Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
30 Proceedings Winter 2014 – 2015 www.uscg.mil/proceedings security teams allow only approved programs to run, while blocking all other programs. 4 • Security policies: Security policies must be enforced to limit an organization's exposure to zero-day vulnerabil- ities and associated exploits. For example, some organi- zations do not allow applications and programs to be loaded on their computer system without frst sanitizing them. Best Security Practice Guidelines for Seaports Cybersecurity and physical security are increasingly inter- connected. Consequently, close collaboration among cyber analysts and physical security professionals is essential for maritime transportation and other critical infrastructure sectors. Fortunately, the most effective solutions do not involve new approaches or strategies, but instead focus on rigorously applying known methodologies. Security-Oriented Device and Application Confguration The goal is to confgure devices and applications to bypass functionalities that have security risks as well as remove unneeded programs to reduce system vulnerability. Com- plexity is security's worst enemy — the smaller its attack sur- face is, the more secure a website becomes. Keep operating systems and frmware up to date: System security personnel should regularly update computer and frmware operating systems and apply all bug and security fxes immediately. No application can be secure if its operat- ing system is vulnerable. Ensure that network devices and applications do not expose system information: Confgure Ethernet routers, switches, and applications to give only the information required to support active applications, end users, and cus- tomers. Be sure no information about system confgurations can be derived from application and system names. Install only required and approved applications: Install only required applications and regularly approve and main- tain them. Unused programs put extra maintenance bur- dens on the cybersecurity team and could create additional security threats. Partition the network: Partition the network into multiple segments to host users and applications with different levels of security requirements. This is an effective way to contain damage, in case of a network intrusion. Enforce a BYOD (bring your own device) policy: Mobile vulnerabilities have increased dramatically, so consider lim- iting smartphones and personal devices to the open seg- ment of the network. Sanitize and properly confgure all personal devices. Many critical infrastructure sites com- pletely ban smartphones, personal devices, and removable media devices for well-founded security reasons. Fix default and weak passwords: In many cases, passwords are the only way to distinguish a valid user from an attacker. Weak passwords can be cracked and therefore broken, giv- ing an attacker easy access to the system. Similarly, change default and weak passwords on devices and applications. Require strong credentials to reset passwords. Use two-fac- tor authentication for important applications. 5 Disable inactive user accounts: Inactive user accounts are not maintained and can have vulnerable applications. Dis- able and remove them. Document and track configuration changes: Document and track important confguration changes and review their performance. Conduct vulnerability scanning and penetration testing regularly: Identify and fix vulnerabilities before attack- ers fnd them. Use vulnerability scanners continuously to examine the network and computers for known vulnerabili- ties. Perform penetration testing regularly. Cyber Protection and Monitoring for Daily Activities Log, flter, and monitor network system activities and pro- grams to minimize network attacks and detect potential intrusions. US-CERT Users can report exploits that use malware (such as computer worms and viruses) to computer security inci- dence response teams such as the United States Computer Emergency Readiness Team (US-CERT). Th is agency publishes current activity reports and regu- larly updates summaries of the most frequent, high- impact security incidents to mitigate the impact of such exploits through timely information aggregation and reporting. In February 2013, US-CERT launched the Critical Infra- structure Cyber Community Voluntary Program to help improve critical infrastructure cybersecurity system resiliency. 0 1 1 0 1 0 0 1 0 1