Contents
Network Infrastructure Security Guidance ......................................................................i
Contents ......................................................................................................................................iii
1. Introduction ............................................................................................................................... 1
1.1 Regarding Zero Trust ........................................................................................................................................ 1
2. Network architecture and design ............................................................................................ 2
2.1 Install perimeter and internal defense devices ....................................................................................... 2
2.2 Group similar network systems ..................................................................................................................... 3
2.3 Remove backdoor connections .................................................................................................................... 4
2.4 Utilize strict perimeter access controls ...................................................................................................... 4
2.5 Implement a network access control (NAC) solution ........................................................................... 5
2.6 Limit and encrypt virtual private networks (VPNs) ................................................................................ 5
3. Security maintenance............................................................................................................... 8
3.1 Verify software and configuration integrity ............................................................................................... 8
3.2 Maintain proper file system and boot management ............................................................................. 9
3.3 Maintain up-to-date software and operating systems ........................................................................ 10
3.4 Stay current with vendor-supported hardware ...................................................................................... 10
4. Authentication, authorization, and accounting (AAA) ....................................................... 11
4.1 Implement centralized servers .................................................................................................................... 11
4.2 Configure authentication ................................................................................................................................ 12
4.3 Configure authorization .................................................................................................................................. 13
4.4 Configure accounting ...................................................................................................................................... 14
4.5 Apply principle of least privilege ................................................................................................................. 15
4.6 Limit authentication attempts ....................................................................................................................... 16
5. Administrator accounts and passwords .............................................................................. 17
5.1 Use unique usernames and account settings ....................................................................................... 17
5.2 Change default passwords ........................................................................................................................... 17
5.3 Remove unnecessary accounts ................................................................................................................. 18
5.4 Employ individual accounts .......................................................................................................................... 18
5.5 Store passwords with secure algorithms ................................................................................................ 19
5.6 Create strong passwords .............................................................................................................................. 21
5.7 Utilize unique passwords ............................................................................................................................... 22
5.8 Change passwords as needed ................................................................................................................... 22
6. Remote logging and monitoring ........................................................................................... 24
6.1 Enable logging ................................................................................................................................................... 24
6.2 Establish centralized remote log servers ................................................................................................ 25
6.3 Capture necessary log information ............................................................................................................ 25
6.4 Synchronize clocks .......................................................................................................................................... 26
7. Remote administration and network services .................................................................... 28
7.1 Disable clear text administration services .............................................................................................. 28
7.2 Ensure adequate encryption strength ...................................................................................................... 29
7.3 Utilize secure protocols .................................................................................................................................. 30
7.4 Limit access to services ................................................................................................................................. 31
评论0