Domain: dsd.gov.au
Stories and comments across the archive that link to dsd.gov.au.
Comments · 15
-
Aussies Did it Better
The Australian Department of Defense Top 35 Mitigation Strategies is a pretty good start for a corporate infosec framework.
http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm -
Re:Source
Yes; some very good people who evaluate products for use within the Oz government and Defence:
http://www.dsd.gov.au/infosec/epl/index.phpHowever, the process is usually long, often expensive, and generally targets a particular software/hardware combination; bump your version number, and there's potentially a fairly significant re-evaluation required.
Huawei could take advantage of this program now, but would either need to front up some dough, or have a sponsor to guide them through it.
-
Re:Hah! Take that, my bank!
The only Australian bank that I use has the following setup-
Whilst we're in Australia...
The DSD (an approx. Aussie equivalent of the American NSA) recommends the following password complexity:
a minimum length of 12 alphabetic characters with no complexity requirement; or
a minimum length of nine characters, consisting of at least three of the following character sets:
lowercase alphabetic characters (a-z)
uppercase alphabetic characters (A-Z)
numeric characters (0-9)
special characters.That's for "regular" security. For Top Secret, it increases to 15 and 10 characters.
Source: http://www.dsd.gov.au/infosec/ism/index.htm and in "Filter by section", choose "Access Control, Identification and Authorisation". Directly applies to Australian Government properties, and good reading for everybody else too.
-
Re:The important link
Some other links I just stole from a comment in TFA from an anonymous poster
NSA recommendations for Apple products (also has recommendations for Linux, Windows and Solaris)
iOS Hardening Configuration Guide from the Australian Department of Defense -
Re:And who were the attackers?
So basically the USA is *still* not taking steps to secure its critical infrastructure networks and other countries including China are still taking advantage of said lack of security. Wow! News at eleven. Meanwhile the US and her allies are doing the same thing back. Australias DSD motto is "Reveal their secrets, protect our own" http://www.dsd.gov.au/ I'm sure teams in the NSA and CIA have similiar mottos. The idea of good guys vs bad guys because of the lattitude and longitude of where your mothers uterus deployed you is stupid. Everyone is doing it... you just don't hear about your team because reporting on it would be unpatriotic and not in the national interest.
-
Re:Is this a US thing?
At the movies yesterday (Australia, Avengers) there was a flashy advert recruiting for the Defence Signals Directorate Cyberwarfare Squad or some such crap.
Ah yes here it is.
http://www.dsd.gov.au/careers/cyberoperations.htm
I hope it is the obvious money grab it looks like, because the people this sucks in are going to be complete fuckwits.
-
US cloud and .com hosts.....
Many people will be looking twice at their hosting needs, local privacy laws and new US telco laws.
The only thing the US can still offer is the word "unlimited" on cheap shared best effort servers deals.
http://www.smh.com.au/it-pro/cloud/what-will-you-do-when-the-us-comes-for-you-20120125-1qhc1.html
http://www.dsd.gov.au/infosec/cloud/cloud01.htm -
Re:Sounds fairly realistic to me
I agree. The scope of government intervention in the cyber world should not overstep its responsibilities.
Aussie government departments already provide cyber threat advisory to Australian business, and it's all out in the open.
-DSD (Aussie version of the NSA) provides cyber protection and advice to Australian government, and makes a lot of it's advice available for business to use
-The Attorney Generals Dept provides cyber security advice to Australian businesses and individuals
-Aus CERT does much of the same
The simple fact is most businesses have no idea about cyber security. The government tries to educate them, as do IT security industry such as SANS.
The government forcing cyber security down businesses throats would be the equivalent of using infantry to defend banks cash vaults. It's not their job, nor in a free democracy should it be
-
Re:Sounds fairly realistic to me
I agree. The scope of government intervention in the cyber world should not overstep its responsibilities.
Aussie government departments already provide cyber threat advisory to Australian business, and it's all out in the open.
-DSD (Aussie version of the NSA) provides cyber protection and advice to Australian government, and makes a lot of it's advice available for business to use
-The Attorney Generals Dept provides cyber security advice to Australian businesses and individuals
-Aus CERT does much of the same
The simple fact is most businesses have no idea about cyber security. The government tries to educate them, as do IT security industry such as SANS.
The government forcing cyber security down businesses throats would be the equivalent of using infantry to defend banks cash vaults. It's not their job, nor in a free democracy should it be
-
As always, google is your friend
Dear anonymous,
As always, google is your friend.
