Guidance for securing networks continues to evolve as new vulnerabilities are exploited
by adversaries, new security features are implemented, and new methods of securing
devices are identified. Improper configuration, incorrect handling of configurations, and weak
encryption keys can expose vulnerabilities in the entire network. All networks are at risk of
compromise, especially if devices are not properly configured and maintained. An
administrator’s role is critical to securing the network against adversarial techniques and requires dedicated people to secure the devices, applications, and information on the network.
This report presents best practices for overall network security and protection of individual network devices, and will assist administrators in preventing an adversary from exploiting their network. While the guidance presented here is generic and can be applied to many types of network devices, sample commands for Cisco Internetwork Operating System (IOS) devices are provided which can be executed to implement the recommendations.