Black Hat 2013: Key Takeaways on Remote Access Security
With the books closed on what was quite possibly the most controversial Black Hat conference ever, let’s take a few minutes to reflect on all of the hot button issues relating to remote access that spurred vigorous discussions and debates at this year’s event. Here are a few of our favorite remote access-related topics from Black Hat 2013:
PRISM: A Spectrum of Opinions
When it was announced that NSA Director General Keith Alexander would be a keynote speaker, everyone attending knew they were in for an interesting show. He stood in front of a crowd of information security professionals and proclaimed, “If you disagree with what we're doing, you should help make it better.”
He’s right on that statement, but not for the reasons that he gave. It’s up to the information security industry in general to prevent programs like PRISM. More widespread use of technologies that make network communications difficult to intercept, such as VPNs, proxy servers, HTTPS and file encryption will certainly help, but a comprehensive network security framework is what is really necessary. Information security professionals need to work together to create open standards and improve network security across the board, so that programs that invade the privacy of users are not even feasible. IT security must go outside of the boundaries of individual components to prevent intrusions of all kinds by using an approach that lets organizations adjust their network security more rapidly if solutions interoperate than if components are siloed and not communicating.
Securing Privacy and Identities
Despite increasingly sophisticated security technologies such as biometrics, two-factor authentication, tokens, etc., hackers are becoming more adept in cracking passwords. In many cases, outdated hashing schemes are to blame, but hackers are also sniffing unsecured Wi-Fi networks, mobile hotspots, Bluetooth connections and more for passwords.
Having a robust remote access security solution will solve problems associated with unsecured networks, but it must be combined with better password encryption, improved authentication methods and central management by IT to enable a rapid response in the event that a network is compromised.
Mobile Security Challenges
Several presentations at this year’s Black Hat honed in on mobile operating system vulnerabilities, including a range of new ones for Android, iOS and BlackBerry 10. There has been a lot of hype surrounding dual persona phones recently, but an exploit that Ralf-Phillip Weinmann exposed in BlackBerry 10 showed just how easy it would be for a hacker to gain access to a user’s phone and in turn, compromise a corporate network operating without the right network security strategy in place. Mobile network security policies are a work in progress for many organizations, but it’s important to focus on them before hackers use mobile device exploits to steal sensitive information.
Were there any other topics at Black Hat that you thought were important? Let us know in the comments section below!