The National Security Agency this week detailed recommendations for businesses to secure their network infrastructure from attack, giving safe configuration guidance for commonly used network protocols and urging the use of basic security measures for all. the networks.
The NSA report highlighted the importance of zero-trust principles for network security, but most of it covers specific steps network administrators should take to protect their infrastructure from compromise. Configuration tips for network administrators include using secure and frequently changed passwords for all administrative accounts, limiting login attempts, and updating and patching potentially vulnerable systems. The report also describes safe configurations for SSH (secure shell), HTTP, and SNMP (simple network management protocol).
“Improper configuration, improper management of configurations, and weak encryption keys can expose vulnerabilities throughout the network,” the report said. “All networks are at risk of being compromised, especially if devices are not properly configured and maintained.”
The NSA has further recommended the use of network access control systems as an additional layer of security for corporate networks. The idea is to implement a robust system to identify individual devices on a network, as port security can be difficult to manage and tracking devices connected via MAC address can be circumvented by an attacker.
The use of centralized authorization, authentication, and accounting servers is also touted as a strong security measure by the NSA. This avoids the use of potentially vulnerable legacy authentication technologies, as they do not rely on credentials stored on connected devices, which can be relatively easy to compromise. Doubling the deployment of AAA servers, which handle system resource requests, provides a level of redundancy and can help detect and prevent malicious activity more easily, according to the agency.