AusCERT sponsored research
- Periodically, AusCERT opens its doors to students, from institutions far and wide, who seek to augment their education with experience in a functioning CERT. Papers published here are the direct result of this experience.
Senate Select Committee enquiry into the National Broadband Network
Australian Paliament House of Representatives' cybercrime enquiry
The risks borne by one are shared by all - web site compromises
Skeleton DDoS Mitigation Procedure
- This is a skeleton procedure for mitigating a DDoS attack.
Choosing good passwords
- Choosing a good password is a trade off between something that is difficult
to guess versus something that is easy to remember. This article provides some simple rules of thumb on choosing good passwords (and good password policies).
Submission to the e-security review
AusCERT Home Users Computer Security Survey
- The AusCERT Home Computer Users Security Survey 2008 was prepared to assess the security posture of home Internet users, their level of security awareness and attitudes to Internet security. The survey aims to raise awareness of home Internet computer security issues.
Protecting your computer from malicious code
- This paper provides practical advice for protecting the PC desk top environment from malicious code for home users, SMEs or organisations without dedicated IT staff.
Filtering AusCERT Bulletins
- Small guide on optimising the bulletins.
Practical Computer Security slides
- AusCERT has released a basic Microsoft Powerpoint presentation to assist organisations with providing introductory computer security awareness training to individuals.
AusCERT DDoS Paper
- This paper has been developed by AusCERT to share some of the experiences, and lessons learned from a Distributed Denial of Service attack on the AusCERT web server.
Review of the .au domain name policy framework - submission to auDA
- How the domain name space is administered affects the ability of attackers to launch attacks against Internet users. AusCERT recommends policies and procedures be adopted by registrars to minimise the misue of the domain name registration and deregistration process to facilitate various forms of cybercrime.
Electronic Funds Transfer (EFT) Code of Conduct Review
- ASIC is reviewing the terms of the EFT Code of Conduct. AusCERT has made a submission about some aspects of the code and proposals raised in ASIC's discussion paper on the EFT Code of Conduct Review.
Haxdoor - Anatomy of an ID Theft Attack Using Malware
- This paper presents a case study about a series of related online ID theft trojan attacks that used Haxdoor variants and which targeted Australian and other Internet users. The paper describes the attack methodology and provides insight into the impact this type of attack can have on individuals, organisations and economies.
AusCERT submission to the Review of the structure and operation of the .au Internet domain 2006
- How the domain name space is administered affects the ability of attackers to launch attacks against Internet users. Therefore, AusCERT recommends that policies and procedures be adopted to minimise the misue of the domain name registration and deregistration process to facilitate various forms of cybercrime.
Tor anonymisation: a network defender's primer
- Tor (The Onion Router) is an Internet privacy application that is in its infancy, but is already changing the playing field on which network defenders must compete. This guide looks at what Tor is, how it works, and what it means for you as a network defender.
AusCERT Submission to the e-Security National Agenda Review
- As noted in the Review of the E-Security National Agenda Discussion Paper, the Internet threat landscape has changed fundamentally since 2001 when the e-Security National Agenda framework was first released.
Based on this fundamental change, this review provides an opportunity for the Australian government to consider implementing a range of practical strategies that will help reduce the level of Internet based attacks emanating from or targeting Australian networks, particularly those motivated by illicit financial gain.
2006 Australian Computer Crime and Security Survey
- The survey provides the most up to date and authoritative analysis of computer network attack and computer misuse trends in Australia for 2006. The survey aims to raise awareness of the complex nature of computer security issues, identify areas of concern and, where appropriate, to motivate organisations to take a more active role in protecting their systems.
AusCERT Submission to the Review of the Spam Act 2003
- The Australian Communication and Media Authority invited submissions from the public concerning the Spam Act 2003. AusCERT's submission to this review is here.
Case study: Anatomy of a web defacement
- The case study contains an in-depth analysis of a corporate web site defacement, with details on how the attack was performed and what system administrators can do to avoid similar incidents.
Case study: personalised phishing site
- A phishing attack has been seen recently in the wild where the attacker strengthened the credibility of their fraudulent site by including legitimate, previously obtained user details, such as home addresses and card numbers.
E-government phishing attack was aided by poor coding on legitimate government web site
Managing Risk Associated with Online ID Theft for Government and Providers of e-Government Services
Trends and Developments in Online ID Theft - Update, No. 2
Implications of Trends and Developments in Online ID Theft, No. 1
Update on Kezaam SecuryTeam Spam and Associated Trojan Incident
- This paper provides an overview of a recent "Kezaam SecuryTeam" incident which involved a wide spam run in Australia and elsewhere that attempted to induce recipients to click on a link to a web site for the purposes of installing malicious software.
Windows Rootkit Prevention and Detection
- This document is intended to introduce Windows system administrators to the concepts necessary to understand the threat posed by rootkits on the Windows platform.
The document also outlines tools and techniques that system administrators, and those responsible for incident response can use to detect and respond to rootkits on the Windows platform.
Risk of Compromise for Organisations using SSL
- Specialised software being used by some marketing companies poses a serious threat to the confidentiality and integrity of sensitive data organisations seek to protect through their secure socket layer (SSL) enabled web connections. This paper provides information about this threat, its potential impact on organisations wishing to protect access to confidential web data using SSL and explains what can be done to mitigate the risk. In particular we examine the potential for an SSL man-in-the-middle technique to be used to facilitate online banking fraud compared to other methods of online identity theft.
Enhancing Security of IP Multicast Traffic in Corporate Networks
- The use of multicast applications within the Internet is
increasing. This paper identifies the security implications related to
multicast communication. Possible solutions for enhancing multicast security
NIST Special Publication 800-36 - Guide to Selecting Information Technology Security Products
- The National Institute of Standards and Technology has published Special Publication 800-36 - Guide to Selecting Information Technology Security Products
Putting cyberterrorism into context
- 'Cyberterrorism' is an often misused and abused term which results in a misunderstanding of the threat. This article provides an assessment of the threat of cyberterrorism for Australian networks and compares this threat with other existing cyber threats.
Business Impact Assessment - Blaster revisited
- The Blaster and Welchia worms continue to have a sustained impact on many Australian networks. The newest Microsoft RPC vulnerabilities announced early on 11 September 2003 provide the potential for a new round of worm attacks. This time, however, the impact could be more severe - if, as we expect, the time to develop the worm code occurs more quickly than before.
Impact analysis of Apache/mod_ssl worm
- There are reports that the Apache/mod_ssl worm has compromised around 30,000 hosts. This article looks at some of the implications of distributed denial of service attacks that could be unleashed by compromised Slapper worm agents.
Know Thy Attacker
- A pdf file of the presentation "Know Thy Attacker"
1, 2 Next
denotes AusCERT member only content.