What is Essential Eight?
The Essential Eight strategy is developed by The Australian Cyber Security Centre (ACSC) to protect Microsoft Windows-based internet-connected networks. It includes a set of eight strategies that enterprises need to achieve for cyber protection. The framework has 3 maturity levels that suit each business's risk category.
Maturity Level Zero
Not aligned with mitigation strategy objectives.
Maturity Level One
Partially aligned with mitigation strategy objectives.
Maturity Level Two
Mostly aligned with mitigation strategy objectives.
Maturity Level Three
Fully aligned with mitigation strategy objectives.
The Essential Eight;
1. Application Control
Application control is a security approach designed to protect against malicious code (also known as malware) executing on systems. When implemented robustly, it ensures only approved applications (e.g. executables, software libraries, scripts, installers, compiled HTML, HTML applications, control panel applets, and drivers) can be executed.
While application control is primarily designed to prevent the execution and spread of malicious code, it can also prevent the installation or use of unapproved applications.
2. Patching Applications
By maintaining a clear and streamlined patch management process – including an awareness of information sources used to determine whether security vulnerabilities are currently being exploited, an awareness of the regular patch release schedules of vendors, defined responsibilities for individuals involved in patching activities, and regular vulnerability scanning for missing patches – organisations can position themselves to act swiftly upon security bulletin or patch releases. In doing so, organisations can dramatically reduce the time between noticing information on new security vulnerabilities and applying patches or implementing temporary workarounds where appropriate.
3. Microsoft Office Macro Settings
An increasing number of attempts to compromise organisations using malicious macros have been observed. In particular, adversaries have been observed using social engineering techniques to entice users into executing malicious macros in Microsoft Office files. The purpose of these malicious macros can range from cybercrime to more sophisticated exploitation attempts.
By understanding the business requirements for the use of macros, and applying the recommendations in this publication, organisations can effectively manage the risk of allowing macros in their environments.
领英推荐
4. User Application Harding
An increasing number of attempts to compromise organisations using malicious macros have been observed. In particular, adversaries have been observed using social engineering techniques to entice users into executing malicious macros in Microsoft Office files. The purpose of these malicious macros can range from cybercrime to more sophisticated exploitation attempts.
By understanding the business requirements for the use of macros, and applying the recommendations in this publication, organisations can effectively manage the risk of allowing macros in their environments.
5. Restrict Administrative Privileges
Users with administrative privileges for operating systems and applications are able to make significant changes to their configuration and operation, bypass critical security settings and access sensitive information. Domain administrators have similar abilities for an entire network domain, which usually includes all of the workstations and servers on the network.
Adversaries often use malicious code (also known as malware) to exploit security vulnerabilities in workstations and servers. Restricting administrative privileges makes it more difficult for an adversary’s malicious code to elevate its privileges, spread to other hosts, hide its existence, persist after a reboot, obtain sensitive information or resist removal efforts.
An environment where administrative privileges are restricted is more stable, predictable, and easier to administer and support, as fewer users can make significant changes to their operating environment, either intentionally or unintentionally.
6. Patch Operating Systems
By maintaining a clear and streamlined patch management process – including an awareness of information sources used to determine whether security vulnerabilities are currently being exploited, an awareness of the regular patch release schedules of vendors, defined responsibilities for individuals involved in patching activities, and regular vulnerability scanning for missing patches – organisations can position themselves to act swiftly upon security bulletin or patch releases. In doing so, organisations can dramatically reduce the time between noticing information on new security vulnerabilities and applying patches or implementing temporary workarounds where appropriate.
7. Multi-Factor Authentication
Adversaries frequently attempt to steal legitimate user or administrative credentials when they compromise a network. These credentials allow them to easily propagate on a network and conduct malicious activities without additional exploits, thereby reducing the likelihood of detection. Adversaries will also try to gain credentials for remote access solutions, including Virtual Private Networks (VPNs), as these accesses can further mask their activities and reduce the likelihood of being detected.
When multi-factor authentication is implemented correctly, it is significantly more difficult for an adversary to steal a complete set of credentials as the user has to prove they have physical access to a second factor that either they have (e.g. a physical token, smartcard, or software certificate) or are (e.g. a fingerprint or iris scan).
8. Daily Backup
A backup is a process by which important data, software, and configuration settings are stored for the purpose of recovering from an unplanned event such as server failure, accidental deletion of a file, or malicious activity.
Regular backups should be performed in a coordinated and resilient manner in accordance with ‘best practice’ business continuity requirements.
Backups should be protected in a manner in which they cannot be tampered with, as it is not uncommon for hackers to search an organisation’s network for backups.
In addition to backing up an organisation’s data, it is also important to test the restoration of systems, software, and important data from backups. Testing should be in a coordinated manner as part of business continuity or disaster recovery exercises.