The guidance is meant to be generic, applicable to a broad range of network devices, and should help administrators prevent adversaries from exploiting their networks.
According to the NSA, organizations looking to ensure that a network is protected from threats and that resources are secured should implement multiple defensive layers and also adopt a zero-trust security model.
When it comes to network architecture, the NSA recommends that organizations install security devices such as a border router and next-generation firewalls at the perimeter, and also notes that publicly accessible systems and outbound proxies should be placed in between firewalls, and that monitoring solutions, remote log servers, and redundant devices should be deployed within the network.
