Question

In: Computer Science

In 1-2 pages (a paragraph or so for each item), describe your top 3 security-related takeaways...

In 1-2 pages (a paragraph or so for each item), describe your top 3 security-related takeaways or security insights you noted while reading the book.(cuckoos egg.)

  • These insights can be about anything you noted in the story (chocolate chip recipes do not count, though) whether it is about technology, investigative/(pre)forensic techniques—technical or otherwise, preventative, reactive, collaboration (or lack thereof) between entities/organizations/groups, etc

Solutions

Expert Solution

So what can today’s IT professionals learn from Clifford Stoll’s eight-bit security battles? Firstly, vigilance is still vital. Ignoring those nine seconds of stolen processing time would have allowed the hacker to continue undetected. Instead, Stoll’s investigations led to prosecutions for crimes including espionage. Transparency among security agencies is equally important. This is especially true since the State-sponsored hacking of Lawrence Berkeley was compounded by data silos and the inability of rival Government agencies to work together. And anyone who uses passwords like “password” or “guest” doesn’t deserve to retain their job.

Another lesson to emerge from The Cuckoo’s Egg is the value of non-financial data. The FBI shrugged off Stoll’s warnings because there was no monetary value attached to the information being targeted. Yet as the author points out, “What’s the value of a high-temperature superconductor?” Similarly, the Ashley Madison data theft two years ago had little fiscal impact on its victims, but it did lead to divorce and deaths. Any company harvesting or storing sensitive information has a moral obligation to apply cutting-edge security protocols. These practices deter all but the most skilled or determined criminals.
Above all, The Cuckoo’s Egg demonstrates the more things change, the more they stay the same. This true-life exposé remains a fascinating read for every IT professional. This book is an essential tome for anyone involved with cyber security.

Content review: The Cuckoo’s Egg

We were excited about this book because, as Rebekah illustrated over the course of our last three calls, the story tracks the first documented case of cyber-espionage. In the late 1980s, processes and tools for incident response and intrusion analysis were virtually non-existent, and the author, Cliff Stoll (an astronomer-turned-computer-wiz), was creating process on the fly as he tracked a hacker through his lab’s network and across the globe. Many of the methods Cliff used—and the problems he encountered—are still relevant and common today.

Plot points (Beware: Spoilers!)

  • The whole story starts with a tiny accounting error: Cliff gets curious and digs into a $0.75 billing discrepancy, only to discover a hacker has been logging onto his lab’s network using stolen accounts.
  • There was nothing in place to track the hacker, and there was no single place to track the hacker; Cliff and friends had to improvise, create their own information-sharing network, and pull other disciplines into the investigation. Cliff had to develop hypotheses and ways of testing them.
  • Eventually, the right co-investigators were identified at various telecommunications carriers (relationship-building FTW!), and the hacker is traced to Germany. However, Cliff doesn’t have a ton of luck getting help from the federal government, and the hacker continues to find ways to break into computers, even after system admins have been warned about the threat. Cliff and his partner (super lawyer) Martha set up honey docs for the hacker, hoping to keep him on the line long enough that they can complete a trace. Spoiler: It works!
  • Eventually, folks in DC start paying more attention. Cliff briefs intelligence agencies on the hacker and monitors the hacker’s activities while waiting for the arrest (side note: international relations are hard). The hacker—a West German resident—is finally caught, and in true blockbuster style, our hero and heroine, Cliff and Martha, decide to get married. Cue upbeat pop music as the credits roll!

Security myths we encountered in The Cuckoo’s Egg

  • Cliff didn’t believe a hacker could guess their archaic passwords.
  • The system administrator didn’t think anyone could create new users.
  • The belief that many networks were ‘isolated’ and therefore couldn’t be reached was evident at several points in the story.

“Let’s be a tad careful and change our important passwords.”

Themes

  • Understanding adversaries: “The hacker didn’t succeed through sophistication. Rather he poked at obvious places, trying to enter through unlocked doors. Persistence, not wizardry, let him through.”
  • The vulnerable nature of networks: “It doesn’t take brilliance or wizardry to break into computers. Just patience.”
  • The dilemma of disclosure: To publish or not to publish? “If you don’t publish, nobody will learn from your experience. The whole idea is to save others from repeating what you’ve done.”
  • Has the exchange of information (fundamentally) changed? “Hacking may mean that computer networks will have to have elaborate locks and checkpoints. Legitimate users will find it harder to communicate freely, sharing less information with each other.”

Discussion questions

  • What was the biggest challenge Cliff faced during the investigation?
  • How has reading this book changed your understanding of threat intelligence?
  • Have we gotten better or worse at dealing with incidents and system vulnerabilities over the past three decades?

