The National Security Agency knows a lot about offensive and defensive security, so its new network security report is worth a look.
The US spy agency tasked with intercepting and analysing signals intelligence wrote it for administrators of small networks such as home users but it was a refresher on good practices for infosec professionals of all stripes.
Of particular interest to office workers and their sysadmins is the spooks' suggested prohibition on out-of-office messages.
Below is a summary of the key points. The report (PDF) is broken into four recommendations.
Host:
- Use the more secure 64-bit Windows 7
- Limit access rights
- Sandbox web browsers and PDF readers
- Upgrade to Microsoft Office 2010; it does not open XML files by default and uses protected mode that restricts execution
- Use disk encryption
- Enable data protection on iPads
- Enable FileVault on Mac OS
Network:
- WEP is dead
- Use a DNS provider
- Use strong passwords on all network devices
Operational:
- Avoid public wireless wi-fi networks
- Don’t mix work and home emails
- Beware of local laws when using cloud services
- Be wary of social networking
- Don’t use out-of-office messages because they verify email addresses to spammers
- Use different user names for work and personal accounts
- Be aware when you are using services linked to GPS
Router:
- Use MAC filtering and limit the IP address pool
- Limit the power of access points
- Hide or "cloak" your public wi-fi networks name (SSID)
- Disable scripts in web browsers
- Enable data execution prevention on programs
