Security guidance
-
DDoS Overview and Response Guide
Monday, June 03, 2024 05:30:00 PM CESTThe evolution of DDoS attack techniques and targets has been continuously followed in the past by the specialists ranging from large companies to security expert blogs. However, recently it has caught general attention due to several incidents that might mean a change of paradigm in the way such attacks have been addressed so far. Strategies to mitigate DDoS need to be adopted, and should focus initially on prevention, but eventually on designing multi-layered defense strategies. In this white-paper, CERT-EU has focused on procedures for securing IT infrastructure from threats against availability. The white-paper is based on proven DDoS identification and mitigation methods that can effectively and efficiently respond to DDoS attacks.
-
Security Guidance 23-002 - Potential impact and risks of Generative AI in EUIBAs
Thursday, May 11, 2023 09:25:00 AM CESTRecently, there has been a substantial leap forward in the development of Generative AI technology. Additionally, further rapid advancements are expected as researchers continue to push the boundaries of AI capabilities. At CERT-EU, we assess that the development of Generative AI technology will continue and become quite common, and as such, it is crucial to embrace this transformative innovation. The technology presents numerous opportunities, however, it also comes with risks. This guidance aims at defining the position of CERT-EU towards Generative AI technology and provide an initial overview of this complex topic.
The most recent version adds a bit of information on indirect prompt-injection attacks and additional options for EUIBAs to use the technology. -
Security Guidance 22-001 - Cybersecurity mitigation measures against critical threats
Wednesday, March 09, 2022 12:01:00 PM CETOn February 14, ENISA and CERT-EU made a joint publication strongly encouraging all EU- based organisations to implement a set of cybersecurity best practices.
Building on this joint publication, CERT-EU is making available the following specific imple- mentation recommendations. By applying these systematically, organisations can boost their cybersecurity defence and resilience. This would allow them to:
1. Improve their cybersecurity posture to fend off a wide range of attacks and limit the number of cybersecurity incidents.
2. Detect and react to cyber operations that may be carried off by sophisticated threat actors. -
Security Guidance 22-002 - Hardening Signal
Thursday, March 03, 2022 02:15:00 PM CETSignal is a well-known, secure, encrypted instant messaging service developed by the non-profit Signal Technology Foundation and Signal Messenger LLC. It uses standard cellular telephone numbers as identifiers and all communications between Signal users are secured with end-to end encryption.
Staff of public and private organisations, including senior management, may be using Signal sometimes to quickly coordinate and exchange information on work-related matters. Signal groups may also have been set up for business continuity reasons in case corporate instant messaging tools become unavailable.
The following document provides clear and pragmatic recommendations for hardening the configuration of Signal apps. If you have suggestions that could help improve it, contact us at services@cert.europa.eu. We always appreciate constructive feedback. -
Security White Paper 2019-001 - PowerShell -- Cybersecurity Perspective
Friday, July 19, 2019 03:31:00 PM CESTIn the last years we have seen an increasing use of PowerShell for malicious purposes. This was mainly caused by its powerfulness and lack of means to counter this kind of usage. On the other hand PowerShell also evolved, providing currently also more means for defenders. The aim of this document is to present PowerShell from a cybersecurity perspective. Described are also controls that can be implemented in the prevention and detection of cyberattacks using PowerShell.
-
Security White Paper 2017-004 - Mitigating Risks Related to Network Devices
Friday, October 06, 2017 02:12:00 PM CESTNetwork devices, such as routers, switches, or firewalls, are essential components of every IT infrastructure. All traffic has to go through several such network devices. Compromising network devices allows an adversary to steal sensitive data, corrupt communications, or disrupt activity of the targeted organization. The range of attacks against network devices has been growing for the past years, from exploitation of undocumented access to development of complex implants modifying the behavior of devices. The purpose of this white-paper is to provide recommendations on how to assess, prevent, and detect network devices
compromise. -
Security White Paper 2017-002_Detecting Lateral Movements in Windows Infrastructure
Tuesday, April 18, 2017 04:27:00 PM CESTLateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APTs). An adversary uses these techniques to access other hosts from a compromised system and get access to sensitive resources, such as mailboxes, shared folders, or credentials. This white-paper provides guidelines to detect
the lateral movements exploiting NTLM and Kerberos protocols in a Windows 7 and 2008 based environments. -
UPDATED - Security White Paper 2017-001_v1_2 - DMARC — Defeating E-Mail Abuse
Wednesday, January 11, 2017 10:13:00 AM CETDMARC is a mechanism to define a coherent e-mail policy that can effectively be used by both the sender and the receiver of the e-mail messages. The senders can list the authentication mechanisms they have put in place, and the receivers are informed what the sender suggests them to do, if the authentication fails on any message that
claims to originate from them. -
Security White Paper 2016-003 - Authentication Methods
Wednesday, January 11, 2017 09:56:00 AM CETLately, protecting data has become increasingly difficult task. Cyber-attacks have become one of the most serious threats to any organization. Companies and organizations are taking measures in order to defend their assets, and the authentication methods are an increasingly important security measure.
