By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    data science anayst
    Growing Demand for Data Science & Data Analyst Roles
    6 Min Read
    predictive analytics in dropshipping
    Predictive Analytics Helps New Dropshipping Businesses Thrive
    12 Min Read
    data-driven approach in healthcare
    The Importance of Data-Driven Approaches to Improving Healthcare in Rural Areas
    6 Min Read
    analytics for tax compliance
    Analytics Changes the Calculus of Business Tax Compliance
    8 Min Read
    big data analytics in gaming
    The Role of Big Data Analytics in Gaming
    10 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Disrupting Nation State Hackers With the Security Basics
Share
Notification Show More
Latest News
ai in automotive industry
AI Is Changing the Automotive Industry Forever
Artificial Intelligence
SMEs Use AI-Driven Financial Software for Greater Efficiency
Artificial Intelligence
data security in big data age
6 Reasons to Boost Data Security Plan in the Age of Big Data
Big Data
data science anayst
Growing Demand for Data Science & Data Analyst Roles
Data Science
ai software development
Key Strategies to Develop AI Software Cost-Effectively
Artificial Intelligence
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > Disrupting Nation State Hackers With the Security Basics
ITSecurity

Disrupting Nation State Hackers With the Security Basics

thu@duosecurity.com
Last updated: 2016/04/06 at 2:19 PM
thu@duosecurity.com
5 Min Read
SHARE

Contents
Why It’s So Hard to Secure EverythingHow to Secure All The ThingsDefend Against Lateral Movement

Earlier this year at the USENIX Enigma information security conference held in San Francisco, NSA’s Rob Joyce gave a talk, Disrupting Nation State Hackers on how to keep people like him (nation state and other types of hackers) out of their systems.

More Read

data security in big data age

6 Reasons to Boost Data Security Plan in the Age of Big Data

A Guide to Using XDR Threat Protection to Stop Data Breaches
Four Strategies For Effective Database Compliance
Fortifying Enterprise Digital Security Against Hackers Weaponizing AI
5 Ways to Streamline Your Business Data for Maximum Efficiency

Earlier this year at the USENIX Enigma information security conference held in San Francisco, NSA’s Rob Joyce gave a talk, Disrupting Nation State Hackers on how to keep people like him (nation state and other types of hackers) out of their systems.

Rob has been with the NSA for 25 years, and now works as head of their Tailored Access Operations (TAO) taskforce that hacks into systems of foreign adversaries, as Wired reported in January.

Why It’s So Hard to Secure Everything

Network boundaries are becoming more amorphous and blurred, due to:

  • Bring Your Own Device (BYOD) – Personal devices, including mobile phones, tablets and other devices are being trusted on your network
  • Cloud computing – By putting your data in the cloud, you’re putting trust in your cloud provider’s security protocols – but it’s still part of your risk and liability
  • Internet of Things (IoT) – Many elements of your building infrastructure (such as heating/cooling systems) are now part of your network and liability
  • Work from … anywhere – Logging in from different, possibly unsecured networks can put transmitted and accessed data at risk, especially if done with outdated devices

How to Secure All The Things

There are things organizations can do to protect against known vulnerabilities, malware and other ways attackers try to get in:

Upgrades and automatic patching – If there’s a known bug in software that’s exploitable, you should fix that and get it off your network.

Automatic patching that is beyond user control is ideal for security, as it cuts down on the hacker’s opportunity window between a vulnerability becoming public and actual execution.

Known vulnerabilities are used more often than zero-days, and are effective only because organizations don’t update as often as they should.

Implement application whitelisting – Establish a list of applications that have been granted permission to execute on your machines – when an app attempts to execute, it’ll be checked against the list before allowing it to run.

The concept of trusted devices and networks works in a similar way. Make a list of devices and networks that you allow to access your applications, and block any anonymous networks or certain locations based on a list of IP addresses.

Credential security – Rob notes that in almost any intrusion during the initial exploitation phase of hacking, attackers try to get credentials to gain legitimate access.

Monitoring and setting a baseline for normal user behavior can help you recognize when a user is acting differently once logged in with legit credentials.

Ensure you use the least privilege principle for your users’ accounts, and only allow a small number of accounts to have the keys to the kingdom.

And more authentication security – Eliminate the reuse of administrator credentials to servers, which can lead to wide-scale compromises.

Eliminate the use of hardcoded admin or other system-wide credentials, and ensure they’re not accessible on any devices.

Ensure all authentication is only done with modern protocols, keeping passwords out of plaintext. While most modern protocols don’t pass plaintext credentials, older ones do – and nation-state hackers do take advantage of the ones that are

Two-factor authentication – The use of two-factor technology makes it harder to steal credentials. It’s important to ensure that lost credentials doesn’t get turned into a pivot at a later stage, allowing for greater access

Defend Against Lateral Movement

Most networks have a hard outer shell, but soft gooey center. Here’s how you can harden it:

Network segmentation – Identify what you need to protect, segment and manage the trust to the most important places to make it difficult for hackers to access. Consider who really needs access, and again, employ least privilege.

Two-factor authentication – Again, use it everywhere to stop hackers from moving around inside your network. Attackers will leverage multiple stolen credentials or reused passwords to get closer to their target data.

Disable software you’re not using – While not new advice, this can greatly reduce the attack surface.

Watch the video for Rob Joyce’s full talk.

TAGGED: data security, hackers
thu@duosecurity.com April 6, 2016
Share this Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

ai in automotive industry
AI Is Changing the Automotive Industry Forever
Artificial Intelligence
SMEs Use AI-Driven Financial Software for Greater Efficiency
Artificial Intelligence
data security in big data age
6 Reasons to Boost Data Security Plan in the Age of Big Data
Big Data
data science anayst
Growing Demand for Data Science & Data Analyst Roles
Data Science

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

data security in big data age
Big Data

6 Reasons to Boost Data Security Plan in the Age of Big Data

7 Min Read
data breach issues
Security

A Guide to Using XDR Threat Protection to Stop Data Breaches

6 Min Read
database compliance guide
Data Management

Four Strategies For Effective Database Compliance

8 Min Read
Digital Security From Weaponized AI
Security

Fortifying Enterprise Digital Security Against Hackers Weaponizing AI

11 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence
ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?