To support his plea for better protective measures the ADSD researcher demonstrated how he could use Metasploit, a comprehensive "research" tool, to embed a Trojan in a PDF document and send it to a target email address with a spoofed "from" address. He said it took him two and a half hours to learn Metasploit and three minutes to execute the attack to the point where he could shut off the recipient's computer. It was quite dramatic.
Here is the document with the 35 steps to mitigate intrusions that the Australian Defense Signals Directorate has published. It is a PDF document but it is safe!
Some of the key steps:
1. Patch the operating system and applications that have a corporately manageable autoupdate feature. Patch or mitigate serious vulnerabilities within two days. In other words, don't ignore those annoying notices that there are new updates to install!
2. Patch third party applications e.g. PDF viewer, ActiveX objects and other web browser plugins. Patch or mitigate serious vulnerabilities within two days. Note: One addition to this one that I would highlight: DO NOT USE Micrsoft IE. FireFox, Opera, and Safari are much safer to use.
3. Minimise administrative privileges to only users who need them. Such users should use a separate unprivileged account for email and web browsing. Note: According to Crispin Cowan, who also present at AusCert, Windows 7 has gotten much better at this.
4. Use application whitelisting to help prevent unapproved programs from running e.g. solutions such as Microsoft Software Restriction Policies or AppLocker. Commercial products are available from CoreTrace and Savant Protection for application white listing.
5. Gateway with a split DNS server, an email server, a password authenticated web proxy server and a firewall preventing workstations directly accessing the Internet. Use a UTM to prevent access to malicious downloads.
In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more
Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more
For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more
With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more