DSD ISM (Sep 2009)
para 2.1.152: Information Technology Security Officers,
para 2.2.89: Standard Operating Procedures,
para 6.3.13: Standard Operating Environments, and
paras 6.1.98-108: Product Patching and Updating.

Official web page for Microsoft Windows Server Update Services (WSUS)

Wikipedia overview of WSUS

DSD ISM (Sep 2009)
para 2.2.152: Information Technology Security Officers,
para 2.2.89: Standard Operating Procedures,
para 6.3.13: Standard Operating Environments, and
paras 6.1.98-108: Product Patching and Updating.

Deploying Adobe PDF patches

Deploying Adobe PDF patches

Deploying Adobe PDF patches

An unprivileged account should be used for all work (including email and web browsing) that does not require administrative privileges.

DSD ISM (Sep 2009)
para 2.1.187: System Users,
paras 6.4.92-96: Privileged Access, and
para 6.4.118-119: Remote Access.

DSD ISM (Sep 2009)
paras 6.3.48-71: Application Whitelisting.

Review of several application whitelisting products

Using Software Restriction Policies to Protect Against Unauthorized Software

Overview of Microsoft AppLocker

Antivirus products are evolving to incorporate HIPS/HIDS functionality into converged endpoint security products.

DSD ISM (Sep 2009)
paras 6.6.211-212 & 6.6.222: Intrusion Detection and Prevention.

Example intrusion techniques detected and prevented by HIDS/HIPS products

HIPS information

HIPS information

DSD ISM (Sep 2009)
para 6.7.139 & 6.7.143: Data Import and Export.

Microsoft Office Isolated Conversion Environment (MOICE)

MOICE

MOICE

Disallow content that cannot be inspected e.g. password protected .zip attachments. Disallow incoming external emails that have your organisation's domain as the email sender.

DSD ISM (Sep 2009)
para 6.6.163: Email Infrastructure.

Email content filtering

Configure workstations with a non-routing network capture device as the default route, to facilitate detection of malware attempting to directly communicate with the Internet.

DSD ISM (Sep 2009)
paras 6.3.77-78: Web Applications,
para 6.6.172: Email Infrastructure, and
para 6.7.187: Firewalls.

DSD evaluated firewall products

Enabling and configuring DEP

DSD ISM (Sep 2009)
para 6.6.221: Intrusion Detection and Prevention.

DSD ISM (Sep 2009)
para 6.6.177: Email Infrastructure.

Wikipedia overview of SPF and Sender ID

Sender ID

SPF

DSD ISM (Sep 2009)
para 6.3.11: Standard Operating Environments.

Segregation should be based on connectivity required, user job role, trust boundaries (e.g. constrain remote access and wireless connections) and sensitivity of information stored instead of just based on geographic location.

Log blocked and successful activity e.g. web proxy, DNS, sensitive services and privileged users. Analyse logs for anomalies e.g. outgoing traffic out of business hours, long lived connections, periodicity and incoming/outgoing traffic ratio.

DSD ISM (Sep 2009)
para 2.1.161: Information Technology Security Officers,
para 2.2.89: Standard Operating Procedures,
para 6.3.11: Standard Operating Environments,
para 6.3.78: Web Applications, and
paras 6.4.131-153: Event Logging and Auditing.

DSD ISM (Sep 2009)
para 6.3.11: Standard Operating Environments.

User application configuration hardening examples include disabling script/macro features in Microsoft Office and PDF viewer, as well as disabling web browser ActiveX, Java and Flash except for whitelisted web sites. For web server applications, OWASP has guidelines for code review, data validation/sanitisation, user/session management, protection of data in transit and storage, error and exception handling, logging and auditing and authentication/authorisation.

DSD ISM (Sep 2009)
paras 6.1.65-68: Product Installation and Configuration,
paras 6.3.76-95: Web Applications,
para 6.3.154: Software Application Development, and
para 6.3.180: Web Application Development.

Securing web browsers

OWASP

DSD ISM (Sep 2009)
para 6.3.11: Standard Operating Environments.

DSD ISM (Sep 2009)
para 6.3.80: Web Applications.

Whitetrash dynamic web whitelisting plugin for the squid web proxy

DSD ISM (Sep 2009)
para 6.3.86: Web Applications.

DSD ISM (Sep 2009)
para 6.7.84: Gateway/Cross Domain Solutions.

DSD ISM (Sep 2009)
paras 6.2.11-29: Media Handling,
paras 6.2.45-67: Media Usage,
paras 6.2.83-106: Media Sanitisation,
paras 6.2.140-152: Media Destruction, and
paras 6.2.164-168: Media Disposal.

DSD evaluated media sanitisation products

DSD evaluated Sanctuary media control product

DSD evaluated SanDisk encrypted USB flash drive

DSD ISM (Sep 2009)
paras 6.3.80-81: Web Applications.

Whitetrash dynamic web whitelisting plugin for the squid web proxy

DSD ISM (Sep 2009)
para 6.6.175: Email Infrastructure.

These local administrator accounts should not be used. Instead, domain group privileges should be used for computer management.

DSD ISM (Sep 2009)
paras 6.3.82-83: Web Applications.

DSD ISM (Sep 2009)
paras 6.6.211-212 & 6.6.217: Intrusion Detection and Prevention.

DSD ISM (Sep 2009)
para 2.1.55: Chief Information Security Officer,
para 2.1.123: Information Technology Security Managers,
para 2.1.164: Information Technology Security Officers,
para 2.2.52: Information Security Policies,
para 2.2.94: Standard Operating Procedures,
para 3.1.44: Servers and Network Devices,
paras 4.1.10-17: Information Security Awareness and Training,
paras 6.6.211-212: Intrusion Detection and Prevention, and
paras 6.7.69-70: Gateway/Cross Domain Solutions.

DSD ISM (Sep 2009)
paras 6.6.211-213 & 6.6.216: Intrusion Detection and Prevention.