Personal tools

AusCERT Conference

In Australia, the AusCERT conference has proven to be the premier IT security event for IT professionals and anyone with an interest in IT security security.

AusCERT PKI certificate service

AusCERT Certificate Service offers certificates for a wide variety of uses including web servers (SSL), software (code signing) and people (S/MIME) to Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

Blog

In the Blog

Welcome to the AusCERT blog, where AusCERT will informally discuss current activity and interesting developments in the area of information security, Internet security and computer network attacks. We welcome comments and corrections of any of the information contained in the blog.
Choosing good passwords
How hard is it to choose a good password? Most people believe that choosing a good password is easy. After all, how is somebody going to guess my mother's maiden name?
Don't get scammed
Beware of unsolicited contact from scammers.
Useful Security Resources
You have been advised your web site is compromised - what now?

Ransomware

Ransomware is still unfortunately common. Take steps today to avoid being affected by ransomware.

The link address is: http://www1.auscert.org.au/render.html?it=17155

Don't get scammed

Beware of unsolicited contact from scammers.

AusCERT was recently targeted by telephone scammers, purporting to
be from a reputable employment recruitment company seeking to update
its database, inquiring about several staff members. It is therefore
worthwhile to remind companies that, while not new, these types of scams
are continuing to operate. This type of contact is suspicious, as it is
often a precursor to a targeted email or telephone communication to a
staff member from the scammer who, posing as the CEO (or other senior
staffer, like the CFO) of the business, requests a wire transfer to a
'vendor' controlled by the scammer. This is most often executed when
the CEO is away, making it appear more legitimate that a request would
be made remotely. The attack often succeeds because the intelligence
gathered earlier enables the attacker to effectively masquerade as a
senior staff member of the business.

This attack is a variant of what is known as the Business Email
Compromise. It is known by this name because an attacker may compromise
the email account of the CEO prior to requesting the wire transfer. This
enables both a stronger base for business recconaisance and results in
a much more credible email source for the attack.

Combating this threat relies heavily on staff education and vigilance. You
should always be suspicious of an unexpected change to payment
arrangements and verify their source before proceeding. Staff should
be advised what is appropriate to reveal on the telephone to unknown
callers. Staff should clarify with the caller, their name and organisation
on whose behalf they are calling; and it is useful to contact the company
directly after the call to verify if they made the call. Always maintain
an anti-malware solution on your computers to avoid email compromise,
but staff should also be aware not to open unsolicited attachments that
may contain malware or click on links in suspicious emails.

An unrelated scam, but similar in impact sees scammers calling individuals
and businesses demanding payment for overdue accounts. The scammers claim
to be from telcos, energy providers and even the government, threatening
fines or other penalty if the victim doesn't pay immediately. You should
never pay money in response to this type of demand; confirm independently
with your provider and only by contacting them via reliable details such
as from a previous bill.

For more information about the BEC threat, the following resources will
be helpful:

https://www.us-cert.gov/ncas/current-activity/2015/06/24/Fraud-Alert-Issued-Business-Email-Compromise-Scam

For more information about the fake debt collection scam, visit the
Scamwatch site at:

http://www.scamwatch.gov.au/news/fake-debt-collectors

Useful Security Resources

At AusCERT, we're often asked for information about security guides and
checklists. Here's what I hope will be a handy roundup and our intention
is to add to this document as useful resources come to hand.

This is the AusCERT Unix Security Checklist:
https://www.auscert.org.au/resources/publications/guidelines/unix-linux/unix-and-linux-security-checklist-v3.0

This is the Australian Signals Directorate (ASD) Australian
Government Information Security Manual (ISM). The manual is the
standard which governs the security of government ICT systems:
http://www.asd.gov.au/infosec/ism/index.htm

ASD Strategies to Mitigate Targeted Cyber Intrusions
http://www.asd.gov.au/infosec/mitigationstrategies.htm

ASD Publications
http://www.asd.gov.au/publications

This is the Australian Government Protective Security Policy Framework
site. The PSPF defines security measures for government agencies:
https://www.protectivesecurity.gov.au/Pages/default.aspx

The OWASP top ten most critical web application security flaws:
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

The SANS Critical Security Controls for Effective Cyber Defense:
http://www.sans.org/critical-security-controls/

The Center for Internet Security, Inc. publishes a
set of Critical Security Controls for cyber defense:
http://www.cisecurity.org/documents/CSC-MASTER-VER5.1-10.7.2014.pdf

This is a guide to securing a RedHat Linux system:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/index.html

This is a guide to using SELinux on a RedHat Linux system:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/index.html

This is a set of recommendations used by the
Linux Foundation for their systems administrators.
https://github.com/lfit/itpol/blob/master/linux-workstation-security.md

NIST DOD Windows 7 security recommendations:
https://web.nvd.nist.gov/view/ncp/repository/checklist/download?id=257&checklistId=290

Mac OS X Security Configuration Guides:
https://www.apple.com/support/security/guides/

Oracle database security guides:
https://docs.oracle.com/database/121/nav/portal_25.htm

Security resources for Amazon Web Services, including an audit checklist,
are found at:
http://aws.amazon.com/compliance/

SANS SCORE - Security Consensus Operational Readiness Evaluation. A
repository of security checklists:
https://www.sans.org/score/

National Security Agency security configuration guides - includes
network, operating systems and industrial control systems:
https://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/