FEDERAL SERVICE FOR TECHNICAL AND EXPORT CONTROL (FSTEC of Russia)
Staraya Basmannaya, 17. Moscow, 105066
Tel., Fax: (495) 696-49-04
Organizations – developers software and equipment of automated systems production and technological processes

Email: postin@fstec.ru 01/22/1549 24 03 2022 №e 240 /

Software measures to improve the security of information infrastructure

An analysis of information about threats to information security, carried out by specialists from the FSTEC of Russia in the current situation, shows that foreign hacker groups are preparing to carry out large-scale computer attacks on and the information infrastructure of organizations-developers of software developers and equipment of automated control systems for production and technological processes used in objects of critical information infrastructure of the Russian Federation software.

In order to ensure the security of information and increase the security of information infrastructures of organizations used for the development, supply, distribution and technical support of software for automated equipment and systems for managing production and technological processes (hereinafter referred to as the information infrastructure), it is recommended to take the following additional measures to increase their security:

• conduct an inventory of public information resources (web sites, portals) by external scanning of a block of public IP addresses belonging to the organization in order to determine network services open on the perimeter of the information infrastructure, as well as by scanning IP

• addresses allocated for information resources of the organization in a rented cloud/hosting, and disable unused services and web services;
based on the results of the scan, analyze open ports and block access from outside to network services that do not need it or restrict access according to the white list of IP addresses where possible based on the purpose of the service;

• for API interaction, if possible, restrict access to a white list of IP addresses;

• strengthen the requirements
To the password policy of administrators and users (consumers) of web services of organizations, while excluding the use of passwords set by default, software unused accounts; and also disable provide two-factor authentication for employees of the organization that remotely connect to the information infrastructure;

• ensure the implementation of remote access of employees of the organization to the infrastructure using remote remote work tools (if possible) through secure data transmission channels (using HTTPS, SSH and other protocols) using VPN networks;

• if it is impossible to exclude remote technical support for consumers, ensure the implementation of such technical support using VPN networks and two-factor authentication;

• support to exclude from public access information and materials containing information on setting up and operating software and equipment, automated control systems for production and technological processes, distributions and demo versions of software posted on the websites of organizations;

• filter application layer traffic using web application firewall (WAF) set to attack mode;

• on network equipment, if technically possible, refuse to use insecure management protocols, such as OT telnet/http/snm, and allow access to equipment only from trusted networks (management segments, administrator workstations);

• enable denial-of-service (DDoS) attack OT protection features on firewalls and other information protection tools.

Deputy Director
V. Lyutikov