Essential Eight as recommended by the Australian Government
Posted on 27 July 2020
The Essential Eight, is recommended as a baseline strategy for organizations to implement to prevent cyber security incidents. Implementing the Essential Eight makes it much harder for systems to be compromised and proactively reduce costs than having to respond to a large-scale cyber security incident.
Mitigation Strategies to Prevent Malware Deliver and Execution
Application control to prevent execution of unapproved/malicious programs including .exe, DLL, scripts, and installers.
Why: All non-approved applications are prevented from executing.
Patch applications e.g. Flash, web browsers, Microsoft Office, Java, and PDF viewers. Path/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications.
Why: Security vulnerabilities in applications can be used to execute malicious code on systems.
Configure Microsoft Office macro settings to block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with trusted certificate.
Why: Microsoft Office macros can be used to deliver and execute malicious code on systems.
User application hardening. Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office, web browsers and PDF viewers.
Why: Flash, ads and Java are popular ways to deliver and execute malicious code on systems.
Mitigation Strategies to Limit the Extent of Cyber Security Incidents
Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Do not use privileged accounts for reading email and web browsing.
Why: Admin accounts are the ‘keys to the kingdom.’ Adversaries use these accounts to gain full access to information and systems.
Path operating systems. Path/mitigate computes (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Do not use unsupported versions.
Why: Security vulnerabilities in operating systems can be used to further the compromise of systems.
Multi-factor authentication including for VPNs, RDP, SSH and other remote access, and for all uses when they perform a privileged action or access an important (sensitive/high-availability) date repository.
Why: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.
Mitigation Strategies to Recover Data and System Availability
Daily backups of important new/changed data, software, and configuration settings, stored disconnected, kept for at least three months. Test restoration initially, annually, and when IT infrastructure changes.
Why: To ensure information can be accessed following a cyber security incident (e.g. a ransomware incident).