Network Infrastructure Security Guidance

Logo - National Security Agency / Central Security Service

Network Infrastructure Security Guidance (PDF)”
National Security Administration, March, 2022
Cybersecurity Technical Report
By National Security Agency, Cybersecurity Directorate

Guidance for securing networks continues to evolve as new vulnerabilities are exploited by adversaries, new security features are implemented, and new methods of securing devices are identified. Improper configuration, incorrect handling of configurations, and weak encryption keys can expose vulnerabilities in the entire network. All networks are at risk of compromise, especially if devices are not properly configured and maintained. An administrator’s role is critical to securing the network against adversarial techniques and requires dedicated people to secure the devices, applications, and information on the network.


This report presents best practices for overall network security and protection of individual network devices, and will assist administrators in preventing an adversary from exploiting their network. While the guidance presented here is generic and can be applied to many types of network devices, sample commands for Cisco Internetwork Operating System (IOS) devices are provided which can be executed to implement the recommendations.


The guidance in this report was generated from a depth and breadth of experience in assisting NSA customers with evaluating their networks and providing recommendations to immediately harden network devices. Along with essential maintenance functions, administrators play a critical role in defending networks against adversarial threats. Following this guidance will assist these network defenders with putting cybersecurity best practices into action, lowering the risk against compromise and ensuring a more secure and better protected network.

Read the Full Article (PDF) »

About the Author:

NSA’s Cybersecurity Directorate is a major organization that unifies NSA’s foreign intelligence and cyber defense missions and is charged with preventing and eradicating threats to National Security Systems and the Defense Industrial Base.