Risky Bulletin Newsletter
June 14, 2023
Risky Biz News: CISA orders federal agencies to secure internet-exposed routers, firewalls, and VPNs
Presented by

News Editor
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) and has ordered federal civilian agencies to limit access from the internet to the management interfaces of networking equipment.
The new BOD 23-02 applies to routers, switches, firewalls, VPN servers, proxies, load balancers, and out-of-band server management interfaces such as the iLo and iDRAC.
It applies to management interfaces hosted on a multitude of protocols, ranging from HTTPS to SSH, SMB, RDP, and others.