Last week the Australian Signals Directorate (ASD), formally Defence Signals Directorate (DSD), published the 2014 version of their top 35 mitigations. I’ve always liked this list as a place to start, especially the top 4 (unchanged from last year). Theoretically, implementing only the top 4 mitigations, application whitelisting, application patching, OS patching, and admin privilege restriction in this year’s edition, could cut out “at least 85% of the cyber intrusions that ASD responds to” for adversaries “using unsophisticated techniques.”
(Note: As part of a campaign to bring forward some of our older posts that we feel still benefit the community, we’ve added this article to our Best Of category that will periodically get tweeted out. Please mention it to me on Twitter or contact us if there are any other posts you feel we should include in this category. This post was previously categorized under News. [email protected]grecs)
The Australian Signals Directorate (ASD) has re-ranked its Strategies to Mitigate Targeted Cyber Intrusions (PDF) document for 2014, with the top four strategies remaining identical to the 2012 version of the document.
In order, the top four strategies remained as: Application whitelisting; updating to the latest version of applications within two days of release; applying operating system patches within two days; and restricting admin privileges based on user duties, recommending that users with administration privileges use a separate unprivileged account for email and web browsing.
Rising up the rankings were strategies for disabling the running of internet-based Java code, untrusted Microsoft Office macros, and undesired web browser and PDF viewer features; usage of operating system level features, such as address-space randomisation and Microsoft’s free Enhanced Mitigation Experience Toolkit; and behavourial analysis from internet and email filtering, which the agency says should be “run in a sandbox to detect suspicious behaviour, including network traffic, new or modified files, or configuration changes”.
Today’s post pic is from Wikipedia.org.