The National Security Agency (NSA) has published two cybersecurity information sheets (CSIs) with recommendations for National Security System (NSS) and Department of Defense (DoD) workers and system administrators on securing networks and responding to incidents during the work-from-home period.
Titled Compromised Personal Network Indicators and Mitigations, the first of the CSIs is meant to deliver details on how teleworkers can identify and mitigate the compromise of their personal networks and to secure data and the equipment provided by the government when working remotely.
Furthermore, the CSI provides a series of indicators of compromise (IoC), along with the mitigation techniques that teleworkers can apply to prevent future compromises. The CSI is meant for government employees, but anyone can use the provided information to identify and prevent network breaches, the NSA points out.
“While there is no way to ensure that personal networks will be completely secured from attacks—attackers are persistent and continue to find ways to circumvent security controls—users can still take steps to help prevent future attacks,” the CSI reads.
Should the indicators of compromise outlined in the document be observed, users are advised to apply the provided mitigations to any computer, mobile device, or IoT device connected to their personal network.
Recommended steps to mitigate the compromise, the NSA says, include rebooting and resetting routers, disabling their remote administration functionality and updating the firmware; disconnecting infected machines from the network, resetting passwords on a different device and running anti-malware software; and removing ransomware infections and restoring a previously backed-up good state.
The document details a series of more aggressive actions as well, all meant to help users eliminate threats from their personal devices or network, in addition to mitigating the compromise.
The NSA’s second CSI, which is titled Performing Out-of-Band Network Management, provides system admins information on how to isolate management traffic from operational traffic to ensure that a compromised device or malicious traffic won’t affect network operations or compromise network infrastructure.
“OoB [Out-of-Band] management creates a framework that enables administrators to improve the security of their networks by segmenting management traffic from operational traffic, and ensuring that management traffic only comes from the OoB communication path,” the NSA explains.
The document provides information on the architecture design of OoB management and recommends that a vulnerability and risk assessment should be performed first, to decide whether a virtually or physically segmented OoB network architecture should be implemented.
The NSA recommends using encryption protocols and strong encryption algorithms and key sizes, managing devices using strong virtual private networks (VPNs) only, hardening network management devices, continuously monitoring the network and reviewing logs, and establishing a configuration review and check-in process, which will allow easily identifying malicious changes.