NSA releases telework security advice
The US National Security Agency has released two cybersecurity information sheets listing best practices to help Department of Defence teleworkers securely connect remotely to the agency's network.
The fact sheets, which also apply for National Security System teleworkers, detail advice for helping teleworkers and their system administrators secure their networks and handle potential compromises.
The first fact sheet provides information on how to identify signs of personal network compromises to secure data when government-provided equipment is used for telework.
It lists indicators of a compromised network, ranging from the clearly visible — such as router password changes, devices functioning without user input and ransomware messages — through to more subtle signs, such as unexpected hardware displays, inactivity faults and taxed memory.
The guide also provides guidance on what to do if a personal network is compromised, including how to achieve "aggressive eradication of threats on a compromised personal network" by disconnecting all devices and performing a full factory reset.
The second guide provides an introduction and best practice tips related to the concept of out-of-band network management, which involves using an alternate communication path to manage network infrastructure devices.
This involves physically or virtually segmenting network infrastructure to allow for the secure administration and monitoring of network devices.
Recommendations for achieving this include implementing encryption for all out-of-bound management traffic, hardening network management devices by restricting access to allow only the management network, and regularly monitoring and reviewing network logs.
While defining access controls, agencies should use the "principle of least privilege", the guidance adds.
US federal government agencies have made significant progress implementing the security reforms...
An annual cybersecurity survey of tech leaders from across the United States has found that...
Oracle has secured protected-level certification for several SaaS products under the ACSC's...