Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

Useful Security Resources

At AusCERT, we're often asked for information about security guides and
checklists. Here's what I hope will be a handy roundup and our intention
is to add to this document as useful resources come to hand.

Operating System / Application / Hardware

This is a guide to securing a RedHat Linux system:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/index.html

This is a guide to using SELinux on a RedHat Linux system:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/index.html

This is a set of recommendations used by the
Linux Foundation for their systems administrators.
https://github.com/lfit/itpol/blob/master/linux-workstation-security.md

NIST DOD Windows 7 security recommendations:
https://web.nvd.nist.gov/view/ncp/repository/checklist/download?id=257&checklistId=290

Mac OS X Security Configuration Guides:
https://www.apple.com/support/security/guides/

Oracle database security guides:
https://docs.oracle.com/database/121/nav/portal_25.htm

Cisco Firewall Best Practices Guide
http://www.cisco.com/web/about/security/intelligence/firewall-best-practices.html

Cisco Guide to Harden Cisco IOS Devices
http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

IPtables DDoS Protection: The Best Rules to Mitigate DDoS Attacks
https://javapipe.com/iptables-ddos-protection

The US-CERT guide to Securing Your Home Network
https://www.us-cert.gov/ncas/tips/ST15-002

This is the AusCERT Unix Security Checklist:
https://www.auscert.org.au/resources/publications/guidelines/unix-linux/unix-and-linux-security-checklist-v3.0

General Cyber Security

This is the Australian Signals Directorate (ASD) Australian
Government Information Security Manual (ISM). The manual is the
standard which governs the security of government ICT systems:
http://www.asd.gov.au/infosec/ism/index.htm

ASD Strategies to Mitigate Targeted Cyber Intrusions
http://www.asd.gov.au/infosec/mitigationstrategies.htm

ASD Publications
http://www.asd.gov.au/publications

This is the Australian Government Protective Security Policy Framework
site. The PSPF defines security measures for government agencies:
https://www.protectivesecurity.gov.au/Pages/default.aspx

The OWASP top ten most critical web application security flaws:
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

The SANS Critical Security Controls for Effective Cyber Defense:
http://www.sans.org/critical-security-controls/

The Center for Internet Security, Inc. publishes a
set of Critical Security Controls for cyber defense:
http://www.cisecurity.org/documents/CSC-MASTER-VER5.1-10.7.2014.pdf

SANS SCORE - Security Consensus Operational Readiness Evaluation. A
repository of security checklists:
https://www.sans.org/score/checklists/

National Security Agency security configuration guides - includes
network, operating systems and industrial control systems:
https://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/

Cyber security guides from the Multi-State Information Sharing & Analysis Center (MS-ISAC)
http://msisac.cisecurity.org/resources/guides/

The NIST Guide to Malware Incident Prevention and Handling:
http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf

The NIST Guidelines for Securing Wireless Local Area Networks (WLANs):
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-153.pdf

The US-CERT guide to Understanding Denial-of-Service Attacks:
https://www.us-cert.gov/ncas/tips/ST04-015 

The NCSC Factsheet - Technical measures for the continuity of online services - This factsheet provides advice regarding multiple technical measures to protect your infrastructure against the various forms of DDoS attack:
https://www.ncsc.nl/english/current-topics/factsheets/factsheet-protect-you-online-services-against-ddos-attacks.html 


Cloud Security

Security resources for Amazon Web Services, including an audit checklist,
are found at:
http://aws.amazon.com/compliance/

Cloud computing security resources from enisa, the European Union Agency for Network
and Information Security:
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing

Cloud Controls Matrix v3.0.1
https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/