The National Security Agency (NSA) released the “Network Infrastructure Security Guidance” Cybersecurity Technical Report today. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats.
Network environments are dynamic and evolve as new technologies, exploits, and defenses affect them. While compromise occurs and is a risk to all networks, network administrators can greatly reduce the risk of incidents as well as reduce the potential impact in the event of a compromise. This guidance focuses on the design and configurations that protect against common vulnerabilities and weaknesses on existing networks.
Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network.
Existing networks likely have some or most of the recommended configurations and devices noted, so administrators can use the report to help prioritize next steps in continuing to harden their network against cyber threats.