It's time to look at another strategy in the ASD Essential 8. The concept of minimising administrative privileges was in the original ASD top 4, but unfortunately this important and very effective strategy is often overlooked. Administrative privileges are powerful, and once granted allow pretty much any change to be made to a system. If a user has administrative privileges to a system they can make intentional or unintentional changes that could have major consequences

Today I'm covering another strategy from the Australian Signals Directorate’s Essential 8: Disabling untrusted Microsoft Office macros.

We’ll be looking at strategies to protect against malicious macros. These strategies can all be implemented in a Windows domain environment using Group Policy and they do not require third party software. This might not be the most exciting subject in the world, but grab a coffee and stick with me, it’s important.

I recently wrote about the Australian Signals Directorate (ASD) Essential 8 and today will be covering one of the most effective of the 8 strategies, one that sits proudly in the original ASD top 4. Application whitelisting only allows known good applications to execute on a computer. If unknown applications can’t run on a system, then execution of malware and other malicious code is much less likely. Of course, it’s not foolproof and multiple layers of protection and strategies will always be required. For example, application whitelisting does not stop a known good program like a web browser from executing malicious code in memory. We of course need to make sure other strategies are in place like application patching and hardening.