First published in February 2010, and revised for 2014, the Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, developed a list of strategies to mitigate targeted cyber intrusions.

The strategies to mitigate targeted cyber Intrusions are ranked in order of overall effectiveness. Rankings are based on ASD’s analysis of reported security incidents and vulnerabilities detected by ASD in testing the security of Australian government networks.

While no single strategy can prevent malicious activity, the effectiveness of implementing the Top 4 strategies can decrease cyber intrusions by 84%. The Top 4 Strategies to Mitigate Targeted Cyber Intrusions are mandatory for Australian Government agencies as of April 2013.

Check Point Software Technologies – breadth of security solutions, enables organizations to implement a tailored and targeted security strategy, that meets business security needs. All solutions are centrally managed through a single console that reduces complexity and operational overhead. As new threats emerge, Check Point solutions allow flexible expansion of services as needed without the addition of new hardware or management complexity.

Check Point Software Technologies takes the guesswork out of choosing the right security with targeted, comprehensive security protections, at the same time assisting you in meeting and implementing the ASD 35 mitigations.

# Mitigation Name Endpoint
Blades
Network Security Blades Management Blades
1 Application allowlisting      
2 Patch applications    
3 Patch operating system vulnerabilities    
4 Restrict administrative privileges    
5 User application configuration hardening  
6 Automated dynamic analysis    
7 User application configuration hardening      
8 Host-based Intrusion Detection/Prevention System      
9 Disable local administrator accounts    
10 Network segmentation and segregation    
11 Multi-factor authentication    
12 Software-based application firewall, blocking incoming network traffic  
13 Software-based application firewall, blocking outgoing network traffic  
14 Non-persistent virtualised sandboxed trusted operating environment      
15 Centralised and time-synchronised logging of successful and failed computer events    
16 Centralised and time-synchronised logging of allowed and blocked network activity    
17 Email content filtering    
18 Web content filtering    
19 Web domain allowlisting for all domains    
20 Block spoofed emails    
21 Workstation and server configuration management      
22 Antivirus software using heuristics and automated Internet-based reputation ratings  
23 Deny direct Internet access from workstations    
24 Server application configuration hardening    
25 Enforce a strong passphrase policy      
26 Removable and portable media control    
27 Restrict access to Server Message Block (SMB) and NetBIOS    
28 User education      
29 Workstation inspection of Microsoft Office files      
30 Signature-based antivirus software  
31 TLS encryption between email servers    
32 Block attempts to access websites by their IP address    
33 Network-based Intrusion Detection/Prevention System    
34 Gateway blocklisting    
35 Capture network traffic      

Essential Mitigations

# Mitigation Name Endpoint
Blades
Network Security Blades Management Blades
2 Patch applications e.g. Java, PDF viewer, Flash, web browsers and Microsoft Office. Patch/mitigate systems with “extreme risk” vulnerabilities within two days. Use the latest version of applications. Compliance    
3 Patch operating system vulnerabilities. Patch/mitigate systems with “extreme risk” vulnerabilities within two days. Use the latest suitable operating system version. Avoid Microsoft Windows XP. Compliance    
4 Restrict administrative privileges to operating systems and applications based on user duties. Such users should use a separate unprivileged account for email and web browsing. Full Disk
Encryption
   

Excellent Mitigations

# Mitigation Name Endpoint
Blades
Network Security Blades Management Blades
5 User application configuration hardening, disabling: running Internet-based Java code, untrusted Microsoft Office macros, and unneeded/undesired web browser and PDF viewer features. Compliance Document
Security
 
6 Automated dynamic analysis of email and web content run in a sandbox to detect suspicious behaviour including network traffic, new or modified files, or other configuration changes.   Threat
Emulation
 
9 Disable local administrator accounts to prevent network propagation using compromised local administrator credentials that are shared by several workstations. Compliance
Full Disk
Encryption
   
10 Network segmentation and segregation into security zones to protect sensitive information and critical services such as user authentication by the Microsoft Active Directory service.   Firewall
Identity
Awareness
 
11 Multi-factor authentication especially implemented for remote access, or when the user is about to perform a privileged action or access a sensitive information repository.   Mobile Access
Firewall
 
12 Software-based application firewall, blocking incoming network traffic that is malicious or otherwise unauthorised, and denying network traffic by default. • Firewall and
Application
Control
Application
Control
 
13 Software-based application firewall, blocking outgoing network traffic that is not generated by a allowlisted application, and denying network traffic by default. • Firewall and
Application
Control
Application
Control
 
15 Centralised and time-synchronised logging of successful and failed computer events, with automated immediate log analysis, storing logs for at least 18 months.     Smart Event
Smart View Tracker
Smart Log
Smart Reporter
16 Centralised and time-synchronised logging of allowed and blocked network activity, with automated immediate log analysis, storing logs for at least 18 months.     Smart Event
Smart View Tracker
Smart Log
Smart Reporter
17 Email content filtering, allowing only allowlisted business related attachment types. Preferably analyse/convert/sanitise hyperlinks, PDF and Microsoft Office attachments.   DLP
Anti-Virus
Threat Emulation
 
18 Web content filtering of incoming and outgoing traffic, allowlisting allowed types of web content and using behavioural analysis, cloud-based reputation ratings, heuristics and signatures.   IPS
URL Filtering
Anti-Bot
Threat Emulation
 
19 Web domain allowlisting for all domains, since this approach is more proactive and thorough than blocklisting a tiny percentage of malicious domains.   URL Filtering  
20 Block spoofed emails using Sender ID or Sender Policy Framework (SPF) to check incoming emails, and a “hard fail” SPF record to help prevent spoofing of your organisation’s domain.   Anti-Spam  

Good Mitigations

# Mitigation Name Endpoint
Blades
Network Security Blades Management Blades
22 Antivirus software using heuristics and automated Internet-based reputation ratings to check a program’s prevalence and its digital signature’s trustworthiness prior to execution. Anti-Malware Anti-Virus  
23 Deny direct Internet access from workstations by using an IPv6-capable firewall to force traffic through a split DNS server, an email server, or an authenticated web proxy server.   Firewall  
24 Server application configuration hardening e.g. databases, web applications, customer relationship management, finance, human resources and other data storage systems.   IPS  
26 Removable and portable media control as part of a Data Loss Prevention strategy, including storage, handling, allowlisting allowed USB devices, encryption and destruction. Media Encryption    
27 Restrict access to Server Message Block (SMB) and NetBIOS services running on workstations and on servers where possible.   Firewall  
30 Signature-based antivirus software that primarily relies on up to date signatures to identify malware. Use gateway and desktop antivirus software from different vendors. Anti-Malware Anti-Virus  
31 TLS encryption between email servers to help prevent legitimate emails being intercepted and used for social engineering. Perform content scanning after email traffic is decrypted.   IPSec VPN  

Average Mitigations

# Mitigation Name Endpoint Blades Network Security Blades Management Blades
32 Block attempts to access websites by their IP address instead of by their domain name, e.g. implemented using a web proxy server, to force cyber adversaries to obtain a domain name.   URL Filtering  
33 Network-based Intrusion Detection/Prevention System using signatures and heuristics to identify anomalous traffic both internally and crossing network perimeter boundaries.   IPS  
34 Gateway blocklisting to block access to known malicious domains and IP addresses, including dynamic and other domains provided free to anonymous Internet users.   Anti-Bot  
×
  反映意見
本網站使用cookies來實現其功能以及分析和行銷目的。 繼續使用本網站即表示您同意使用cookies 。 欲了解更多信息,請閱讀我們的cookies聲明