The U.S. intelligence agency recommends that IT administrators take several security measures to protect their companies’ infrastructure from threats.
Recently, the National Security Agency (NSA) made several detailed recommendations for companies to secure their network infrastructure against attacks. One can only imagine that the war in Ukraine had something to do with the release of this report. The proposals include secure configuration tips for the most common network protocols. The agency also insists on the adoption of basic security measures for all networks. While the NSA report emphasizes the importance of zero-trust principles for protecting networks, the bulk of the recommendations focus on specific steps network administrators should take to protect their infrastructure from compromise.
Using secure, frequently renewed passwords for all administrator accounts, limiting login attempts and updating potentially vulnerable systems are among the tips. The report also describes secure configurations for Secure Shell (SSH), HTTP and Simple Network Management Protocol (SNMP). “Improper configuration, improper handling of configurations and weak encryption keys can expose vulnerabilities in the entire network,” the report says. “All networks are at risk of being compromised, especially if devices are not properly configured and maintained.”
Focus on AAA servers
In addition, the NSA recommends the use of network access control systems that add an extra layer of security to enterprise networks. The idea is to have a robust system in place to identify individual endpoints on a network, as port security can be difficult to manage and tracking connected devices via MAC address can be circumvented by an attacker. The agency also considers the use of centralized authorization, authentication and account management (AAA) servers as a strong security measure. Indeed, according to the NSA, this usage facilitates the passage of potentially vulnerable traditional authentication technologies, as they do not rely on credentials stored on connected devices, which are potentially easy to compromise. “Doubling the deployment of AAA servers – which manage requests for system resources – provides a level of redundancy and helps to more easily detect and prevent malicious activity,” the agency further states in its report.
To ensure the security of enterprise networks, the agency also recommends the use of robust logging techniques. According to the NSA, “ensuring that the network infrastructure captures a sufficient amount of logging data makes identifying and tracking a potential attack much simpler than it otherwise would be.” Login attempts, both successful and unsuccessful, are particularly important in this regard, but the agency notes that generating too many messages could complicate log review. The NSA report, available for download, goes into detail about how Cisco IOS users should apply the majority of the recommendations it suggests, but the general principles are valid for users of any vendor’s network equipment.