Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Out-of-Band TAPs Are an NSA Nightmare

Network Visibility Using TAPs

Remember that line from Alan Turing in the movie The Imitation Game? The moment he realized the significance of C-I-L-L-Y?

Network Visibility Using TAPs

Remember that line from Alan Turing in the movie The Imitation Game? The moment he realized the significance of C-I-L-L-Y?

The Germans thought that with Enigma, they had the answer to securing their communications. Maybe they did, well, until they didn’t. If only they’d been better at monitoring their own, what they thought to be, thoroughly secure network, they might have caught the unwitting insider who accidentally exposed them with something as simple as a daily weather report. Little things can mean a lot, especially when you figure in the convenience factor.

During the recent and inaugural Usenix Enigma security conference, NSA Chief Hacker Rob Joyce gave a much-anticipated talk during which he revealed how some seemingly little things might actually help keep him and his hacker associates out of our systems.

Hackers Are Humans, Too

They don’t call them Advanced Persistent Threats (APTs) for nothing. As Joyce said, persistence and patience is the name of the game. Turing was persistent. And so, too, are today’s hackers. In fact, they’re hyper-persistent, hyper-patient, and hyper-smart.

But . . . they’re also human. And humans like to take the easy way out. Or, in this case, in.

It’s a bit like if I were a burglar. Whilst out casing some affluent neighborhood for my next big heist, let’s say I find three attractive home targets. The first has a fence. The second, a fence and an alarm system. The third, a fence, an alarm system, a pair of Zeus and Apollo lookalikes, and flood lights. As much as I like dogs, we all have our deterrents—and, frankly, the only lighting I like these days comes from candles.

The idea is to make yourself a less attractive target.

Advertisement. Scroll to continue reading.

No doubt, Joyce and team are quite capable of advanced zero-day attacks. But that’s not where they’ll start. They don’t have to. Other, easier pickings and targets abound, including: sysadmins (whose credentials are king for gaining system access); hardcoded passwords in software or those submitted via old protocols (useful for lateral network movement); or HVAC and other features of building infrastructure.

Joyce also pointed out how easy it is to hack network systems that have gone unpatched for known vulnerabilities or been otherwise inadvertently infected. As an example of the latter, he specifically called out employees who’ll bring and connect devices to the office that they’ve let their kids load up with Steam games. Do you know what those are? To start, a security threat.

A couple months ago, it was revealed that Steam, a gaming platform, had developed a huge security problem. Due to some caching issue, users who logged in to view their account details were also able to see the personal details—including credit card information and mailing addresses—of other users. Not good.

NSA Best Practices to Get in Tip TAP Security Shape

To make life harder for hackers, Joyce had some advice. He suggested limiting access privileges to important systems; segmenting networks and important data to make it more difficult to reach critical assets; patching systems and implementing application whitelisting; and removing hardcoded passwords and legacy protocols that transmit passwords in the clear.

Even more interesting, though, was what he had to say about network TAPs. For the NSA, one of the hardest things to hack against is a network with out-of-band TAPs—which enable the continuous monitoring of network activity by sending copies of packets to security inspection and analytics devices. Joyce labeled them a nightmare—especially when combined with fastidious system administrators who actually read and pay attention to those logs.

What he didn’t mention, but maybe could have, was the full potential of a network replete with network TAPs: creating a visibility fabric. Think of it as a pervasive layer that spans all reaches of the network and, ultimately, gives security tools their best chance at spotting anomalies in the network. Leveraging network TAPs, which are primarily used to send copies of traffic to out-of-band security tools, the visibility fabric can also connect inline security devices like firewalls and IPSes. For these, the visibility fabric adds bypass capabilities and the ability to load balance traffic in case of tool failure.

With a visibility fabric, maybe those sysadmins wouldn’t need to be quite so fastidious because false positives are reduced when the right traffic makes it to the right tools. To think this discussion all started with the humble TAPs. And now, we can see that one person’s nightmare could be a security admin’s dream come true. 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.