My learning disabled kid brother doesn't know what data forensics is, but he knows how to use google.
Use it.
http://www.google.com/search?q=knoppix+validation& sourceid=firefox&start=0&start=0&ie=utf-8&oe=utf-8
http://www.google.com/search?q=linux+forensics&sou rceid=firefox&start=0&start=0&ie=utf-8&oe=utf- 8
PDF - KNOPPIX Bootable CD Validation Study for Live Forensic Preview ...
Linux-Forensics.com Home of the Penguin Sleuth Bootable CD
Knoppix security tools distribution Knoppix STD (security tools distribution)
From Australian DoD page:http://www.dsd.gov.au/library/software/flag/
FLAG uses the SleuthKit tool from www.sleuthkit.org to analyse dd images. By putting inode information in the database it is possible to cross-correlate file properties, and simplify the forensic analysis process. -
Re:CritiqueIt is correct that some networks cannot even be 'integrated' due to their classification levels.
However several classes of network products do exist, commonly called Trusted Network Separation products that can be used to provide unidirectional communications between two gateways (ie. the host machines on a low and high class network). These are sometimes called Data Diodes owing to the way they work.
These products are accredited for use within military organisations worldwide.
Data Diode information
Some examples of evaluated products -
Re: Auditing for Linux?
Geeknews has a segment on an Oz IT Security firm (InterSect Alliance) which was started by a couple of ex-spooks from DSD, the Australian equivalent of the NSA. They're aparently investigating the possibility of a government-strength C2 audit module for Linux. A chance to push open source into those really paranoid government agencies? So much for microsoft saying linux has 'poor security functionality' because it has no 'C2 government strength' security.
-
Echelon&&NSA==nothing to do with intelligeold new this, it appeared on aus tv (ch9, sunday sunday 0900 hrs, 23Mar1999). this has been the week of spies and censorship,
- ex aus dsd op. caught selling secrets
- echelon exsitance revealed - check out the faq and website.
- aus gov trying to censor the web & giving authority to DSD to legally hack web accounts.
- and using Cray supercomputers to do this.
- dont forget to go to the DSD homepage to play the puzzle games (a bit weird for a serious intelligence agency!)
for the uninformed '/.ers' it's nice to see a whole wad of american tax payers money spent on useful stuff like euchelon, spying on *cough*allies*cough* ....and the NSA and our DSD own - their've got nothing to do with intelligence :)
the saddest part is the DSD agency (in aus, NSA is accountable to us gov) is not held accountable in australia..what a bloody joke!
- ex aus dsd op. caught selling secrets
-
Echelon&&NSA==nothing to do with intelligeold new this, it appeared on aus tv (ch9, sunday sunday 0900 hrs, 23Mar1999). this has been the week of spies and censorship,
- ex aus dsd op. caught selling secrets
- echelon exsitance revealed - check out the faq and website.
- aus gov trying to censor the web & giving authority to DSD to legally hack web accounts.
- and using Cray supercomputers to do this.
- dont forget to go to the DSD homepage to play the puzzle games (a bit weird for a serious intelligence agency!)
for the uninformed '/.ers' it's nice to see a whole wad of american tax payers money spent on useful stuff like euchelon, spying on *cough*allies*cough* ....and the NSA and our DSD own - their've got nothing to do with intelligence :)
the saddest part is the DSD agency (in aus, NSA is accountable to us gov) is not held accountable in australia..what a bloody joke!
- ex aus dsd op. caught selling secrets
-
Echelon&&NSA==nothing to do with intelligeold new this, it appeared on aus tv (ch9, sunday sunday 0900 hrs, 23Mar1999). this has been the week of spies and censorship,
- ex aus dsd op. caught selling secrets
- echelon exsitance revealed - check out the faq and website.
- aus gov trying to censor the web & giving authority to DSD to legally hack web accounts.
- and using Cray supercomputers to do this.
- dont forget to go to the DSD homepage to play the puzzle games (a bit weird for a serious intelligence agency!)
for the uninformed '/.ers' it's nice to see a whole wad of american tax payers money spent on useful stuff like euchelon, spying on *cough*allies*cough* ....and the NSA and our DSD own - their've got nothing to do with intelligence :)
the saddest part is the DSD agency (in aus, NSA is accountable to us gov) is not held accountable in australia..what a bloody joke!
- ex aus dsd op. caught selling secrets