This is the second entry in a two-part series covering the NSA’s chief hacker’s recent talk at a security conference. Rob Joyce, the head of the Tailored Access Operations program put in place by the NSA to conduct cyberespionage operations on foes and allies alike, briefly revealed how state-sponsored hackers infiltrate their targets’ networks, often successfully. Now, Lifars reports on his insights to keep NSA cyber-spies (like him) out of your network.
The first entry can be read here: NSA Chief Hacker Reveals How He Can Be Kept Away – Part 1.
Rob Joyce quickly ran through a list of to-dos for those who are looking to make his job harder. He could be forgiven for cutting short this particular portion of his talk.
Speaking candidly, the NSA hacker-in-chief explained that special access privileges to critical systems ought to be restricted to a select few. This inherently makes the NSA’s task difficult as the number of targeted are lowered. Furthermore, he nodded toward segmenting networks and vital information and data. Such a move makes it harder for hackers to gain access to what they’re looking for.
The NSA employee also recommends patching systems regularly. Application whitelisting is also important for trust. Hardcoded passwords are a strict no-no and ought to be removed. So too should legacy protocols that aren’t updated and are still functional. More specifically, protocols that transmit passwords in the clear, should be curbed.
A Proactive, Keen SysAdmin
Joyce also pointed to roadblocks that make his job significantly harder. One such roadblock is an “out-of-band network tap.” This is a device that continually monitors network activity and maintains logs that can record anomalous activity. When these logs are being looked and read into regularly by a system administrator the game is up.
Another insight revealed by Joyce goes against popular opinion that state-sponsored hackers via the NSA or other agencies around the world. He claimed that the NSA does not rely on zero-day exploits, not extensively anyway. He says the NSA doesn’t heavily look at zero-days, simply because they don’t have to.
“[With] any large network, I will tell you that persistence and focus will get you in, will achieve that exploitation without the zero days,” he says.
There’s so many more vectors that are easier, less risky and quite often more productive than going down that route.
Image credit: Wikimedia.