The Australian Government has just updated their list of "Strategies to Mitigate Targeted Cyber Intrusions". They declare that implementing the top 4 recommendations would have prevented 85% of the incidents within the government last year, which provides legitimate data to strengthen the point of the "Software and Cyber Hygienists" are making: many security problems can be avoided by solid system administration techniques.
Here are the top 4:
- Patch Applications quickly (2 days) - last year's #2
- Patch OS quickly (2 days) - last year's #1
- Do not run as Admin
- Whitelist Applications
It is interesting to note that patching of Application has taken the top spot from OS patching in terms of efficacy, due to the increasing focus of the attackers against that often neglected area of standarad desktop applications.
Further, while I believe 1 and 2 can be done everywhere and have a mature toolset, 3 and 4 are challenging to implement even in new OS versions and very complicated in older versions of Windows (XP, etc). Do you have any experiences in the roll out of the top 4 that you can share with the community ?
Reference: Original link from the Defence Signals Directorate