Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

NSA Publishes Best Practices for Improving Network Defenses

The National Security Agency (NSA) this week published a set of best practices for organizations looking to improve the overall security of their networks.

The guidance is meant to be generic, applicable to a broad range of network devices, and should help administrators prevent adversaries from exploiting their networks.

The National Security Agency (NSA) this week published a set of best practices for organizations looking to improve the overall security of their networks.

The guidance is meant to be generic, applicable to a broad range of network devices, and should help administrators prevent adversaries from exploiting their networks.

According to the NSA, organizations looking to ensure that a network is protected from threats and that resources are secured should implement multiple defensive layers and also adopt a zero-trust security model.

When it comes to network architecture, the NSA recommends that organizations install security devices such as a border router and next-generation firewalls at the perimeter, and also notes that publicly accessible systems and outbound proxies should be placed in between firewalls, and that monitoring solutions, remote log servers, and redundant devices should be deployed within the network.

Furthermore, the NSA notes in its Network Infrastructure Security Guidance that admins should group together similar systems within the network and isolate them into subnets, applying proper network segmentation to ensure that an adversary able to compromise the most exploitable devices in the environment cannot reach other systems as well.

“Operational technology, such as industrial control systems, typically need to be isolated from other information technology and high-risk networks like the Internet. This physical separation provides stronger protection because the intermediate device between subnets must be compromised for an adversary to bypass access restrictions,” the NSA says.

[ READ: NSA Provides Guidance on Cisco Device Passwords ]

Network security best practices, the NSA says, also include implementing access restrictions to critical internal network devices and a network access control (NAC) solution, removing backdoor connections, and limiting and encrypting virtual private networks (VPNs).

In addition to a secure network architecture, administrators should also properly configure authentication, authorization and accounting (AAA) and apply the principle of least privilege, they should ensure that administrative accounts are properly secured with unique usernames and passwords, should securely store credentials, and should disable unused accounts.

Network security best practices, the NSA says, also include proper file system and boot management, maintaining all software and operating systems updated, and ensuring that in-use hardware is still supported by vendors.

Remote logging and monitoring along with secure remote management of network devices should also be implemented. Moreover, administrators are advised to disable IP source routing, disable unused ports and port monitoring, and disable unnecessary network services.

“Along with essential maintenance functions, administrators play a critical role in defending networks against adversarial threats. Following this guidance will assist these network defenders with putting cybersecurity best practices into action, lowering the risk against compromise and ensuring a more secure and better protected network,” the NSA concludes.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has encouraged network architects, defenders, and administrators to review the NSA’s guidance to harden their networks.

Related: NSA Shares Guidance for Government Employees on Securing Wireless Devices in Public

Related: NSA, CISA Issue Guidance on Selecting and Securing VPNs

Related: NSA Publishes Guidance for Enterprises on Adoption of Encrypted DNS

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...