Network design

NSA releases network design configuration best practice guidance

Written by Marc Pomerleau

As part of its new public safety posture, the National Security Agency on Tuesday released a report guiding network architects and administrators on best practices for establishing their networks.

the report was developed by the NSA’s Cybersecurity Directorate, which was created to use the agency’s unique intelligence capabilities to share threat information with businesses and the defense industrial base in a timely manner to ensuring they stay one step ahead of the most sophisticated threats.

While the NSA has previously been pejoratively referred to as “no such agency” given the little or no information it would release publicly, officials acknowledged that it must “his gameafter a series of high-profile hacks and breaches by sophisticated nation states and establish an organization to help the private sector.

“Network environments are dynamic and evolve as new technologies, exploits and defenses affect them. Although compromise does happen and poses a risk to all networks, network administrators can significantly reduce the risk of incidents as well as the potential impact in the event of a compromise,” an NSA statement read. “These guidance focuses on design and configurations that protect against common vulnerabilities and weaknesses in existing networks.”

The report notes that following the advice will help network defenders implement cybersecurity best practices, reduce the risk of compromise, and ensure a more secure network.

NSA advice falls into nine broad categories: network architecture and design; security maintenance; authentication, authorization and accounting; local administrator accounts and passwords; remote logging and monitoring; remote administration and network services; routing; interface ports, and; notification and consent banners.

The NSA said it developed the guidance based on its experience helping customers assess their networks and provide recommendations for hardening devices.

The report also references zero-trust architectures, a security model that assumes threats exist inside and outside the network and continuously validates users, devices, and data. White House guidelines state that all federal agencies must adopt such a security model, giving it the utmost importance.

The NSA says it also fully supports the zero-trust model, but as system owners introduce new network designs to achieve more mature zero-trust principles, the report’s guidance may need to change. .

-In this story-

Source link