SHARE
Facebook X Pinterest WhatsApp

U.S. Security Agencies Release Network Security, Vulnerability Guidance

The U.S. National Security Agency (NSA) released comprehensive network security guidance on March 3, on the same day that the Cybersecurity and Infrastructure Security Agency (CISA) released its longest-ever list of exploited vulnerabilities. With organizations around the world on heightened alert in the wake of Russia’s unprovoked war against Ukraine, government agencies have stepped up […]

Written By
thumbnail Paul Shread
Paul Shread
Mar 4, 2022
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The U.S. National Security Agency (NSA) released comprehensive network security guidance on March 3, on the same day that the Cybersecurity and Infrastructure Security Agency (CISA) released its longest-ever list of exploited vulnerabilities.

With organizations around the world on heightened alert in the wake of Russia’s unprovoked war against Ukraine, government agencies have stepped up efforts too. The U.S. Senate has also been active, passing the “Strengthening America Cybersecurity Act,” which requires critical infrastructure owners to report cyber attacks within 72 hours and ransomware payments within 24. The legislation must still be approved by the House.

The 95 vulnerabilities added to CISA’s Known Exploited Vulnerabilities Catalog (sort by date) are by far the most yet, growing the list to 478.

Among the latest additions are:

  • Cisco Small Business RV routers and IOS software (38 new Cisco vulnerabilities in all)
  • Privilege and other vulnerabilities in Microsoft Windows, Exchange Server, Excel, Office, PowerPoint, Malware Protection Engine, Internet Explorer and more (27 in all)
  • The Linux Kernel and Apache Tomcat
  • Oracle Java SE and VirtualBox

CISA urges organizations to prioritize fixes identified in the Catalog, a priority also included in the recent Shields Up guidance outlining steps to take to prepare for any Russian cyberattacks that might occur as a fallout from the war.

Also read: Top Vulnerability Management Tools

Segmentation Figures Prominently in NSA Guidance

SANS Institute officials have been active lately with network security advice in response to the war in Ukraine, and some of that advice has sparked considerable interest among cybersecurity pros.

The NSA’s 58-page Network Infrastructure Security Guidance (PDF) is more of a catalog of network security best practices, based on principles of zero trust and segmentation, following up on brief January guidance (PDF) on segmentation that discussed the Purdue Enterprise Reference Architecture (image below).

Purdue network architecture
Purdue network architecture

The new guidance is significantly more comprehensive and in-depth, addressing network architecture, maintenance, authentication, routing, ports, remote logging, monitoring and administration. Here’s some of the advice detailed in the document.

Network Architecture and Design

The network architecture outlined in the document is based on zero trust principles, but the NSA noted that it’s intended not so much for building new networks as it is for mitigating “common vulnerabilities and weaknesses on existing networks. As system owners introduce new network designs intended to achieve more mature Zero Trust principles, this guidance may need to be modified.” Architecture recommendations include:

  • Install a border router to facilitate a connection to the external network, such as an Internet service provider (ISP)
  • Implement multiple layers of next-generation firewalls throughout the network to restrict inbound traffic, restrict outbound traffic, and examine all internal activity between disparate network regions
  • Each layer should utilize different vendors to protect against an adversary exploiting the same unpatched vulnerability in an attempt to access the internal network
  • Place publicly accessible systems and outbound proxies in between the firewall layers in one or more demilitarized zone (DMZ) subnets, where access can be appropriately controlled between external devices, DMZ devices, and internal systems
  • Implement a network monitoring solution to log and track inbound and outbound traffic, such as a network intrusion detection system (NIDS), a traffic inspector, or a full-packet capture device
  • Deploy multiple dedicated remote log servers to enable activity correlation among devices and detection of lateral movement
  • Implement redundant devices in core areas to ensure availability, which can be load-balanced to increase network throughput and decrease latency
  • Group similar network systems
  • Remove backdoor connections
  • Implement strict perimeter access control and NAC
  • Limit and encrypt VPNs
network perimeter defense
NSA: Network perimeter defense

Also read: Top Microsegmentation Tools

Network Operation and Management

Network operations and management make up the bulk of the report. Recommendations include:

  • Verify the integrity of operating system files
  • Implement patching and vulnerability management
  • Use proper file system and boot management
  • Use centralized authentication, authorization, and accounting (AAA) servers to manage administrative access to devices
  • Apply least privilege principles
  • Limit authentication attempts
  • Change default passwords and remove unnecessary accounts
  • Store passwords with secure algorithms
  • Implement remote logging and monitoring
  • For remote admin and network services, disable clear text administration services, use adequate encryption and secure protocols (TLS 1.2 or higher), use timeouts and TCP keep-alive, and disable outbound connections, unnecessary services and discovery protocols
  • Disable IP source routing and enable unicast reverse-path forwarding (uRPF) and routing authentication
  • Disable dynamic trunking and default VLAN, unused ports, port monitoring and proxy address resolution protocol (ARP), and enable port security

Read next: Best Network Monitoring Tools

thumbnail Paul Shread

Former eSecurityPlanet editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including award-winning articles on endpoint security and virtual data centers. He holds market analyst and cybersecurity certifications.

Recommended for you...

How to Create an Incident Response Plan (+ Free Template)
Ken Underhill
Oct 2, 2025
6 Open-Source Vulnerability Scanners That Actually Work
Chad Kime
Sep 5, 2025
Surfshark vs NordVPN (2025): Which VPN Wins? Full Breakdown
Matt Gonzales
Aug 14, 2025
The 5 Best VPNs for Small Businesses on a Budget
Matt Gonzales
Jul 16, 2025
eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.