NSA report: This is how you should be securing your network
The National Security Agency (NSA) has released a new report that gives all organizations the most current advice on how to protect their IT network infrastructures from cyberattacks.
NSA’s report ‘Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance‘ is available freely for all network admins and CIOs to bolster their networks from state-sponsored and criminal cyberattacks.
The report covers network design, device passwords and password management, remote logging and administration, security updates, key exchange algorithms, and important protocols such as Network Time Protocol, SSH, HTTP, and Simple Network Management Protocol (SNMP).
SEE: Cybersecurity: Let’s get tactical (ZDNet special report)
The US Cybersecurity and Infrastructure Security Agency (CISA) is encouraging tech leaders to view the NSA document as part of its new push for all organizations in the US and elsewhere to raise defenses after the recent disk wiper malware targeting Ukrainian organizations.
The document, from NSA’s cybersecurity directorate, encourages the adoption of ‘zero trust’ networks. Zero trust assumes malicious insiders and threats existing inside and outside classical network boundaries.
The NSA says it “fully supports the Zero Trust model” and offers recommendations for creating it, from installing routers and using multiple vendors to creating firewalls that reduce the potential of an exploit impacting one vendor’s product. However, the agency also notes that its guidance focuses on mitigating common vulnerabilities and weaknesses on existing networks.
The Biden administration has given federal agencies until 2024 to implement zero trust architectures, so the NSA’s guidance joins recommendations from the National Institute of Standards and Technology‘s (NIST) work to explain what zero trust is with key vendors such as Microsoft and Google. The UK is also pushing organizations to adopt zero trust.
Among other things, the document focuses closely on Cisco and its widely used IOS networking software for routers and switches, including configuring its one to 15 levels of privileged access to network devices and how to store passwords with algorithms that Cisco IOS devices use. The NSA knows a lot about Cisco gear, as Edward Snowden’s 2013 leaks revealed.
NSA recommends that similar systems within a network should be grouped together to protect against an attacker’s lateral movement after a compromise. Attackers will target systems like printers that are more easily exploitable, for example.
It also recommends removing backdoor connections between devices in the network, using strict perimeter access control lists, and implementing network access control (NAC) that authenticates unique devices connected to the network. Regarding VPNs, it says to “disable all unneeded features and implement strict traffic filtering rules”. It also specifies the algorithms that should be used for key exchanges in IPSec VPN configurations.
NSA says local administrator accounts should be protected with a unique and complex password. It recommends enforcing a new password policy and warns that “most devices have default administrative credentials which are advertised to the public”. Admins should remove all default configurations and then reconfigure them with a unique secure account for each admin.
“Do not introduce any new devices into the network without first changing the default administrative settings and accounts,” NSA says.
The new report follows NSA’s guidance to help people and organizations choose virtual private networks (VPN). VPN hardware for securing connections between remote workers to corporate networks became a prime target during the pandemic.