NSA Telework and Mobile Security Guidance

 

End User Telework and Network Security Guides  |  NSA’s Top Ten Cybersecurity Mitigation Strategies



End User Telework and Network Security Guides

Updated 14 Aug 2020 - Here are a subset of NSA’s cybersecurity products focused on telework and general network security guidance compiled below for ease of access. While all include resources applicable to the general end user, some delve into more technical solutions as well.

To view all of NSA's published cybersecurity products, go to our Cybersecurity Advisories & Technical Guidance page here.

ImageTitleDescription
Best Practices for Securing Your Home NetworkBest Practices for Securing Your Home NetworkDon't be a victim; cyber criminals may leverage your home network to gain access to personal, private, and confidential information. Help protect yourself and your family by observing some basic guidelines and implementing the following mitigations on your home network.
Configuring IPSec Virtual Private Networks (VPNs)Configuring IPSec Virtual Private Networks (VPNs)This guidance provides a more in-depth look at how to implement specific configurations for securing and maintaining secure VPN connections.
CSI: Best Practices for Securing Your Home NetworkCSI: Best Practices for Securing Your Home NetworkCSI: Best Practices for Securing Your Home Network | U/OO/119184-23 | PP-23-0270 | FEB 2023 Ver. 1.0
CSI: Securing Wireless Devices in Public Settings (July 2021)CSI: Securing Wireless Devices in Public Settings (July 2021)While telework provides benefits to individuals and organizations, workers could be putting their personal and organizational data, credentials, and devices at higher risk if they conduct business in public settings. This guidance describes how to identify potentially vulnerable public connections and how to keep wireless devices secure.
Identity Theft Threat and MitigationsIdentity Theft Threat and MitigationsCriminals can use a multitude of methods to obtain personally identifiable information, which can be used to carry out malicious actions. Personal protection from these actors must be dealt with on all fronts, as a layered approach. The information provided in this document is designed to help individuals protect themselves against identity theft and mitigate the risk.
Keeping Safe on Social MediaKeeping Safe on Social MediaThis brief guide highlights critical information and countermeasures users may take to help keep themselves and their sensitive data safe while connecting with others on social media.
Limiting Location Data ExposureLimiting Location Data ExposureMobile devices expose location data, and there is an associated risk that comes with using them. This report summarizes how and why location data might be shared and provides mitigations to limit this sharing, but warns there is no solution to fully protect a mobile device from being located.
Limiting Location Data ExposureLimiting Location Data ExposureMobile devices expose location data, and there is an associated risk that comes with using them. This report summarizes how and why location data might be shared and provides mitigations to limit this sharing, but warns there is no solution to fully protect a mobile device from being located.
Mitigating Recent VPN VulnerabilitiesMitigating Recent VPN VulnerabilitiesMultiple Nation State Advanced Persistent Threat actors are weaponizing known vulnerabilities to gain access to VPN devices. This document shares actions for compromise recovery and long-term hardening. Helpful for any net defenders or end users responsible for maintaining VPNs.
Mobile Device Best PracticesMobile Device Best PracticesThis guidance details steps end users may take to better protect their mobile devices and data.
Securing IPSec Virtual Private Networks (VPNs)Securing IPSec Virtual Private Networks (VPNs)This identifies common VPN misconfigurations and vulnerabilities and an overview of the ways to secure your VPN.
Selecting and Safely Using Collaboration Services Executive SummarySelecting and Safely Using Collaboration Services Executive SummaryThis document provides security assessment guidance about commercially available collaboration services to enable the Department of Defense and other U.S. Government customers to most securely using collaboration platforms who do not have access to government-provided tools, accounts, or equipment.
Selecting and Safely Using Collaboration Services Full ReportSelecting and Safely Using Collaboration Services Full ReportThis document provides security assessment guidance about commercially available collaboration services to enable the Department of Defense and other U.S. Government customers to most securely using collaboration platforms who do not have access to government-provided tools, accounts, or equipment.
Steps to Securing Web BrowsingSteps to Securing Web BrowsingWeb browsers pose a unique risk to enterprise infrastructure because of their frequent exposure to untrusted dynamic content. Configuring browser security settings is challenging due to uncertainty of both attack mitigation effectiveness and impact on end users. A key goal of this paper is to avoid impact to users while also mitigating as many attacks as possible.
Telework Best PracticesTelework Best PracticesThis joint NSA/DHS CISA slicksheet was designed during the era of COVID-19 to provide a list of “dos and don’ts” as they relate to telework. Helpful for end users using government-owned or personal devices.
Page 1 of 2

NSA’s Top Ten Cybersecurity Mitigation Strategies

These strategies detail methods to counter a broad range of advanced cyber threats. The information included will help drive robust conversation about network security and risk management on your organization’s networks and are also helpful for individuals looking to better understand any of these mitigations. The Top 10 are ranked based on threat intelligence findings and cybersecurity expertise for effectiveness against known adversary tactics.

ImageTitleDescriptionPublication Number
Info Sheet: Top 10 Mitigation Strategies (March 2018)Info Sheet: Top 10 Mitigation Strategies (March 2018)Info Sheet: Top 10 Mitigation Strategies (March 2018)
Info Sheet: Update and Upgrade Software Immediately (August 2019)Info Sheet: Update and Upgrade Software Immediately (August 2019)NSA Cybersecurity Information on best practice of updating and upgrading software immediately.1
Info Sheet: Transition to Multi-Factor Authentication (August 2019)Info Sheet: Transition to Multi-Factor Authentication (August 2019)NSA Cybersecurity Information on best practice of transitioning to multi-factor authentication.10
Info Sheet: Defend Privileges and Accounts (August 2019)Info Sheet: Defend Privileges and Accounts (August 2019)NSA Cybersecurity Information on best practices for defending privileges and accounts.2
Info Sheet: Enforce Signed Software Execution Policies (August 2019)Info Sheet: Enforce Signed Software Execution Policies (August 2019)NSA Cybersecurity Information on best practices for enforcing signed software execution policies.3
Info Sheet: Exercise a System Recovery Plan (August 2019)Info Sheet: Exercise a System Recovery Plan (August 2019)NSA Cybersecurity Information on best practice of exercising a system recovery plan.4
Info Sheet: Actively Manage Systems and Configurations (August 2019)Info Sheet: Actively Manage Systems and Configurations (August 2019)NSA Cybersecurity Information on best practice of actively managing systems and configurations.5
Info Sheet: Continuously Hunt for Network Intrusions (August 2019)Info Sheet: Continuously Hunt for Network Intrusions (August 2019)NSA Cybersecurity Information on best practice of continuously hunting for network intrusions.6
Info Sheet: Leverage Modern Hardware Security Features (August 2019)Info Sheet: Leverage Modern Hardware Security Features (August 2019)NSA Cybersecurity Information on best practice of leveraging modern hardware security features.7
Info Sheet: Segment Networks and Deploy Application-Aware Defenses (September 2019)Info Sheet: Segment Networks and Deploy Application-Aware Defenses (September 2019)NSA Cybersecurity Information on best practice of segmenting networks and deploying application-aware defenses.8
Info Sheet: Integrate Threat Reputation Services (August 2019)Info Sheet: Integrate Threat Reputation Services (August 2019)NSA Cybersecurity Information on best practice of integrating threat reputation services.9
Page 1 of 1