[LINK] New NSA Report: This is How You Should Be Securing Your Network

Roger Clarke Roger.Clarke at xamax.com.au
Mon Mar 7 09:24:02 AEDT 2022 

On 7/3/22 8:38 am, gerard wrote:
> May be of interest to the link. I find it a bit funny coming from the
> NSA :)

There could be logic to it though, e.g.:

-   it might only contain advice about techniques that the NSA believes
    it already knows how to crack, or to go around;

or, less cynically:

-   the organisations and individuals it targets are up at this level
    of security in any case;  so NSA loses nothing in its battles with
    them, and gains by assisting low-priority NSA targets to harden
    themselves against 'the *really* bad guys'.

It's interesting that they consider two-factor authentication to still
be too difficult for implementation for local admin accounts (p.17).

Generally, it doesn't seem to include much that would be new to a good
3rd year uni student.  On the positive side, it's written far more
clearly than a lot of other NIST and other official documents!

_________________


> https://yro.slashdot.org/story/22/03/05/195232/new-nsa-report-this-is-how-you-should-be-securing-your-network
> 
> and the report...
> https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF
> 
> 
> 
> /NSA's report 'Cybersecurity Technical Report (CTR): Network
> Infrastructure Security Guidance' is available freely for all network
> admins and CIOs to bolster their networks from state-sponsored and
> criminal cyberattacks. The report covers network design, device
> passwords and password management, remote logging and administration,
> security updates, key exchange algorithms, and important protocols such
> as Network Time Protocol, SSH, HTTP, and Simple Network Management
> Protocol (SNMP).
> 
> The U.S. Cybersecurity and Infrastructure Security Agency isencouraging
> tech leaders to view the NSA document
> <https://www.cisa.gov/uscert/ncas/current-activity/2022/03/03/nsa-releases-network-infrastructure-security-guidance>as
> part of its new push for all organizations in the US and elsewhere to
> raise defenses after the recent disk wiper malware targeting Ukrainian
> organizations. The document, from NSA's cybersecurity directorate,
> encourages the adoption of 'zero trust' networks....
> 
> The new report follows NSA'sguidance to help people and organizations
> choose virtual private networks (VPN)
> <https://www.zdnet.com/article/nsa-cisa-partner-for-guide-on-safe-vpns-amid-widespread-exploitation-by-nation-states/>.
> VPN hardware for securing connections between remote workers to
> corporate networks became a prime target during the pandemic./
> _______________________________________________
> Link mailing list
> Link at anu.edu.au
> https://mailman.anu.edu.au/mailman/listinfo/link
> 


-- 
Roger Clarke                            mailto:Roger.Clarke at xamax.com.au
T: +61 2 6288 6916   http://www.xamax.com.au  http://www.rogerclarke.com

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list