Takeaways

Ultimately, there were a number of simple and critical points we pulled from the book:

  • Curiosity is key. A seemingly insignificant inconsistency kicked off the entire series of global events recounted in The Cuckoo’s Egg. Never underestimate the power of a keen mind and a beckoning rabbit hole.
  • Forensic data is invaluable—as was Cliff’s propensity for documentation.
  • Use the scientific method: Without the ability to formulate hypotheses and test them in a methodical way, we are, as Cliff said, “gathering facts, not interpreting them.”
  • Look outside the security domain for methods and insights. Being able to apply methodologies and practices from other disciplines enriches and expands threat intelligence capabilities.
  • Share information; build relationships; profit (at least intellectually). Cliff built a network of people who helped him succeed in his investigation, but also who supported him when he was stressed and stuck. Sharing information and breaking down silos was crucial to his overall success.

Related Solutions

In 1-2 pages, describe in your own words, Risk Mitigation Techniques for the OWASP Top Ten...
In 1-2 pages, describe in your own words, Risk Mitigation Techniques for the OWASP Top Ten Vulnerabilities. Make sure to cover the following for each vulnerability: Vulnerability Name Prevention Technique Prevention Tool(s)
In 2-3 pages, develop a Secure Application Development Procedure which addresses each of the OWASP Top...
In 2-3 pages, develop a Secure Application Development Procedure which addresses each of the OWASP Top Ten Vulnerabilities. Make sure to address the following: Software Development Processes Secure Coding Techniques Application Configuration Techniques Web Server Configuration Techniques
1.) FIFO 2.) LIFO 3.) WEIGHTED AVERAGE 4.) SPECIFIC ITEM So your task to start this...
1.) FIFO 2.) LIFO 3.) WEIGHTED AVERAGE 4.) SPECIFIC ITEM So your task to start this discussion is to define each AND give an example
The marketing plan assignment needs to be done in 1 paragraph each part , at least 1-3 pages please.
The marketing plan assignment needs to be done in 1 paragraph each part , at least 1-3 pages please. If you have an idea for a business, this is a good time to explore the idea. Its better to have an unsuccessful marketing plan before you might invest in it. The plan should be a new to the world product or service or maybe an improvement over an existing one. Please do not submit a marketing plan of an existing...
Write an essay (2 pages + 1 reference page = 3 pages total) on your assigned...
Write an essay (2 pages + 1 reference page = 3 pages total) on your assigned patient Must have 2 or more references . Your patient is a 45year old female with a medical diagnosis of Hypertension. She has a MD order for Blood Pressure checks every 4 hours (q4h).      A. Name and describe 2 sites and 2 ways (types) to measure her Blood Pressure. (20pts)      B. What are some of the factors that affect Blood Pressure?                       (25...
DISCUSSION WEEK 2 Please write 1 paragraph for each question (total 3 paragraphs) and each paragraph...
DISCUSSION WEEK 2 Please write 1 paragraph for each question (total 3 paragraphs) and each paragraph shall be no less than 5 sentences and no more than 10 sentences. Points will be deducted for answers with fewer than 4 sentences or extra long posting (0.5 points per each answer). Give only the essential information. Writing long, run-on sentences will be considered as multiple sentences. Answer ALL PARTS of each question to earn full points. Discussion Topic: 1.   Why is responsibility...
- Discuss in details (2-3 pages) using your own words about Cloud Security Concerns, Risk Issues,...
- Discuss in details (2-3 pages) using your own words about Cloud Security Concerns, Risk Issues, and Legal Aspects (use at least 3 books as a references ) .
Describe each of the 5 main types of cyber security: 1) Critical infrastructure security: 2) Application...
Describe each of the 5 main types of cyber security: 1) Critical infrastructure security: 2) Application security: 3) Network Security: 4) Cloud security: 5) Internet of things security
Please write 1 paragraph for each of the following (total 3 paragraphs) and each paragraph shall...
Please write 1 paragraph for each of the following (total 3 paragraphs) and each paragraph shall be no less than 3 sentences and no more than 10 sentences. Points will be deducted for extra long posting (0.25 per each answer). Give only the essential information.] Discuss your own understanding of Ethics as applied in healthcare. Discuss the importance of the use of nursing Standards of Care. Discuss one specific type of law (origin, applications, sanctions, population affected) and educate your...
Please write 1 paragraph for each of the following (total 3 paragraphs) and each paragraph shall...
Please write 1 paragraph for each of the following (total 3 paragraphs) and each paragraph shall be no more than 6 sentences. *** Minus 1 point for extra long paragraphs or over 9 sentences. Week 1 Discussion 1. Distinguish between the levels of prevention. 2. Identify the circumstances in which each level is indicated. 3. Provide examples of each prevention type.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT