The NSA has Spoken: How to Break into your Network

July 7, 2016 |
The NSA has Spoken: How to Break into your Network

The NSA has spoken! Earlier this year, head of the National Security Agency’s top hacking outfit, Rob Joyce, told us how nation states break into your network. So now is the time to make life hard for him by following some of his great advice.

The NSA’s Tailored Access Operations team have broken down their model for gaining access to networks and it comprises the following six phases:

  • Reconnaissance
  • Initial Exploitation
  • Establish persistence
  • Install tools
  • Move laterally
  • Collect, Exfil and Exploit

Let’s take a look at some of the actions you can take to mitigate some of these risks.


Cloaking your network makes the reconnaissance phase difficult for would-be hackers. New approaches such as a Software-Defined Perimeter include Single Packet Authentication which make networks appear ‘dark’ until a specific key is used to reveal them. The usual information revealed by a port scan will be denied, so the types of services available at the network boundary will be much harder to identify.

Initial Exploitation

The most used means of achieving initial exploitation is to use stolen credentials. A key part of any defense is to require more than just a user/password to get into a target network. Single Packet Authentication can require all connecting devices to be seeded in some unique way. This would mean that an adversary would have to gain access to a seeded device as well as a user/password before any initial exploitation can succeed. Another key deterrent is to check for inconsistent user behavior and take appropriate remedial action – such as requiring additional authentication in order for that user to remain logged in.

Open networks make life really easy if you want to move laterally By deploying security tools that work both at the network boundary and within your network it is possible to better defend the network from ‘inside attacks’.

Lastly, techniques such as ‘comply to connect’ require the user (or their device) to present claims that are evaluated when a specific resource is being accessed. Specific requirements might include that users be inside the network and present an OTP. These types of additional hurdles make the Collect, Exfil and Exploit phase of any attack much harder to pull off.

As a final thought, Rob Joyce explained that networks are changing and becoming much less well defined. This could make the job of the adversary easier, but this need not be the case. Through the use of a Software-Defined Perimeter solution, the protected network can be reduced in size by massively reducing the attack surface. At the same time the user experience can be the same whether resources are on premises, hosted or in the cloud.

To learn more about how Cryptzone’s Software-Defined Perimeter solution, watch a two-minute video on Closing the Security Gap with a ’Segment of One.



Want a more technical introduction? Download the whitepaper on Dynamic Policy-Based Access Control with AppGate XDP.  

Back to Blog Home

Jamie Bodley-Scott

Jamie Bodley-Scott is the Technical Product Manager responsible for the identity & access management solutions offered by Cryptzone. He has worked in a wide range of industries, including financial services, aerospace, automotive and mobile computing prior to moving into IT security. He brings a wealth of accumulated experience in many disciplines: engineering, product & business development and channel management to the strategic team defining and driving the road map of Cryptzone's next generation of dynamic, identity-driven security solutions. Jamie graduated from London University with a degree in Electronic engineering and holds a Diploma in Marketing.

Leave a Reply

Your email address will not be published. Required fields are marked *