Head of NSA's hacker squad explains how to armor networks against the likes of him


#1

[Read the post]


#2

An “out-of-band network tap”—a device that monitors network activity and produces logs that can record anomalous activity—plus a smart system administrator who actually reads the logs and pays attention to what they say

So basically we’re screwed.


#3

yeah BYOD is such a fucking fantastic idea. FOR THE BAD GUYS.


#4

That advice is one of those “brush your teeth after every meal” sort of things. We all know we should, most of us don’t.

Admins, lets make this Read Our Logs day :smiley:


#5

well the logs are so much noise over signal most of the time. what any good IT shop should have in place are scripts that parse them for you and ticket you for the anomalies. (cause I am not gonna be reading logs for 10K boxes manually)


#6

of course :smiley:
how bout Splunk Anomaly Detection day? :smiling_imp:


#7

I greet this information with a rather gargantuan grain of salt. Why the EFF would the head of one of the most secret and apparently effective units in the NSA be giving instructions to ANYONE other than his own folks and behind heavily secured doors? If the idea is to release information that would benefit business and techie-level users, why not have someone at NIST do it? I don’t consider myself a conspiracy-minded person (it’s not paranoia if you know it’s true), but this seems a little too cheap and easy, and suggests to me that they’ve already got shit that can defeat all the ‘countermeasures’ he discusses.*

*Gonna watch the vid later, but my initial skepticism stands.

EDITS:
**Meant “read the article” later, which I did. And, I remain skeptical. And at the end of his talk, Wired noted, with irony, that he posted a QR code up on the screen:

He ended his talk with a slide showing a huge QR code, which got a laugh.

“Anybody holding up a camera?” Joyce asked. “Who’s gonna [photograph] the QR code from the NSA guy?”

QR codes are one way hackers attack systems by sending their browser to a malicious web site where malware is downloaded to it. Joyce, however, said his QR code was on the up-and-up and would take visitors to a legitimate NSA web site for more information. “[T]hat is a real link,” he said. “Trust me.”


Trust me, ha ha ha, no really, it’s all guud, right? Ha ha, trust me. JFC.

#8

interestingly enough he just went short on Steam a few days before giving this talk.


#9

well where I work they are paranoid. if clear case wasn’t so dumb and required a userid/password as well as admin rights to run properly i would have neither.
till i came to this group even as a server admin i didn’t have local admin rights on my laptop. both my normal and admin account (for server access) are smart badge+pin with the ability to get a short term random password for tools that still require it.

i am a contractor/supplier but i have to use a machine provided by who i actually do work for rather than who gives me a paycheck because i access the servers and security says no to me using another machine.

in all it works out we don’t need the admin rights locally as they have spiffy tools for installing software that will elevate permissions just for the install and we can get approved short term for any other software that can’t be installed that way (and is approved).

so yeah i just kinda boggle at all the BYOD hype as all it does to me is say SECURITY NIGHTMARE… but then maybe i have worked in an company that has SOX, ITAR, EAR, HIPAA, PII, issues to wrangle… and hey PII reminds me when I had access to the servers that had PII data (and we never had direct access to the data) I had the laptop scanned every 3 months, had to register the asset tag every 6 months and get a background check every 2 years.

in other fun news i get to stick with lotus notes for employer email for the immediate future because my actual employer in switching to exchange just contracted to the microsoft generic cloud service which of course i can’t use because of ITAR and EAR. smart move executives. way to think things through.


#10

So a little bit of basic common sense, and a bunch of stuff that is very standard security best practices, but that nobody actually wants to do because it’s a huge pain in the ass for everyone who has to use that network.

That’s actually a pretty cool idea for organizations that can afford it. As an individual, I can’t see bothering with something like that unless I had a very good reason to think that the NSA had a particular interest in me, personally, which I don’t.


#11

Good to know you can post a long opinion without reading the article first…


#12

check! now if you’ll excuse me i have to go examine my logs…


#13

Well if that’s how you’re going to roll, please don’t post any pictures of them.


#14

Well…if that’s how you feel you definitely shouldn’t visit http://www.ratemypoo.com/ :poop: :worried::smiling_imp::scream::sob:

The internet has some pretty crazy stuff…seriously, don’t visit unless you really really want to see strangers poop. :frowning: cannot be unseen.


#15

A long opinion that, quite frankly, did not require reading anything other than Cory’s writeup. Do you have a critique of what I wrote, or were you just killing time?


#16

Yeah, my critique is “Read the f’ing article and then post.”


#17

What read the article? In full? Sorry I hung out on slashdot way too long for that to be a habit.


#18

Allow me to give my opinion and ask my questions which are actually discussed in the piece I failed to read!


#19

IF you read what I wrote, all of it, then it might occur to you that my comment did not require an entire examination of the Wired article, as it offered no further information regarding my initial question.

Here is a shoulder. Feel free to cry on it:


#20

This topic was automatically closed after 5 days. New replies are no longer allowed.