The National Security Agency (NSA) has released a cybersecurity technical report for its Network Infrastructure Security Guidance that features network infrastructure best practices, according to a March 1 release from the agency.
The report looks at different ways system owners and operators can mitigate any common vulnerabilities and known weaknesses on known networks. While much of the guidance can be used to aid in implementing a zero trust network architecture, the report is not explicitly focused on guidance for those particular architectures.
“Guidance for securing networks continues to evolve as new vulnerabilities are exploited by adversaries, new security features are implemented, and new methods of securing devices are identified,” the report says. “Improper configuration, incorrect handling of configurations, and weak encryption keys can expose vulnerabilities in the entire network.”
“NSA fully supports the Zero Trust security model, and much of the guidance in this report can be applied at different boundaries as recommended in Zero Trust guidance,” the report explains. “As system owners introduce new network designs intended to achieve more mature Zero Trust principles, this guidance may need to be modified.”
Among NSA’s recommendations are for network defenders to install both perimeter and internal defense devices, moving away from the castle-and-moat idea that focused mostly on perimeter defenses. The guidance also includes recommendations that would give network defenders more visibility, such as increasing the amount of network monitoring and access controls available.
NSA said it is likely that existing networks already have incorporated some of the recommendations, and said those network operators should use the guidance as how to implement any next steps to harden their systems.