Joint advisory on modern approaches to network access security

The Canadian Centre for Cyber Security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. (Cyber Centre) has joined the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the following international partners in releasing cyber security guidance on modern approaches to secure network access:

• Australian Cyber Security Centre (ACSC)
• New Zealand National Cyber Security Centre (NCSC-NZ)

Virtual private network Virtual private networkA private communications network usually used within a company, or by several different companies or organisations to communicate over a wider network. VPN communications are typically encrypted or encoded to protect the traffic from other users on the public network carrying the VPN. (VPN VPNSee virtual private network. ) solutions have been identified in many high-profile cyber incidents. Due to these incidents, some organizations are considering more modern security network access solutions, such as Secure Service Edge (SSE) and Secure Access Service Edge (SASE). These latest solutions allow organizations to move closer to overall Zero Trust principles.

The joint guidance provides an overview of modern approaches to network security for executive leaders, network defenders of critical infrastructure Critical infrastructureProcesses, systems, facilities, technologies, networks, assets, and services essential to the health, safety, security, or economic well-being of Canadians and the effective functioning of government. Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence. and government organizations. The guidance is intended for organizations considering a shift from traditional VPN deployment towards more secure solutions, such as SSE and SASE . Best practices for transitioning to cloud-based solutions in pursuit of Zero Trust goals are reviewed.

In addition to the consideration and implementation of more modern network access solutions, all organizations are encouraged to implement a minimum set of practices and protections. These practices and protections include the following:

• Implementing a centralized management solution
• Segmenting networks
• implementing security orchestration, automation and response
• Developing, maintaining, updating, and regularly drilling IT and OT cyber security incident response plans

The guidance provided aims to help organizations prioritize the protection of secure remote computing environments, while operating under the principles of least privilege Least privilegeThe principle of giving an individual only the set of privileges that are essential to performing authorized tasks. This principle limits the damage that can result from the accidental, incorrect, or unauthorized use of an information system. .

Read the joint guidance advisory Modern approaches to network access security.