such as mailboxes, shared folders, or credentials. This white-paper provides guidelines to detect
the lateral movements exploiting NTLM and Kerberos protocols in a Windows 7 and 2008 based environments.
UPDATED - Security White Paper 2017-001_v1_2 - DMARC — Defeating E-Mail AbuseWednesday, January 11, 2017 11:13:00 AM CEST
DMARC is a mechanism to define a coherent e-mail policy that can effectively be used by both the sender and the receiver of the e-mail messages. The senders can list the authentication mechanisms they have put in place, and the receivers are informed what the sender suggests them to do, if the authentication fails on any message that
claims to originate from them.
Security White Paper 2016-003 - Authentication MethodsWednesday, January 11, 2017 10:56:00 AM CEST
Lately, protecting data has become increasingly difficult task. Cyber-attacks have become one of the most serious threats to any organization. Companies and organizations are taking measures in order to defend their assets, and the authentication methods are an increasingly important security measure.
Authentication is the security term for verifying that the user is indeed who he claims to be. The procedure of confirming a user’s authenticity, is the action of comparing the provided credentials of the user against an existing database of validated identities.
However, since depending only on the use of simple credentials – or a single method of authentication in general – have lately proven to be highly unreliable, the use of multiple factors for the authentication process is highly recommended.
Security White Paper 2016-002 - Weaknesses in Diffie-Hellman KeyMonday, August 8, 2016 9:36:00 AM CEST
This white paper offers you a guidline for the minimum key length in publickey
cryptography – more precisely in the Diffie-Hellman (DH) protocol – in order to be
Security White Paper 2016-001 - Improved Security with HTTPS v1.0Tuesday, April 26, 2016 4:23:00 PM CEST
This white paper presents in a simple way the advantages of using HTTPS over HTTP. Nowadays, with the increasing popularity and availability of web-based applications, it becomes very important to ensure a secure way for accessing them. Security could be significantly improved by moving
from using HTTP to HTTPS protocol.
UPDATED - Security White Paper 2014-007 - Pass The Golden Ticket v1.4Monday, February 16, 2015 5:01:00 PM CEST
This white-paper provides the required steps to prevent and block attacks based on the golden-ticket.
Security White Paper 2014-011 - Guidelines dataprotection notificationTuesday, January 6, 2015 4:44:00 PM CEST
In a number of EU institutions, bodies and agencies, processes have been established to respond to cyber-security incidents. Such processes involve the handling of personal data and therefore they must be subject to a formal notification to the relevant Data Protection Officer. The present document offers a model and recommendations for such a notification. It is intended to be used by cyber-security incident response teams of EU institutions, bodies and agencies
Security White Paper 2014-009 - DDoS Overview and Incident Response GuideTuesday, July 22, 2014 1:47:00 PM CEST
This White Paper provides high-level guidelines to help IT staff responding to DDoS incident
UPDATED - Security White Paper 2014-008 - Cisco IOS Risk MitigationMonday, June 30, 2014 2:36:00 PM CEST
This White-paper presents the risks related to CISCO IOS running on CISCO network equipement. A CISCO IOS could be potentially modified offline or malicious code could be executed during runtime. This paper presents the main infection methods, the detection procedures, and the prevention mechanisms that networks administrators should put in practice.
Security White Paper 2014-006 - Handling of Potentially Malicious EmailsTuesday, May 13, 2014 4:04:00 PM CEST
As a user of email, you may at some point receive a malicious email designed to steal information or cause damage to your information.
Security White Paper 2014-005 - E-mail Sender Address ForgeryTuesday, April 15, 2014 4:27:00 PM CEST
This White Paper provides guidelines on the implementation of a Sender Framework (SPF), which is designed to prevent e-mail spam and detect e-mail spoofing, by verifying sender IP addresses.
Security White Paper 2011-003 - Windows Malware Detection (Incident Response Methodology)Thursday, November 10, 2011 6:52:00 PM CEST
This White Paper contains the first of a series of Incident Response Methodologies that CERT-EU intends to publish as part of the Security White Papers publications.
Incident Response Methodologies are cheat sheets dedicated to handlers investigating on a precise security issue.
This first Incident Response Methodologies presents a how to detect and recover from Malware on Windows systems.
The first version which was published in December 2011 has been updated in May 2012.
Security White Paper 2011-002 - CERT-EU Services - FundamentalsWednesday, October 26, 2011 4:53:00 PM CEST
The present paper lays down guidance for participating actively in the services of CERT-EU, for the benefit of all EU Institutions, Agencies and Bodies.
Security White Paper 2011-001 - Additional Malware Protection with MSSTuesday, September 27, 2011 8:26:00 AM CEST
This white paper offers you a guideline for integrating Microsoft Safety Scanner (MSS) in you defence in depth strategy against malware.