ASD shows government how to do security right

The ASD (Australian Signals Directorate, formerly the Defence Signals Directorate) has taken a more prescriptive approach to the advice it has been giving Australian departments and agencies by stepping up the technical advice it has made available.

As part of recent changes to the Australian government's Protective Security Policy Framework, all government agencies are now required to put in place the ASD's Top 4 Strategies. ASD believes that if agencies do so, they will mitigate at least 85 percent of all intrusions that it sees via the Cyber Security Operations Centre.

While the strategies were updated in October last year, agencies have had to rely on their own expertise to implement them.

However, ASD has now released a more definitive technical guide for agencies to follow to meet their mandatory security requirements.

The new advice is meant for system administrators and integrators, and would assist those organisations that are running a Microsoft Windows Active Directory domain, Windows 2008 R2 servers, and Windows 7 workstations.

It goes through each of the four strategies — application whitelisting, patching applications, patching the operating system, and minimising administrative privileges — even going as far as to step through each of the dialog boxes required to implement local security policies.

In a similar manner, ASD has also released advice on the security considerations and controls for virtual private networks, and updated its advice for assessing security vulnerabilities and patches.