The recent and potentially ongoing hack of global telecom companies is all over the news and illustrates how important it is to be diligent with your network security. CISA recently released a critical guide for network engineers and defenders with best practices to protect against successful exploitation carried out by bad actors. Here are some highlights from their guidance:
Strengthen Visibility
- Closely scrutinize and investigate any configuration modifications or alterations to network devices such as switches, routers, and firewalls outside of the change management process
- Implement a strong network flow monitoring solution
- Monitor user and service account logins for anomalies that could indicate potential malicious activity.
- Implement secure, centralized logging with the ability to analyze and correlate large amounts of data from different sources.
- Implement a monitoring and network management capability that, enforces configuration management, automates routine administrative functions, and alerts on changes detected within the environment, such as connections and user and account activity.
Harden Systems and Devices
- Use an out-of-band management network that is physically separate from the operational data flow network. Ensure that management of network infrastructure devices can only come from the out-of-band management network.
- Employ strong network segmentation via the use of router ACLs, stateful packet inspection, firewall capabilities, and demilitarized zone (DMZ) constructs.
- Harden and secure virtual private network (VPN) gateways by limiting external exposure and the port exposure to what is minimally required.
- Ensure that no default passwords are used
Keeping your network and data safe is hard-Technium can help. Schedule a free consultation with one of our network security experts.
Technium
Technium : Feb 12, 2025 2:54:13 PM
