US spy agency talks network security

The National Security Agency knows a lot about offensive and defensive security, so its new network security report is worth a look.

The US spy agency tasked with intercepting and analysing signals intelligence wrote it for administrators of small networks such as home users but it was a refresher on good practices for infosec professionals of all stripes.

Of particular interest to office workers and their sysadmins is the spooks' suggested prohibition on out-of-office messages.

Below is a summary of the key points. The report (PDF) is broken into four recommendations.

Host:

• Use the more secure 64-bit Windows 7
• Limit access rights
• Sandbox web browsers and PDF readers
• Upgrade to Microsoft Office 2010; it does not open XML files by default and uses protected mode that restricts execution
• Use disk encryption
• Enable data protection on iPads
• Enable FileVault on Mac OS

Network:

• WEP is dead
• Use a DNS provider
• Use strong passwords on all network devices

Operational:

• Avoid public wireless wi-fi networks
• Don’t mix work and home emails
• Beware of local laws when using cloud services
• Be wary of social networking
• Don’t use out-of-office messages because they verify email addresses to spammers
• Use different user names for work and personal accounts
• Be aware when you are using services linked to GPS

Router:

• Use MAC filtering and limit the IP address pool
• Limit the power of access points
• Hide or "cloak" your public wi-fi networks name (SSID)
• Disable scripts in web browsers
• Enable data execution prevention on programs