Top Mitigation Strategies for Government

While there continues to be lots of talk in the media over hacktivism, data breaches, disclosure and espionage it is sometimes useful to take a closer look at these scenarios in order to help tighten our own defenses.

A good example is the recent report from McAfee: Operation Shady RAT covering targeted intrusions into over 70 global companies, governments and non-profit organizations over the last 5 years. Symantec's take on the report can also be seen here.

 

Canada is not immune to these dangers, as shown in this example as well as many others. The increase in these types activities and general awareness has prompted other governments to re-evaluate their cyber defense strategies. The US DoD and Australian equivalent DSD have both recently released documents outlining these strategies.

DoD Strategies for Operating in CyberspaceStrategies to Mitigate Targeted Cyber Intrusions

While the DoD document remains quite vague there are some good points that can be taken from the Australian government's Top 35 Mitigation Strategies. Check out the list below to see how CMI solution providers can help you with your mitigation strategies.


Top 35 Mitigation Strategies

1 Patch Applications
2 Patch Operating Systems
3 Minimize the # of users with Domain or Local Admin priviledges
4 Application Whitelisting - CoreTrace
5 Host-based Intrusion Detection/Prevention System
6 Whitelisted Email Content Filtering - Clearswift
7 Block Spoofed Emails - Clearswift
8 User Education
9 Web Content Filtering - Clearswift
10 Web Domain Whitelisting for all domains - Clearswift
11 Web Domain Whitelisting for HTTPS/SSL domains - Clearswift
12 Workstation Inspection of MS Office files
13 Application-based workstation firewall (incoming rules)
14 Application-based workstation firewall (outgoing rules)
15 Network Segmentation & Segregation - BAE, DeepSecure
16 Multi-factor Authentication
17 Randomized Local Administrator Passphrases
18 Enforce Strong Passphrases
19 Border Gateway
20 Data Execution Prevention
21 Antivirus Software
22 Non-persistent virtalized trusted operating environment for risky activities
23 Centralized & Time Synchronized Logging of network activity - AccelOps
24 Centralized & Time Synchronized Logging of computer events - AccelOps
25 Standard Operating Environment - restricted/hardened OS
26 Workstation Application Security Configuration Hardening - CoreTrace
27 Restrict Access to NetBIOS services
28 Server Application Security Configuration Hardening
29 Removable & Portable Media Control
30 TLS Encryption between Email Servers
31 Disable LanMan password support & cached credentials
32 Block attempts to access websites by their IP - Clearswift, TechGuard
33 Network-based Intrusion Detection/Prevention Systems - AirTight
34 Gateway Blacklisting to block malicious domains/IPs - Clearswift, TechGuard
35 Full Network Traffic Capture for post-incident analysis

 
JT Keating at CoreTrace has discussed much of this in his blog here and we'd like to thank him for his contribution as well.

Contact us for more information on how CMI can help with your mitigation strategies.