Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday March 21 2020, @02:38PM   Printer-friendly
from the don't-be-a-target dept.

NIST, DHS Publish Guidance on Securing Virtual Meetings, VPNs:

With people worldwide forced to work from home due to the coronavirus epidemic, NIST and DHS published a series of recommendations on how to ensure that virtual meetings and connections to enterprise networks are protected from prying eyes.

[...] The security of virtual meetings might often be an afterthought, but basic precautions can ensure that they don't lead to data breaches or other security incidents, says Jeff Greene, director of the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST).

Most virtual meeting services have built-in security features, but following an organization's policies for virtual meeting security should ensure strong protection. Organizations should also consider limiting the reuse of access codes, using one-time PINs or meeting identifier codes, and adopting multi-factor authentication.

[...] "This list is not all-encompassing, nor must you use every tool for every virtual meeting. Know your organization's policies, think about the sensitivity of the topics to be discussed, factor in the logistics of the meeting, and pick the measures that make sense for each situation," Greene notes.

In an alert, the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is providing recommendations on how organizations could ensure that the use of virtual private network (VPN) solutions to connect to the organization's network will not pose a security risk.

Issues that could emerge in such situations include the specific targeting of VPNs to find ways to exploit them for malicious use, increased phishing for login credentials, and the lack of multi-factor authentication (MFA) for remote access and of sufficient VPN connections to ensure all employees can telework.

What's more, some organizations might not apply important updates or patches in due time if their VPN solutions are in use 24/7.

Organizations are advised to always update their VPNs, and ensure that the network infrastructure and the devices used to remotely connect to work environments have the latest software patches and security configurations.

Organizations should also alert employees to expect an increase in phishing attempts, ensure their security teams are prepared to ramp up remote access cyber-security tasks (e.g. log review, attack detection, and incident response and recovery), that MFA is in use on all VPN connections, and that the adopted VPN solution has been tested for mass usage.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by canopic jug on Saturday March 21 2020, @03:02PM (2 children)

    by canopic jug (3949) Subscriber Badge on Saturday March 21 2020, @03:02PM (#973835) Journal

    So these are not real meetings then? I guess not.

    virtual adjective
    vir·​tu·​al | \ ˈvər-chə-wəl, -chəl; ˈvərch-wəl \
    1. : being such in essence or effect though not formally recognized or admitted

    What advice, if any, do they have for real meetings which happen to take place online?

    --
    Money is not free speech. Elections should not be auctions.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Saturday March 21 2020, @07:57PM (1 child)

    by Anonymous Coward on Saturday March 21 2020, @07:57PM (#973906)

    Of course they are virtual. I could just put a picture of myself in front of the camera for most of the meetings and no one will really notice since most of them are the boss talking at us about stuff we already know. The fact that a sheet of paper is hanging in front of my empty chair is much more noticeable in a "real" meeting.

    • (Score: 2) by canopic jug on Sunday March 22 2020, @05:03AM

      by canopic jug (3949) Subscriber Badge on Sunday March 22 2020, @05:03AM (#974031) Journal

      That's probably a more time-effective solution. Another way to dodge meetings has been developed using machine learning [cnn.com] and it has been around for a while so maybe people are on to it:

      Newlan's python script starts to run when a meeting begins and his computer's microphone listens in the background. It uses an open source speech recognition program to recognize phrases based on the silences between people's sentences. Then it uses IBM Watson's speech-to-text service to transcribe what's said.

      Whenever his name is mentioned, the program sends him a 30 second transcript of what was said before his name was mentioned (and a little after).

      Newlan's script then waits 15 seconds and plays a pre-recorded audio file of him saying, "Sorry, I didn't realize my microphone was on mute."

      I suppose he could take it to the next level and plug a chat bot even as simple as Eliza into espeak.

      --
      Money is not free speech. Elections should not be auctions.