35 Steps to Protect Yourself from Cyber Espionage

I attended the big Australian security conference, AusCert, this week. One of the many great presentations came from one of the great analysts at the Australian Defense Signals Directorate (ADSD). He described what by now is a familiar scenario: clever social engineering combined with custom malware to infiltrate a network. His team has put together the first practical guide to countering this threat that has ever been published by any government.

To support his plea for better protective measures the ADSD researcher demonstrated how he could use Metasploit, a comprehensive "research" tool, to embed a Trojan in a PDF document and send it to a target email address with a spoofed "from" address. He said it took him two and a half hours to learn Metasploit and three minutes to execute the attack to the point where he could shut off the recipient's computer. It was quite dramatic. 

Here is the document with the 35 steps to mitigate intrusions that the Australian Defense Signals Directorate has published. It is a PDF document but it is safe!

Some of the key steps:

1. Patch the operating system and applications that have a corporately manageable autoupdate feature. Patch or mitigate serious vulnerabilities within two days. In other words, don't ignore those annoying notices that there are new updates to install!

2. Patch third party applications e.g. PDF viewer, ActiveX objects and other web browser plugins. Patch or mitigate serious vulnerabilities within two days. Note: One addition to this one that I would highlight: DO NOT USE Micrsoft IE.  FireFox, Opera, and Safari are much safer to use. 

3. Minimise administrative privileges to only users who need them. Such users should use a separate unprivileged account for email and web browsing. Note: According to Crispin Cowan, who also present at AusCert, Windows 7 has gotten much better at this.

4. Use application whitelisting to help prevent unapproved programs from running e.g. solutions such as Microsoft Software Restriction Policies or AppLocker. Commercial products are available from CoreTrace and Savant Protection for application white listing.

5. Gateway with a split DNS server, an email server, a password authenticated web proxy server and a firewall preventing workstations directly accessing the Internet. Use a UTM to prevent access to malicious downloads.

This is a valuable document. I suggesting grabbing a copy and comparing it to your current security practices. These types of attacks have been successful against the Dalai Lama's office, the Pentagon, Google, and hundreds of other public cases. Taking these measures will minimize your risks of serious data theft.