News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Protect your organisation
  3. Guidance
  4. Security for edge devices

Security for edge devices

The intent of this joint guidance is to help organisations secure edge devices — such as firewalls, routers, virtual private network (VPN) gateways, and internet-facing servers — against increasing cyber threats.

5 February 2025

The National Cyber Security Centre (NCSC) has joined with the following international partners to release guidance on edge device security:

  • The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC),
  • The Canadian Centre for Cyber Security (CCCS),
  • The United Kingdom’s National Cyber Security Centre (NCSC-UK), and
  • Other international partners.

Five Eyes cyber security agencies have observed an increase in targeted attacks on edge devices. The term ‘edge devices’ includes systems such as:

  • firewalls,
  • routers, 
  • virtual private network (VPN) gateways,
  • internet of things (IoT) devices,
  • internet-facing servers, and
  • internet-facing operational technology systems.

Failing to secure these network entry points is like leaving the doors open — making it easier for malicious cyber actors to access sensitive data, disrupt operations, and launch further attacks. 

To counter the increasing number and sophistication of these threats, the NCSC has collaborated with international cyber security agencies to release harmonised, timely, and audience-specific guidance for executives, middle managers, and practitioners. The publications provide unique, non-duplicative information that complement existing or upcoming publications. 

The following publications have been released: 

Mitigation strategies for edge devices: Executive guidance

Originally released by ASD on 3 October 2024, and adapted for international audiences, this guidance is for executives in large organisations and critical infrastructure sectors who are responsible for deploying, securing, and maintaining enterprise networks. It offers a high-level summary of best practices for securing edge devices.

Mitigation strategies for edge devices: Executive guidance | Cyber.gov.au External Link

Mitigation strategies for edge devices: Practitioner guidance

Led by ASD and designed for operational staff, cyber security staff, and procurement staff, this publication outlines key mitigation strategies for edge devices to improve security and resilience against cyber threats.

These strategies are vendor agnostic and apply to some of the most common edge devices and appliances used across enterprise networks and large organisations.

Mitigation strategies for edge devices: Practitioner guidance | Cyber.gov.au External Link

Security considerations for edge devices

Led by CCCS, this publication provides high-level guidance for management on securing VPNs, routers, and firewalls within organisational networks.

Security considerations for edge devices (ITSM.80.101) | Canadian Centre for Cyber Security External Link

Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances

Led by NCSC-UK, and aimed at edge device manufacturers, this publication outlines baseline requirements for forensic visibility and encourages integrating standard, secure-by-default logging to help detect malicious activity after an intrusion. 

Guidance on digital forensics and protective monitoring | NCSC UK. External Link