US intelligence agency lays out security steps IT admins should take to protect their infrastructure from threats. Credit: gorodenkoff The National Security Agency this week detailed recommendations for businesses to secure their network infrastructure against attacks, giving safe configuration tips for commonly used networking protocols and urging the use of basic security measures for all networks. The NSA’s report highlighted the importance of zero trust principles for network security, but the bulk of it covers specific steps network administrators should take to keep their infrastructure safe from compromise. Configuration tips for network admins include the use of secure, frequently changed passwords for all administrative accounts, limiting login attempts, and keeping potentially vulnerable systems patched and up-to-date. The report also describes safe configurations for SSH (secure shell), HTTP and SNMP (simple network management protocol). “Improper configuration, incorrect handling of configurations, and weak encryption keys can expose vulnerabilities in the entire network,” the report said. “All networks are at risk of compromise, especially if devices are not properly configured and maintained.” The NSA, additionally, recommended the use of network access control systems as an extra layer of security for enterprise networks. The idea is to implement a robust system for identifying individual devices on a network, as port security can be difficult to manage and tracking connected devices via MAC address can be circumvented by an attacker. The use of centralized authorization, authentication and accounting servers are also being highlighted as a strong security measure by the NSA. This helps avoid the use of potentially vulnerable legacy authentication technologies, since they don’t rely on credentials stored on connected devices, which can be relatively simple to compromise. Doubling up on deployment of AAA servers—which handle requests for system resources—provides a level of redundancy and can help detect and prevent malicious activity more easily, according to the agency. Robust logging techniques are another key technique for keeping enterprise networks safe, ensuring that network infrastructure is capturing a sufficient amount of log data makes identifying and tracking a potential attack much simpler than it would otherwise be, the NSA said. Login attempts, successful or unsuccessful, are particularly important for this, but the agency noted that generating too many messages could complicate log reviews. The NSA report, available for download, contains detailed instructions for Cisco IOS users on how to accomplish many of the tasks it suggests, but the general principles are valid for users of any vendor’s networking gear. Related content news Palo Alto extends SASE security, performance features Palo Alto rolls out Prisma SASE 3.0 to secure unmanaged devices, increase AI capabilities. By Michael Cooney May 02, 2024 3 mins SASE Network Security Networking how-to The logic of && and || on Linux These AND and OR equivalents can be used in scripts to determine next actions. By Sandra Henry-Stocker May 02, 2024 4 mins Linux analysis Cisco-backed startup Corelight raises $150M to expand network security services Corelight aims to boost AI-driven security operations, cloud visibility and detection, and next-generation SIEM platforms. By Michael Cooney May 02, 2024 4 mins Network Security Networking news F5 looks to squelch 'ball of fire' that is application security Updates include security scanning and penetration testing capabilities for web applications, as well as a new container-based web application firewall. By Michael Cooney May 01, 2024 4 mins Firewalls Network Security Networking PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe