NSA announces a report that explains how to protect network infrastructure
The US National Security Bureau (NSA) has published a new report and provided the latest advice to all organizations on how to protect IT network infrastructure from cyber attacks.
The NSA's "CyberSecurity Technical Report (CTR): Network Infrastructure Security Guidance" report is released free of charge, and the network brainer that must protect the network from cyber attacks and criminals with criminals.And information for the highest information manager (CIO) is posted.
In the report reports, reports include network design, device passwords and password management, password management of device password management, password management, remote logging and management, security updates, key exchange algorithm, key exchange algorithm, key exchange algorithm, key replacement algorithm, key exchange algorithm (NTP), Simple Network Management Protocol (SMMP), etc. In the report of network design, password management, password management, remote logging and management, key replacement algorithm (NTP), SSH, http, Simple Network Management Protocol (Simple Network Management Protocol (SMMP)), Network Time Protocol (NTP), SSH, HTTP, Simple Network Management Protocol (Simple Network Management Protocol (SMMP)) The important is important, etc.Is being featured.
The U.S. Cyber Security Infrastructure Security Agency (CISA) is a new initiative as a new initiative that promotes defensive power to all organizations in the United States and other places in response to the previous disc erased malware targeting the Ukrainian organization.It encourages technology leaders to read the report.
In the report, the NSA Cyber Security Council encouraged the adoption of the "Zero Trust" network.Zero Trust assumes that malicious internal and threats exist inside and outside the classic network boundaries.
The NSA states that it will "fully support the Zero Strast model," and has offered recommendations for its construction.For example, it is recommended to install a router, build a firewall using multiple vendors, and reduce the potential damage of Exploit, which affects one vendor product.However, NSA pointed out that the guidance focuses on reducing general vulnerabilities and weaknesses on existing networks.
The Biden administration has instructed the U.S. government agency to complete the implementation of the zero trade architecture by 2024.The National Institute of Standard Technology (NIST) is working to explain what zero -trasts are, along with important vendors such as Microsoft and Google, and offer various recommendations.NSA guidance is also based on the trend.The UK also encourages the organization to adopt zero -trade.
In particular, this report features the company's "iOS" network software, which is widely used in Cisco, routers and switches, and uses 1 to 15 access permissions for network devices and use Cisco IOS devices.It explains how to save the password with the algorithm.As revealed in the 2013 leak by Edward Snowden, NSA is familiar with Cisco devices.
NSA recommends grouping similar systems in the network to prevent the horizontal movement of invading attackers.For example, attackers target systems such as printers that are easy to abuse.
It is also recommended to eliminate backdoor connection between devices in the network, use strict border access control lists, and implement network access control (NAC) that authenticate specific devices connected to the network.Regarding VPNs, NSA encourages NSA to "disable all unnecessary functions and implement strict traffic filtering rules."In addition, the algorithms to be used to replace the IPsec VPN configuration key exchange have been specified.
According to the NSA, local administrator accounts need to be protected with a unique complex password.The NSA recommended that a new password policy has been implemented and warns that most devices have public default administrator certification information.After deleting all default settings, the administrator needs to reset the unique account to each administrator.
"I want you to change the default administrator setting and account before introducing a new device in the network" (NSA)
The new report is followed by NSA guidance that supports people and organizations to select the appropriate virtual private network (VPN).VPN hardware, which protects the connection between remote workers and corporate networks, has become a major target under pandemic.
This article edited by Asahi Interactive for an article from overseas RED VENTURES for Japan.