How to Harden Networks Against Vulnerabilities
The NSA document notes that its crucial for agencies to maintain up-to-date operating systems and stable software to protect themselves against “critical vulnerabilities and security issues that have been identified and fixed in newer releases.”
“Devices running outdated operating systems or vulnerable software are susceptible to a variety of published vulnerabilities, and exploiting these devices is a common technique used by adversaries to compromise a network,” the document adds.
The NSA recommends that organizations update the software on all network devices to the latest stable version available from vendor partners, which might require more new hardware or memory upgrades. Additionally, getting the new software version might mean agencies need to strike a new maintenance or support contract with the vendor.
“Most network infrastructure devices do not support an auto-update feature, so it is necessary to implement a requisition and installation process for the latest software with the vendor,” the NSA notes.
As Nextgov reports, earlier this month the Cybersecurity and Infrastructure Security Agency’s national cyber awareness system promoted the NSA’s report alongside CISA’s recently released infographic on network segmentation.
“Creating boundaries between the operational technology (OT) and information technology (IT) networks reduces many risks associated with the IT network, such as threats caused by phishing attacks,” CISA’s document states. “Segmentation limits access to devices, data and applications, and restricts communications between networks. Segmentation also separates and protects OT network layers to ensure industrial and other critical processes function as intended.”
If agencies properly implement network segments and include both “demilitarized zones” and firewalls in between them, they can “prevent a malicious actor’s attempts to access high-value assets by shielding the network from unauthorized access,” according to CISA.
“Firewalls can be configured to block traffic from network addresses, applications, or ports while allowing necessary data through,” the infographic adds. “Policies and controls should also be used to monitor and regulate system access and the movement of traffic between zones.”