CISA gave Ivanti users 48 hours to comply with ED 24-01, and it’s giving John trust issues. By using Zero Standing Privileges and performing continuous authorization across all privileged sessions, this could have been avoided. He also wonders what happened with all those sweepstakes he’s entered over the years.
Hey everybody.
Welcome to today's episode of John Has Trust Issues where I discuss issues relevant to the world of Zero Trust and authorization in about 90 seconds or less, sometimes a little bit more.
My name's John Martinez, and I'm the technical evangelist over here at StrongDM.
And my trust issues stem from all of those sweepstakes that I entered as a kid and never won the million bucks.
All Right, let's get going and let's talk about the issue of today.
Today I'm discussing, uh, this unprecedented, really unprecedented emergency directive called ED 24 dash zero one that's issued by the Cybersecurity and Infrastructure Security Agency, or cisa, uh, on January 19th, and then again on January 31st with the supplement that it, these fixes to the Avanti VPN devices that have been compromised must be implemented within 48 hours.
I I mean, that's, we're talking all of the civilian federal agencies that this affects.
So what we do know about this exploit is that, again, it involves the Avanti VPN devices.
State actors have been exploiting this vulnerability since December one.
Vulnerability bypasses, authentication and allows, uh, remote access to the web interface.
Another one allows remote code execution, arbitrary command execution on the web interface as well.
And another one yet allows privilege escalation via the SAML component of these devices.
So, as it's been reported in TechCrunch, this was, again, first seen in December.
It, as of earlier this month, had affected more than 2200 devices that were compromised.
And the solution is to completely flatten, do a factory reset, start over again with the, the fresh code, and then monitor all of your identity systems and every other sensitive system that you have in your environment.
That's a lot of work.
All right, so what can we do in our environments to avoid problems like this?
So definitely do continuous authorization across all of your privileged sessions.
Constantly be testing, constantly be challenging.
And another one that I'll talk about many, many times is to implement zero standing privileges.
We've all heard of the principle of least privilege.
Now, the next set in that, then the next evolution in that is zero.
Anything, no privilege at all.
And when I come in in the morning, I log in and there's nothing there and I have to ask for it.
Alright, so thanks again for listening today.
My name is John Martinez at StrongDM, the dynamic access platform that enables secure privileged access across all of your sensitive infrastructure.
Thank you for watching.
