35 Steps to Protect Yourself from Cyber Espionage

Updated: May 24, 2010

To support his plea for better protective measures the ADSD researcher demonstrated how he could use Metasploit, a comprehensive "research" tool, to embed a Trojan in a PDF document and send it to a target email address with a spoofed "from" address. He said it took him two and a half hours to learn Metasploit and three minutes to execute the attack to the point where he could shut off the recipient's computer. It was quite dramatic.

Here is the document with the 35 steps to mitigate intrusions that the Australian Defense Signals Directorate has published. It is a PDF document but it is safe!


Some of the key steps:

1. Patch the operating system and applications that have a corporately manageable autoupdate feature. Patch or mitigate serious vulnerabilities within two days. In other words, don't ignore those annoying notices that there are new updates to install!

2. Patch third party applications e.g. PDF viewer, ActiveX objects and other web browser plugins. Patch or mitigate serious vulnerabilities within two days. Note: One addition to this one that I would highlight: DO NOT USE Micrsoft IE. FireFox, Opera, and Safari are much safer to use.

3. Minimise administrative privileges to only users who need them. Such users should use a separate unprivileged account for email and web browsing. Note: According to Crispin Cowan, who also present at AusCert, Windows 7 has gotten much better at this.

4. Use application whitelisting to help prevent unapproved programs from running e.g. solutions such as Microsoft Software Restriction Policies or AppLocker. Commercial products are available from CoreTrace and Savant Protection for application white listing.

5. Gateway with a split DNS server, an email server, a password authenticated web proxy server and a firewall preventing workstations directly accessing the Internet. Use a UTM to prevent access to malicious downloads.

Featured Research