Essential Eight and Non-Windows Devices

Introduction

Cybersecurity isn’t just a Windows-world concern; it’s a universal necessity. Originally tailored for Windows environments, the Essential Eight framework is a set of strategies designed to harden systems against attacks. But what about Mac, Linux, or other operating systems that also face significant security threats? Join us as we explore how the universally relevant principles of the Essential Eight can be adapted to protect the full array of computing environments.

The ISM and the Essential Eight

While the Essential Eight framework appears to be relevant only to Windows systems, the foundational security principles behind these strategies are universally applicable. These strategies align with the broader controls outlined in the Information Security Manual (ISM), which is developed by the Australian Cyber Security Centre (ACSC). The ISM offers a comprehensive set of controls covering various aspects of IT security, including governance, access control, encryption, incident response, and system operations. Designed to be both comprehensive and adaptable, almost all the ISM’s controls can be applied across any technology platform, providing a foundation from which the Essential Eight is derived and to which it maps. To that end, let’s explore each of the Essential Eight pillars in the context of the ISM controls and strategies they map to.

Adapting Essential Eight Strategies for Non-Windows Systems

Application Control: ISM controls advocate for system hardening, which includes application allowlisting as a crucial element. Application control attempts to restrict software execution to trusted applications only, thus blocking malicious software by default. While tailored for ease of implementation on Windows via Group Policy and other 3rd party tools, similar outcomes are achievable on MacOS and Linux using tools like Santa and AppArmor, supporting the ISM’s goal of minimising malicious software execution.

Patching Applications & Operating Systems: Consistent application updates to address vulnerabilities are central to both the ISM and the Essential Eight. The ISM encourages a robust patch management process to maintain security integrity, which mirrors the Essential Eight’s emphasis on timely updates. On non-Windows platforms, this may involve using specific or cross-platform management tools that ensure all software is kept up to date, in line with ISM standards. Products like Jamf, Automox, or Ansible can help you achieve full coverage of your environment.

Restricting Office Macros: The ISM controls include measures to restrict the execution of potentially malicious code, a principle that encompasses the Essential Eight’s macro settings controls. Originally focusing on Microsoft Office, the foundation of this strategy applies to any office suite, including LibreOffice on Linux or iWork on MacOS, by disabling macros or managing their execution from untrusted sources. A substantial portion of the controls recommended by the ISM can be automated at an enterprise level using tools like Jamf and Ansible.

Restricting Administrative Privileges: Both frameworks emphasise controlling administrative privileges to lessen exploitation risks. The ISM’s user access controls require precise management of privileges, a practice echoed in the Essential Eight, which outlines steps for Windows environments that can also be adapted to MacOS and Linux using respective management tools like Ansible and Jamf.

User Application Hardening: The ISM recommends strategies that involve securing browsers, PDF viewers, and office apps on MacOS and Linux by restricting plugins and minimising interactive PDF features. This aligns with the ISM, which also emphasises minimising application privileges, updating software regularly, and isolating applications to prevent exploitation of vulnerabilities. Both frameworks aim to enhance security by reducing the threat surface area of common productivity applications.

Regular Backups: The Essential Eight and the ISM both stress the importance of routinely backing up critical data to facilitate recovery from data losses caused by cyber-attacks or system failures. This approach is vital for preserving data integrity and availability on all operating systems. The ISM advocates for strong, regularly tested backup procedures as part of an organisation’s wider disaster recovery efforts. It also emphasises the secure storage of backups to prevent unauthorised access and guarantee effective data restoration.

Multi-Factor Authentication: The Essential Eight requires the adoption of various verification methods to tighten system access, enhancing security for all user accounts. This method is crucial for blocking unauthorised access across operating systems like MacOS and Linux. The ISM supports this by endorsing Multi-Factor Authentication (MFA) as a fundamental security tactic, highlighting its importance in protecting sensitive data and systems from breaches. As MFA often depends on online services, implementing these controls generally does not require tools specific to any operating system.

Challenges and Considerations

Adapting a Windows-centric security framework to other operating systems is not without its challenges. Differences in file system structure, user management, and built-in security features can complicate direct translations of Windows-based security controls. New procedures will need to be created that cater to the non-Windows machines in your environment. Additionally, ongoing compliance against ISM controls in an organisation for non-Windows machines necessitates the use of additional tools that automate these new processes and minimise the resources required.

Conclusion

The Essential Eight is not just for Windows.

By adapting these strategies to various operating systems, organisations can create a more resilient cybersecurity posture that stands up to a range of threats. In the dynamic field of IT security, adaptability is key, and the Essential Eight provides a solid foundation for building system-wide protections.

Why Frame?

Addressing cybersecurity non-compliance is paramount in safeguarding your organisation’s assets and reputation. Frame offers tailored solutions to mitigate this risk effectively.

Firstly, our team of cybersecurity experts specialises in modernising legacy systems and integrating them with innovative security solutions. By leveraging our expertise, your organisation can ensure seamless integration with modern security frameworks, thereby bolstering your defences against cyber threats.

Secondly, through Frame Secure, we provide comprehensive assessments to evaluate your cybersecurity compliance, aligning with industry standards and regulations. Our accredited experts, certified by leading vendors such as Microsoft, Cisco, and VMware, deliver fast and reliable assessments to ensure that the highest standards of cybersecurity are met.

Don’t wait until it’s too late. Take proactive steps to enhance your cybersecurity posture with Frame’s tailored solutions and expertise. Secure your organisation’s future today.