Edge Device Security CISA
pAn official website of the United States governmentppHeres how you knowpp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock LockA locked padlock or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppDue to the lapse in federal funding this website will not be actively managed Read Moreppnocost Cyber ServicesSecure by design Secure Your BusinessShields UpReport A Cyber Issue ppSearchppppDue to the lapse in federal funding this website will not be actively managed Read Moreppnocost Cyber ServicesSecure by design Secure Your BusinessShields UpReport A Cyber Issue ppProtecting the network perimeter in an evolving cyber threat landscapeppEdge devices such as routers firewalls and virtual private network gateways are located at network boundaries and accessible from the public internet or external systems outside of the organizations control These devices are prime targets for malicious cyber actors including advanced persistent threat APT and criminal groups Endofsupport EOS edge devices are trivial for these actors to exploit as they no longer receive security updates ppAs organizations accumulate tech debt hardware and software that is EOS and no longer supported it becomes harder to defend against malicious cyber actors Edge Devices are the loadbearing pillars of a network and cannot afford to be EOS Threat actors exploit known vulnerabilities weak default settings and misconfigurations in edge devices to gain initial access to networks move laterally through internal systems and maintain persistence within victim networks Such compromises enable threat actors to monitor and manipulate network activity to gain control of critical infrastructure disrupt operations and exfiltrate sensitive information while remaining undetected for long periodsin some cases while prepositioning for future coordinated disruptive or destructive cyberattacksppSecuring these devices is not just a technical necessity it is critical to safeguarding the operational resilience of our nation CISA urges all organizations to address edge device vulnerabilities today by immediately replacing EOS edge devices Organizations should also prioritize procuring replacement hardware and software from manufacturers that apply Secure by Design principlesppEdge devices are the first line of defense between internal networks and external threats Strengthening the security of edge devices is critical to protecting your network Safeguard your organization with the following six core functions of the National Institute of Standards and Technology NIST Cybersecurity Framework 20ppBOD 2602 requires Federal Civilian Executive Branch agencies to mature their lifecycle management techniques to identify edge device hardware and software that are approaching or have reached EOS and to take immediate action to mitigate riskppBOD 2302 requires Federal Civilian Executive Branch agencies to take steps to reduce their attack surface created by insecure or misconfigured management interfaces including routers firewalls and virtual private network concentratorsppIsolate and retire EOS edge devices This fact sheet includes recent examples of edge device exploitation by nationstate threat actors and provides basic mitigations to reduce the risk from EOS hardware and software ppProtect network edge devices and appliances Led by international cybersecurity authorities this guidance offers best practices to secure network edge devices such as firewalls routers virtual private networks gateways Internet of Things devicesppMove toward more robust security solutions This joint guidance for business owners of all sizes focuses on zero trust Secure Service Edge and Secure Access Service Edge which provide greater visibility into network activityp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock LockA locked padlock or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppDue to the lapse in federal funding this website will not be actively managed Read Moreppnocost Cyber ServicesSecure by design Secure Your BusinessShields UpReport A Cyber Issue ppSearchppppDue to the lapse in federal funding this website will not be actively managed Read Moreppnocost Cyber ServicesSecure by design Secure Your BusinessShields UpReport A Cyber Issue ppProtecting the network perimeter in an evolving cyber threat landscapeppEdge devices such as routers firewalls and virtual private network gateways are located at network boundaries and accessible from the public internet or external systems outside of the organizations control These devices are prime targets for malicious cyber actors including advanced persistent threat APT and criminal groups Endofsupport EOS edge devices are trivial for these actors to exploit as they no longer receive security updates ppAs organizations accumulate tech debt hardware and software that is EOS and no longer supported it becomes harder to defend against malicious cyber actors Edge Devices are the loadbearing pillars of a network and cannot afford to be EOS Threat actors exploit known vulnerabilities weak default settings and misconfigurations in edge devices to gain initial access to networks move laterally through internal systems and maintain persistence within victim networks Such compromises enable threat actors to monitor and manipulate network activity to gain control of critical infrastructure disrupt operations and exfiltrate sensitive information while remaining undetected for long periodsin some cases while prepositioning for future coordinated disruptive or destructive cyberattacksppSecuring these devices is not just a technical necessity it is critical to safeguarding the operational resilience of our nation CISA urges all organizations to address edge device vulnerabilities today by immediately replacing EOS edge devices Organizations should also prioritize procuring replacement hardware and software from manufacturers that apply Secure by Design principlesppEdge devices are the first line of defense between internal networks and external threats Strengthening the security of edge devices is critical to protecting your network Safeguard your organization with the following six core functions of the National Institute of Standards and Technology NIST Cybersecurity Framework 20ppBOD 2602 requires Federal Civilian Executive Branch agencies to mature their lifecycle management techniques to identify edge device hardware and software that are approaching or have reached EOS and to take immediate action to mitigate riskppBOD 2302 requires Federal Civilian Executive Branch agencies to take steps to reduce their attack surface created by insecure or misconfigured management interfaces including routers firewalls and virtual private network concentratorsppIsolate and retire EOS edge devices This fact sheet includes recent examples of edge device exploitation by nationstate threat actors and provides basic mitigations to reduce the risk from EOS hardware and software ppProtect network edge devices and appliances Led by international cybersecurity authorities this guidance offers best practices to secure network edge devices such as firewalls routers virtual private networks gateways Internet of Things devicesppMove toward more robust security solutions This joint guidance for business owners of all sizes focuses on zero trust Secure Service Edge and Secure Access Service Edge which provide greater visibility into network activityp