Authentication is the security term for verifying that the user is indeed who he claims to be. The procedure of confirming a user’s authenticity, is the action of comparing the provided credentials of the user against an existing database of validated identities.
However, since depending only on the use of simple credentials – or a single method of authentication in general – have lately proven to be highly unreliable, the use of multiple factors for the authentication process is highly recommended. -
Security White Paper 2016-002 - Weaknesses in Diffie-Hellman Key
Monday, August 08, 2016 09:36:00 AM CESTThis white paper offers you a guidline for the minimum key length in publickey
cryptography – more precisely in the Diffie-Hellman (DH) protocol – in order to be
considered secure. -
Security White Paper 2016-001 - Improved Security with HTTPS v1.0
Tuesday, April 26, 2016 04:23:00 PM CESTThis white paper presents in a simple way the advantages of using HTTPS over HTTP. Nowadays, with the increasing popularity and availability of web-based applications, it becomes very important to ensure a secure way for accessing them. Security could be significantly improved by moving
from using HTTP to HTTPS protocol. -
UPDATED - Security White Paper 2014-007 - Pass The Golden Ticket v1.4
Monday, February 16, 2015 04:01:00 PM CETThis white-paper provides the required steps to prevent and block attacks based on the golden-ticket.
-
Security White Paper 2014-011 - Guidelines dataprotection notification
Tuesday, January 06, 2015 03:44:00 PM CETIn a number of EU institutions, bodies and agencies, processes have been established to respond to cyber-security incidents. Such processes involve the handling of personal data and therefore they must be subject to a formal notification to the relevant Data Protection Officer. The present document offers a model and recommendations for such a notification. It is intended to be used by cyber-security incident response teams of EU institutions, bodies and agencies
-
Security White Paper 2014-009 - DDoS Overview and Incident Response Guide
Tuesday, July 22, 2014 01:47:00 PM CESTThis White Paper provides high-level guidelines to help IT staff responding to DDoS incident
-
UPDATED - Security White Paper 2014-008 - Cisco IOS Risk Mitigation
Monday, June 30, 2014 02:36:00 PM CESTThis White-paper presents the risks related to CISCO IOS running on CISCO network equipement. A CISCO IOS could be potentially modified offline or malicious code could be executed during runtime. This paper presents the main infection methods, the detection procedures, and the prevention mechanisms that networks administrators should put in practice.
-
Security White Paper 2014-006 - Handling of Potentially Malicious Emails
Tuesday, May 13, 2014 04:04:00 PM CESTAs a user of email, you may at some point receive a malicious email designed to steal information or cause damage to your information.
-
Security White Paper 2014-005 - E-mail Sender Address Forgery
Tuesday, April 15, 2014 04:27:00 PM CESTThis White Paper provides guidelines on the implementation of a Sender Framework (SPF), which is designed to prevent e-mail spam and detect e-mail spoofing, by verifying sender IP addresses.
-
Security White Paper 2011-003 - Windows Malware Detection (Incident Response Methodology)
Thursday, November 10, 2011 05:52:00 PM CETThis White Paper contains the first of a series of Incident Response Methodologies that CERT-EU intends to publish as part of the Security White Papers publications.
Incident Response Methodologies are cheat sheets dedicated to handlers investigating on a precise security issue.
This first Incident Response Methodologies presents a how to detect and recover from Malware on Windows systems.
The first version which was published in December 2011 has been updated in May 2012. -
Security White Paper 2011-002 - CERT-EU Services - Fundamentals
Wednesday, October 26, 2011 04:53:00 PM CESTThe present paper lays down guidance for participating actively in the services of CERT-EU, for the benefit of all EU Institutions, Agencies and Bodies.
-
Security White Paper 2011-001 - Additional Malware Protection with MSS
Tuesday, September 27, 2011 08:26:00 AM CESTThis white paper offers you a guideline for integrating Microsoft Safety Scanner (MSS) in you defence in depth strategy against malware.