ASD-Cyber-Security-Bulletin-2014-06
ASD-Cyber-Security-Bulletin-2014-06
ASD-Cyber-Security-Bulletin-2014-06
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The Top 4<br />
for Penguins<br />
Application whitelisting on Linux can be very difficult to implement<br />
due to the high amount of resources required for development<br />
and maintenance. While administrators can use the AppLocker<br />
or Software Restriction Policies on Windows-based workstations,<br />
equivalent mechanisms are not present in either the core Linux<br />
kernel or other popular Linux distributions.<br />
However, this does not mean that it can’t be done. <strong>ASD</strong> is focussed<br />
on technical solutions that are achievable, effective and practical<br />
in the government environment. As a result, <strong>ASD</strong>’s The Top 4 in a<br />
Linux Environment provides not only guidance on how to implement<br />
application whitelisting on Linux, but also technical advice on how to<br />
harden a Linux machine without it, while still ensuring a comparable<br />
level of security to a Top 4-hardened Windows machine. These<br />
include commercial solutions, SELinux or AppArmour policies, and the<br />
use of custom Linux security modules. The document also provides<br />
technical guidance on patching applications, patching the operating<br />
system and restricting the number of users with administrative<br />
privileges on Linux.<br />
The Top 4 in a Linux Environment is available on <strong>ASD</strong>’s website<br />
asd.gov.au with a suite of publications designed to assist in<br />
implementation of the Top 4 strategies.<br />
The Top 4 Strategies to Mitigate Targeted <strong>Cyber</strong> Intrusions has<br />
been shown to prevent at least 85% of cyber intrusion techniques<br />
when implemented as a package. These strategies are based on<br />
those intrusion techniques which target the workstation. The Top 4<br />
strategies are:<br />
1. Application whitelisting<br />
2. Patching applications<br />
3. Patching operating systems<br />
4. Restricting administrator privileges<br />
<strong>ASD</strong> Contact Details<br />
For non-urgent and general ICT security enquiries:<br />
Email: asd.assist@defence.gov.au<br />
For urgent and operational government ICT security matters:<br />
Phone: 1300 CYBER1 (1300 292 371, select 1 at any time, or<br />
Complete the cyber security incident report form at www.asd.gov.au<br />
Issue #13 – June <strong>2014</strong> Page 6