See our previous blog for Part 1: Maturity Level 1
Points 1-4 from ML1 continue to apply at all maturity levels of the Essential 8 and so will not be mentioned again. The differences at ML2 lie within the points 5, 7 and 8
- “Multi-factor authentication is used to authenticate privileged users of systems.”
- “Multi-factor authentication uses either: something users have and something users know, or something users have that is unlocked by something users know or are.”
- “Successful and unsuccessful multi-factor authentications are logged.”
5. Multi-factor authentication is used to authenticate privileged users of systems.
This one here is a little complex in that it refers to another of the Essential 8 – Restrict Administrative Privileges. Users that manage systems, should require a separate account to log into those systems, in addition, those privileged systems are separate from unprivileged operating environments. With that in mind, to access those privileged systems, the user needs to use MFA to gain access. Calibre 1 Managed Service clients are all treated in this way by C1 staff, however this may require some internal policy and procedure changes to implement fully.
7. Multi-factor authentication uses either: something users have and something users know, or something users have that is unlocked by something users know or are.
Relatively simple, this refers to the requirement for a Password, and a fob token, or as is more common these days in a mobile first world, a Mobile Phone and application that requires Biometrics to unlock – or pin code to unlock. C1 recommend the use of Microsoft Authenticator with a Biometrically enabled smart phone, such as an iPhone or Android device.
8. Successful and unsuccessful multi-factor authentications are logged.
A core function of the Essential 8 and of security practice, important interactions with systems are logged. Calibre One recommend the use of Sysmon which is a freely available Microsoft tool, and AuditD for Linux based systems, that can capture this information and log it locally – configuration files that can be supplied to these can be found at Florian Roth’s GitHub, which present a great foundational configuration for these logs – link in the references section. Network Switches, Routers and Firewalls can also be configured to capture this information in Syslog.
See Previous Blog for Maturity 1
Join us for Maturity 3 in our next blog!
*Google product shown