ACSC publishes secure administration guide

The Australian Cyber Security Centre has published a new guide designed to help organisations protect network and system assets against cyberthreats.

The Secure Administration guidebook details methods of protecting accounts with privileged network access to ensure hackers do not gain access to the “keys to the kingdom”.

The report states that the goals of an attacker are far easier to achieve when privileged network or system access has been attained.

Obtaining privileged access enables wider malware propagation, more intrusive access, access to sensitive data stores and insight into detection and cybersecurity response activities.

Privileged access was abused in the majority of cases involving compromises of Australian government networks investigated by the Australian Signals Directorate’s Incident Response team, the report stated. The method was also involved in major incidents including the high-profile Sony Pictures hack of last year.

According to the report, elements of secure administration can include privileged access control, multifactor authentication, privileged workstations in secure environments, logging and auditing, network segmentation or segregation and the use of jump boxes, or hardened remote access servers.

The report also details a number of unique considerations involved in secure administration of cloud-based networks. It also offers further reading including additional guides and Microsoft’s best practice recommendations.

Image courtesy of Dev.Arka under CC