by Mike Haugh, Gluware VP of Product Marketing and Terry Slattery, Netcraftsmen, Principal Architect, NetCraftsmen
The widespread impact of the SolarWinds (Sunburst and Supernova) security hacks sent network teams scrambling to react, assess the impact and mitigate any potential damage. Organizations needed to conduct a forensic assessment phase to determine if they were affected then follow the Cybersecurity and Infrastructure Security Agency (CISA) emergency directive 21-01 to take steps to address a possible breach.
CISA has released an alert (CISA Alert AA20-352A) that recommends mitigation steps to take for SolarWinds Orion and to address potential vulnerabilities left in the network infrastructure by the threat actors. Organizations that have network automation in place are equipped to automate many of the CISA recommended mitigation actions for all network devices (router, switches, firewalls, etc.). An intent-based network automation software solution can aid an organization in quickly implementing these actions.
CISA Recommendation: Device configurations
Audit all network device configurations, stored or managed on the SolarWinds monitoring server, for signs of unauthorized or malicious configuration changes.
Audit the configurations found on network devices for signs of unauthorized or malicious configuration changes. Organizations should ensure they audit the current network device running configuration and any local configurations that could be loaded at boot time.
Read the full blog post on ONUG.net.