Connect with us

Hi, what are you looking for?


Endpoint Security

NSA Issues Cybersecurity Guidance for Remote Workers, System Admins

The National Security Agency (NSA) has published two cybersecurity information sheets (CSIs) with recommendations for National Security System (NSS) and Department of Defense (DoD) workers and system administrators on securing networks and responding to incidents during the work-from-home period.

The National Security Agency (NSA) has published two cybersecurity information sheets (CSIs) with recommendations for National Security System (NSS) and Department of Defense (DoD) workers and system administrators on securing networks and responding to incidents during the work-from-home period.

Titled Compromised Personal Network Indicators and Mitigations, the first of the CSIs is meant to deliver details on how teleworkers can identify and mitigate the compromise of their personal networks and to secure data and the equipment provided by the government when working remotely.

Furthermore, the CSI provides a series of indicators of compromise (IoC), along with the mitigation techniques that teleworkers can apply to prevent future compromises. The CSI is meant for government employees, but anyone can use the provided information to identify and prevent network breaches, the NSA points out.

“While there is no way to ensure that personal networks will be completely secured from attacks—attackers are persistent and continue to find ways to circumvent security controls—users can still take steps to help prevent future attacks,” the CSI reads.

Should the indicators of compromise outlined in the document be observed, users are advised to apply the provided mitigations to any computer, mobile device, or IoT device connected to their personal network.

Recommended steps to mitigate the compromise, the NSA says, include rebooting and resetting routers, disabling their remote administration functionality and updating the firmware; disconnecting infected machines from the network, resetting passwords on a different device and running anti-malware software; and removing ransomware infections and restoring a previously backed-up good state.

The document details a series of more aggressive actions as well, all meant to help users eliminate threats from their personal devices or network, in addition to mitigating the compromise.

Advertisement. Scroll to continue reading.

The NSA’s second CSI, which is titled Performing Out-of-Band Network Management, provides system admins information on how to isolate management traffic from operational traffic to ensure that a compromised device or malicious traffic won’t affect network operations or compromise network infrastructure.

“OoB [Out-of-Band] management creates a framework that enables administrators to improve the security of their networks by segmenting management traffic from operational traffic, and ensuring that management traffic only comes from the OoB communication path,” the NSA explains.

The document provides information on the architecture design of OoB management and recommends that a vulnerability and risk assessment should be performed first, to decide whether a virtually or physically segmented OoB network architecture should be implemented.

The NSA recommends using encryption protocols and strong encryption algorithms and key sizes, managing devices using strong virtual private networks (VPNs) only, hardening network management devices, continuously monitoring the network and reviewing logs, and establishing a configuration review and check-in process, which will allow easily identifying malicious changes.

Related: NSA Publishes Guidance on UEFI Secure Boot Customization

Related: NSA, CISA Urge Critical Infrastructure Operators to Secure OT Assets

Related: NSA Publishes Recommendations on Securing IPsec VPNs

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.