Network design and configuration

Further information on secure network design can be found in ASD’s Foundations for modern defensible architecture publication.

Further information on wireless networks can be found in the ‘Wireless networks’ section of these guidelines.

Further information on gateways can be found in the ‘Gateways’ section of the Guidelines for gateways.

Further information on encrypting communications can be found in the ‘Cryptographic fundamentals’ section of the Guidelines for cryptography.

Further information on network segmentation and segregation can be found in ASD’s Implementing network segmentation and segregation publication.

Further information on network security zones can be found in Canada’s Canadian Centre for Cyber Security’s Baseline security requirements for network security zones (version 2.0) publication.

Further information on implementing network segmentation and segregation for system administration purposes can be found in the ‘System administration’ section of the Guidelines for system management.

Further information on functional separation of servers using virtualisation can be found in the ‘Virtualisation hardening’ section of the Guidelines for system hardening.

Further information on blocking anonymity network traffic can be found in ASD’s Defending against the malicious use of the Tor network publication.

Further information on DNS services can be found in ASD’s Domain Name System security for domain owners and Domain Name System security for domain resolvers publications.

Further information on implementing encrypted DNS can be can be found in the United States’ National Security Agency’s Adopting Encrypted DNS in Enterprise Environments publication and the Cybersecurity & Infrastructure Security Agency’s Encrypted DNS Implementation Guidance publication.

Further information on selecting a protective DNS service can be found in the United States’ National Security Agency and Cybersecurity & Infrastructure Security Agency’s Selecting a Protective DNS Service publication.

Further information on cyber supply chain risk management can be found in the ‘Cyber supply chain risk management’ section of the Guidelines for procurement and outsourcing.

Further information on network device hardening, particularly for edge devices, can be found in the following publications:

• ASD’s Mitigation strategies for edge devices: Executive guidance
• ASD’s Mitigation strategies for edge devices: Practitioner guidance
• Canada’s Canadian Centre for Cyber Security’s Security considerations for edge devices
• United Kingdom’s National Cyber Security Centre’s Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances.

Further information on network device hardening can also be found in the United States’ National Security Agency’s Network Infrastructure Security Guide publication.

Further information on event logging can be found in the ‘Event logging and monitoring’ section of the Guidelines for system monitoring.

Further information on event logging for network devices can also be found in ASD’s Priority logs for SIEM ingestion: Practitioner guidance publication.