New Defensive Guidance from the NSA

New Defensive Guidance from the NSA

New Defensive Guidance from the NSA 1090 726 Andrew Hay

Today, the National Security Agency (NSA) released its new “Network Infrastructure Security Guidance” technical report. The document captures best practices based on experience in supporting customers and responding to threats that can be applied across any network environment.

This report presents best practices for overall network security and protection of individual network devices and aims to assist administrators in preventing an adversary from exploiting their network. While the guidance presented here is generic and can be applied to many types of network devices, sample commands for Cisco Internetwork Operating System (IOS) devices are provided which can be executed to implement the recommendations.

Detailed recommendations are presented for:

  • Network architecture and design,
  • Security maintenance,
  • Authentication, authorization, and accounting (AAA),
  • Administrator accounts and passwords,
  • Remote logging and monitoring,
  • Remote administration and network services,
  • Routing
  • Interface ports, and
  • Notification banners.

In conclusion, while the guidance provided here is generic and can be applied to many types of network devices, Cisco IOS administrators can (and should) use the provided commands to help protect their networks. Adversaries are continually developing new techniques to exploit networks, so it is important for administrators to keep up with current trends and best practices. By following the recommendations in this report, administrators can make it more difficult for adversaries to gain access or take control of their infrastructure.

If you need assistance evaluating the maturity of your security program or require validation that the above recommendations are implemented effectively, please do not hesitate to reach out to Lares today!

Where There is Unity, There is Victory

[Ubi concordia, ibi victoria]

– Publius Syrus

Contact Lares Consulting logo (image)

Continuous defensive improvement through adversarial simulation and collaboration.

Email Us

©2019 Lares, LLC | All rights reserved.
Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Some types of cookies may impact your experience on our website and the services we are able to offer. It may disable certain pages or features entirely. If you do not agree to the storage or tracking of your data and activities, you should leave the site now.

Our website uses cookies, many to support third-party services, such as Google Analytics. Click now to agree to our use of cookies or you may leave the site now.