An interesting talk happened recently during the Usenix Enigma security conference in San Francisco. It was held by Rob Joyce, basically the number one hacker of the US. He is the head of NSA's Tailored Access Operations, or TAO. That's pretty much the government's hacking team, tasked with breaking and entering into the systems of its enemies. Or allies, if need be.
This man, who assumed the position of hacker-in-chief just a few months before Edward Snowden blew the whistle on the whole ordeal, spoke about a lot of things which Wired summed up in one smart sentence – he explained how to keep people like him out of your systems.
Although everyone agrees that he probably didn’t say anything about TAO’s classified operations, he did say a couple of interesting things.
#1 – NSA hunts sysadmins
The NSA will always look for the credentials of network admins and pretty much anyone with high levels of access. It will also look for hardcoded passwords in legacy protocols.
#2 – No crack is too small
If your system has a crack and NSA can find it – it will use it. No matter how small and insignificant it might be. Do not underestimate what even the tiniest of cracks can do to your system.
#3 – BYOD is danger
If you use your own device to connect to your company’s network, make sure to keep it safe, use it only for work and don’t give it to your kids. Joyce said that Steam, Internet-based digital distribution platform for games is a huge security threat.
So basically, if you want to keep safe, limit access privileges for important systems and segment the networks. Patch up your systems and remove any legacy protocols. And remove hardcoded passwords.
A more detailed overview of the conference can be found on this link.