by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : January 2015
ATTACKERS LOOKING to gain access to government systems and networks are constantly scanning targets for vulnerable software and initiating campaigns to trick users into downloading and executing malicious files. Unauthorized software increases the attack surface for adversaries, because any software that is not authorized is likely unmanaged, without proper patching, updates and configurations. Moreover, IT managers with incomplete knowledge of their agency’s software cannot fully secure their assets. Unfortunately, preventing and identifying unauthorized software in large government networks is often a formidable challenge. Following are eight key guidelines and recommenda- tions that can make tackling the issue of unauthorized software much more manage- able: 1. Nip it at the source. While a robust application whitelist- ing capability should be the goal, a first step is to prevent unauthorized software from even entering the government environment in the first place. Agencies should have clearly defined groups or individu- als who are responsible for obtaining, testing, approving, deploying and maintaining software so that end users can- not obtain software directly from external sources. Primary sources for unau- thorized software are email, web and removable media. Security teams with strong pe- rimeter security controls can block files with extensions of known executables (.exe, .msi, .bin) along with mime types such as binary/octet-stream, application/octet-stream and application/x-msdownload via existing email and web gate- way technologies (including inside compressed files). Host- based controls can similarly block known extensions and file types or block removable media entirely if not autho- rized in the environment. This practice may eliminate some of the obvious targets and force attackers to give up or develop more expensive techniques. 2. Don’t forget active content and browser extensions. Application whitelisting at the client level can be ver y effec- tive to prevent stand-alone malicious programs from executing on the host. How- ever, many whitelisting tools cannot effectively prevent the execution of active content or capabilities of browser exten- sions or add-ons. For example, a whitelisted browser still provides a rich environment for potential attacks and execution of malicious mobile content via ActiveX controls, java and browser extensions. Active content is also often executed when simply browsing the Internet and can be installed without knowledge of the end user. Active content and extensions can be limited by enforcing local browser/client settings or blocking associ- ated network requests for such content at perimeter security gateways. 3. Minimize administrative privileges. End users on gov- ernment workstations should never be operating with ad- ministrative privileges by de- fault and should not even have an option to elevate them- selves to administrators unless required and properly audited. Without administrative privi- leges, users can be prevented from running software instal- lation packages or executing other binary content requiring registry modifications or other privileged actions. 4. Use audit/monitor mode. Depending on the size of an agency, it could take months or even years to get to a com- plete, current and manageable whitelist of approved software. However, most application whitelisting tools offer “audit” or “monitor” modes to provide logging and visibility of what software is being executed throughout the organization. The audit/monitor mode can be used to determine which applications should and should not be permitted. 5. Draw a line in the sand. As noted above, achieving effec- tive application whitelisting across a large agency is neither trivial nor quick. Instead, consider drawing a line in the sand with the current footprint of executable software. Essen- tially serving as a “temporary whitelist,” this baseline can be used to ensure no additional software is permitted into the enterprise. 6. Confirm senior leadership support. Full support from senior leadership is critical to make sure efforts to ad- dress unauthorized software continue while also forcing non-compliant business unit applications and processes to take appropriate remedial actions. 7. Engage stakeholders early. Because of the potential for stopping certain business processes from functioning, it is critical to identify all stake- holders and engage them early and often. A robust communi- cations plan will help ensure stakeholders understand and support the efforts and are not surprised by any results. 8. Prepare for emergency requests. Although the team responsible for maintain- ing an application whitelist should generally be engaged, resource constraints may limit this option. As an alternative, emergency firecall accounts and processes could be established to allow help desk or other personnel to provide temporary support of emer- gency requests if the risk to the agency is acceptable. Following these recommen- dations should help agencies gain control of unauthor- ized software and realize the substantial benefits of an en- vironment where malicious or unauthorized binaries are no longer able to wreak havoc. • — Members of the (ISC)2 U.S. Government Advisory Board Executive Writers Bu- reau include federal IT secu- rity experts from government and industry. JUNIT BY (ISC)2 GOVERNMENT ADVISORY BOARD EXECUTIVE WRITERS BUREAU INDUSTRY INSIGHT 8 ways to reduce unauthorized software GCN JANUARY 2015 • GCN.COM 21 0115gcn_021.indd 21 1/8/15 4:12 PM
November and December 2014