"Hi, my name is Michael, and I'm a Cyber Security Consultant here at AC3.
In this video, I'll be discussing the user application hardening mitigation strategy as part of our ACSC Essential Eight series.
User application hardening is the process of disabling unnecessary or high-risk functions in common programs to make exploitation less likely, while still allowing them to be used by an organisation.
In the context of the Essential Eight, user application hardening specifically looks at configuring web browsers to block flash, web advertisements, and Java on the internet, as well as disabling unneeded features in Microsoft Office, web browsers, and PDF viewers.
Level One organisations need to ensure web browser settings cannot be changed by users, with Level Two and Three organisations needing to ensure similar protections for Microsoft Office and PDF software security settings.
As organisations move to higher maturity levels, they will look to restrict Microsoft Office from creating child processes, executable content, injecting code into other processes, and preventing activation of OLE packages.
If you'd like guidance on which maturity level is right for your organisation or how effective your mitigation strategies are, please reach out to the team. We'd love to help."
AC3's Essential Eight Security Control Assessment can benchmark your current strategies against the ACSC's Essential Eight maturity models. Find out more here.