The National Security Agency (NSA) this week published a set of best practices for organizations looking to improve the overall security of their networks
The guidance is meant to be generic, applicable to a broad range of network devices, and should help administrators prevent adversaries from exploiting their networks.
According to the NSA, organizations looking to ensure that a network is protected from threats and that resources are secured should implement multiple defensive layers and also adopt a zero-trust security model.
When it comes to network architecture, the NSA recommends that organizations install security devices such as a border router and next-generation firewalls at the perimeter, and also notes that publicly accessible systems and outbound proxies should be placed in between firewalls, and that monitoring solutions, remote log servers, and redundant devices should be deployed within the network.
Practices for Improving Network Defenses
Furthermore, the NSA notes in its Network Infrastructure Security Guidance that admins should group together similar systems within the network and isolate them into subnets, applying proper network segmentation to ensure that an adversary able to compromise the most exploitable devices in the environment cannot reach other systems as well.
“Operational technology, such as industrial control systems, typically need to be isolated from other information technology and high-risk networks like the Internet. This physical separation provides stronger protection because the intermediate device between subnets must be compromised for an adversary to bypass access restrictions,” the NSA says.
Network security best practices, the NSA says, also include implementing access restrictions to critical internal network devices and a network access control (NAC) solution, removing backdoor connections, and limiting and encrypting virtual private networks (VPNs).
In addition to a secure network architecture, administrators should also properly configure authentication, authorization and accounting (AAA) and apply the principle of least privilege, they should ensure that administrative accounts are properly secured with unique usernames and passwords, should securely store credentials, and should disable unused accounts.
Network security best practices, the NSA says, also include proper file system and boot management, maintaining all software and operating systems updated, and ensuring that in-use hardware is still supported by vendors.
Remote logging and monitoring along with secure remote management of network devices should also be implemented. Moreover, administrators are advised to disable IP source routing, disable unused ports and port monitoring, and disable unnecessary network services.
“Along with essential maintenance functions, administrators play a critical role in defending networks against adversarial threats. Following this guidance will assist these network defenders with putting cybersecurity best practices into action, lowering the risk against compromise and ensuring a more secure and better protected network,” the NSA concludes.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has encouraged network architects, defenders, and administrators to review the NSA’s guidance to harden their networks.
Go to Cybersecurity Knowledge Base
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.