Initiatives such as the SANS Consensus Audit Guidelines and the UK CPNI Top 20 Critical Security Controls have attempted to standardize IT and cyber security efforts around twenty strategies proven to mitigate the most common and damaging types of attack. These represent a significant improvement over previous attempts but there remain challenges around adoption and prioritization.
In November 2012 the Australian Department of Defence published a paper in which they stated “At least 85% of the intrusions that DSD responded to in 2011 involved adversaries using unsophisticated techniques that would have been mitigated by implementing the top four mitigation strategies as a package.” This is a significant discovery since it narrows the focus from 20 required mitigation strategies for cyber security to just four:
- Application whitelisting
- Effective OS patching
- Effective application updates
- Restricting of administrative privileges
For more background on this DoD paper I encourage you to read my USA Today article Four simple steps to protect the US from hackers.
I’ll be exploring the four mitigations in a two-part article and explaining how they combine to form an effective cyber security defence strategy. I’ll start in this article with Application Whitelisting.
1. Application White-listing
An application white-list is a register of applications that are approved to run on a computer system. Unless an application is explicitly listed it will not be permitted to run. This is the opposite of a blacklist where all applications may run except for those explicitly listed.
Application white-listing greatly reduces the risk of malware and other unauthorized software by mandating that only approved applications will run. Implementing white-listing on personal computers and other vulnerable devices makes it difficult for malware to get a foothold within the organisations and greatly reduces its opportunity to spread. Enterprise system management frameworks such as Microsoft System Center Configuration Manager incorporate application white-listing capabilities as standard.
A frequent criticism of application white-listing is that it is inflexible for the end-user and places a significant management overhead on systems administrators. These issues can be mitigated by implementing white-listing in conjunction with an enterprise application store, such as 1E Shopping, for self-service software provisioning. Such a service empowers end-users to install corporate software when they need it and at a delivery time that suits them and in the process reduces management overhead.
In the next article I will be exploring how effective OS patching and application updates, along with restricted administrative privileges, are the key to good IT security (click here to read Part 2).