The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive requiring federal agencies to secure the network management interfaces of specific device classes. These interfaces, often targeted by threat actors, have become a preferred entry point for attacks on network infrastructure. Federal agencies must identify and address insecure or misconfigured interfaces on devices like firewalls and routers, implementing zero trust capabilities and removing vulnerable interfaces from the internet. CISA will assist in scanning and notifying agencies, while providing implementation guidance for enhanced network management interface security.
Read more: https://www.securityweek.com/cisa-instructs-federal-agencies-to-secure-internet-exposed-devices/