.png)
Top Mitigation Strategies for Government
While there continues to be lots of talk in the media over hacktivism, data breaches, disclosure and espionage it is sometimes useful to take a closer look at these scenarios in order to help tighten our own defenses.
A good example is the recent report from McAfee: Operation Shady RAT covering targeted intrusions into over 70 global companies, governments and non-profit organizations over the last 5 years. Symantec's take on the report can also be seen here.
Canada is not immune to these dangers, as shown in this example as well as many others. The increase in these types activities and general awareness has prompted other governments to re-evaluate their cyber defense strategies. The US DoD and Australian equivalent DSD have both recently released documents outlining these strategies.
While the DoD document remains quite vague there are some good points that can be taken from the Australian government's Top 35 Mitigation Strategies. Check out the list below to see how CMI solution providers can help you with your mitigation strategies.
| 1 | Patch Applications |
| 2 | Patch Operating Systems |
| 3 | Minimize the # of users with Domain or Local Admin priviledges |
| 4 | Application Whitelisting - CoreTrace |
| 5 | Host-based Intrusion Detection/Prevention System |
| 6 | Whitelisted Email Content Filtering - Clearswift |
| 7 | Block Spoofed Emails - Clearswift |
| 8 | User Education |
| 9 | Web Content Filtering - Clearswift |
| 10 | Web Domain Whitelisting for all domains - Clearswift |
| 11 | Web Domain Whitelisting for HTTPS/SSL domains - Clearswift |
| 12 | Workstation Inspection of MS Office files |
| 13 | Application-based workstation firewall (incoming rules) |
| 14 | Application-based workstation firewall (outgoing rules) |
| 15 | Network Segmentation & Segregation - BAE, DeepSecure |
| 16 | Multi-factor Authentication |
| 17 | Randomized Local Administrator Passphrases |
| 18 | Enforce Strong Passphrases |
| 19 | Border Gateway |
| 20 | Data Execution Prevention |
| 21 | Antivirus Software |
| 22 | Non-persistent virtalized trusted operating environment for risky activities |
| 23 | Centralized & Time Synchronized Logging of network activity - AccelOps |
| 24 | Centralized & Time Synchronized Logging of computer events - AccelOps |
| 25 | Standard Operating Environment - restricted/hardened OS |
| 26 | Workstation Application Security Configuration Hardening - CoreTrace |
| 27 | Restrict Access to NetBIOS services |
| 28 | Server Application Security Configuration Hardening |
| 29 | Removable & Portable Media Control |
| 30 | TLS Encryption between Email Servers |
| 31 | Disable LanMan password support & cached credentials |
| 32 | Block attempts to access websites by their IP - Clearswift, TechGuard |
| 33 | Network-based Intrusion Detection/Prevention Systems - AirTight |
| 34 | Gateway Blacklisting to block malicious domains/IPs - Clearswift, TechGuard |
| 35 | Full Network Traffic Capture for post-incident analysis |
JT Keating at CoreTrace has discussed much of this in his blog here and we'd like to thank him for his contribution as well.
Contact us for more information on how CMI can help with your mitigation strategies.
Request Information
Would you like more information regarding the products and services offered by CMI? Simply fill out the form below and a member of our team will contact you!
