The best way to defend against most network vulnerabilities is to deal with the simplest attack vectors, according to Australia’s Defence Signals Directorate (DSD). The DSD’s analysis has credibility and clout, because it’s based on analysis of real attacks launched against Australian government networks. And according to its …
It's not convenience..
"Attackers, it seems, can be just as interested in convenience as those they attack"
Not quite. In Australia they are probably behind the curve because there is not much effort involved in getting return on effort. You will only see the "quality" of attacks go up when the easy route in is no longer available. You could call it "convenience", but IMHO the correct word is "efficiency"..
Why wheel out the fancy new 0-day when MS06-062 will do just fine?
I thought Australian digital security...
...meant locking yourself in the shed with a Bible and a blow-up kangaroo.
I'm sure I read that somewhere Our Glorious Government's website.
They're serious(ly insane)
Probably the same website that suggest sleeping with a pet to stay warm while "saving the planet".
And PLEASE no jokes about cuddling up with your pet python!
I keep telling grandma about no.23...
...but she insists that 12 months is long enough to keep server logs.
-why not uninstall acroread and flash
Yes, uninstall the targets, if you can!
AC has got a point. If you can live without the "most targetted applications" (which maybe also means "the motu buggy applications") just uninstall them. And before yelling "I can't live without flash/adobe/office/windows" just think twice. You *REALLY* can't, or you just don't want to try?
I have tried, and I can. I run Linux, and I suggest my customers that need windows to run openoffice, some other pdf viewer, some other browser, no flash, no silverlight, and so on.
Other PDF Viewer
Check out the history of vulnerabilities in other PDF viewers. Sure most of them haven't had as many vulnerabilities at Acrobat Reader, but most of them have shared some of the vulnerabilities of Adobe's product. The reason for this presumably being that the format itself is vulnerable.
And then there's the matter of security by obscurity. A friend of mine used to advocate a particular popular alternative to Acrobat Reader until I showed him how many vulnerabilities that had experienced (about half as many as Adobe over the period we were looking at). Thereafter he changed his allegience to a less popular alternative which had suffered fewer vulnerabilities. Or had it? Could it be that this reader was so obscure that nobody had actually checked whether the vulnerabilities were exploitable in that application.
The problem is that it's difficult to do without some sort of PDF reader. Even something that converts PDF documents into another format could suffer some of the vulnerabilties. From a corporate point a view a good IPS will protect against a lot of vulnerabilities. Sure, you can't be complacent just because you have one, but you'd be foolish to think you can do without one.
The underlying problem is that a large proportion of people don't take responsibility for their actions and inactions. Apathy is a "perfect" excuse.
So when you show people that they've done a stupid thing, they simply shrug their shoulders and say "nobody told me". Even AFTER they were told several times and signed a piece of paper saying that they understood not to do it.
personally I use all four of the DSD recommended procedures - except 'whitelisting applications' for which I have no idea what they mean.
I also run mail but not web countermeasures/cleaning.
The biggest defence is the right-royal pain in the bum selinux from NSA ( kind of the US equivalent to the DSD only bigger)
sever-side this is extremely effective but annoying as hell as app after app gets blocked, or even minor config changes break apps. This is 'easily' fixed but tiresome.
For non-linux clients, WIndows 7 is pretty good at defending itself. It's just the soggyware that causes problems by bypassing the OS - sort of understandable though.
"personally I use all four of the DSD recommended procedures - except 'whitelisting applications' for which I have no idea what they mean."
If you don't know what "whitelisting applications" means then there's probably a whole lot else you don't know about security. Whitelisting applications simply means creating a list of known safe applications and not allowing anything to execute that isn't on that list. If you're going to do this then always make sure you're actually checking the file's contents rather than just it's name. I knew one organisation that did the latter and users quickly learned they could run other applications by changing the filename to something that was on the whitelist.