NSA Best Practices for Secure Home Networks
6 May 2011
The NSA has published a great guide on securing home internet connections titled "Best Practices for Keeping Your Home Network Secure" at http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf. This fact sheet provides a lot of helpful guidance to Windows and Mac users. Sadly, it doesn't include any recommendations for Linux users. Aside from this notable shortcoming the document provides some great security tips for traditional, as well as emerging technologies. The document very astutely identifies the increased risk to employees when using home networks due to the generally lower security protections.
Discussion of hot topics, such as iPad security, cloud services security, and social networks, are presented next to the traditional advice to use WPA2 and strong passwords. Many of these emerging technology areas aren't covered by a consensus on best practices yet so it's nice to see the NSA taking the lead to address security considerations and provide tips for secure use of these technologies. As cloud, mobile, social, and virtualization become more commonplace users will search for security guidelines like the ones provided in the NSA document.
The document also covers tips for physical protection of mobile computing devices. The guidelines also include some discussion of mobile computing in environments outside of work (such as wireless hot spots, or in hotels) and provides great suggestions for reducing risk. With mobile computing becoming more commonplace it's wonderful to have concrete suggestions about topics such as whether mobile users should use Wifi or cellular (3G and 4G) for connectivity. There are also guidelines about using hardware integrated into mobile devices, such as cameras and GPS.
I particularly liked the discussion of e-mail, and the segregation between personal and enterprise resources. There are some good suggestions about how to set up your e-mail to avoid spam as well as leaking information. E-mail is a tried and true technology, but it's ubiquity also makes it a target, and it pays to give some thought to e-mail security.
I was frankly surprised to see the US government producing such a high quality document. The NSA has a great track record of producing top notch technical security guidelines, but this is the first such publication that I've seen that is suitable for general consumption. I laud the NSA for publishing such a great document, as well as their obvious efforts to put more information like this into the public sphere.