NSA Publishes Best Practices for Improving Network Defenses

The National Security Agency (NSA) this week published a set of best practices for organizations looking to improve the overall security of their networks.

The guidance is meant to be generic, applicable to a broad range of network devices, and should help administrators prevent adversaries from exploiting their networks.

According to the NSA, organizations looking to ensure that a network is protected from threats and that resources are secured should implement multiple defensive layers and also adopt a zero-trust security model.

When it comes to network architecture, the NSA recommends that organizations install security devices such as a border router and next-generation firewalls at the perimeter, and also notes that publicly accessible systems and outbound proxies should be placed in between firewalls, and that monitoring solutions, remote log servers, and redundant devices should be deployed within the network.

Furthermore, the NSA notes in its Network Infrastructure Security Guidance that admins should group together similar systems within the network and isolate them into subnets, applying proper network segmentation to ensure that an adversary able to compromise the most exploitable devices in the environment cannot reach other systems as well.

“Operational technology, such as industrial control systems, typically need to be isolated from other information technology and high-risk networks like the Internet. This physical separation provides stronger protection because the intermediate device between subnets must be compromised for an adversary to bypass access restrictions,” the NSA says.

[ READ: NSA Provides Guidance on Cisco Device Passwords ]

Network security best practices, the NSA says, also include implementing access restrictions to critical internal network devices and a network access control (NAC) solution, removing backdoor connections, and limiting and encrypting virtual private networks (VPNs).

In addition to a secure network architecture, administrators should also properly configure authentication, authorization and accounting (AAA) and apply the principle of least privilege, they should ensure that administrative accounts are properly secured with unique usernames and passwords, should securely store credentials, and should disable unused accounts.

Network security best practices, the NSA says, also include proper file system and boot management, maintaining all software and operating systems updated, and ensuring that in-use hardware is still supported by vendors.

Remote logging and monitoring along with secure remote management of network devices should also be implemented. Moreover, administrators are advised to disable IP source routing, disable unused ports and port monitoring, and disable unnecessary network services.

“Along with essential maintenance functions, administrators play a critical role in defending networks against adversarial threats. Following this guidance will assist these network defenders with putting cybersecurity best practices into action, lowering the risk against compromise and ensuring a more secure and better protected network,” the NSA concludes.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has encouraged network architects, defenders, and administrators to review the NSA’s guidance to harden their networks.

Related: NSA Shares Guidance for Government Employees on Securing Wireless Devices in Public

Related: NSA, CISA Issue Guidance on Selecting and Securing VPNs

Related: NSA Publishes Guidance for Enterprises on Adoption of Encrypted DNS