Lesson 11 case study i cuckoo s egg review
This presentation is the property of its rightful owner.
Sponsored Links
1 / 9

Lesson 11 Case Study I: Cuckoo’s Egg Review PowerPoint PPT Presentation


  • 63 Views
  • Uploaded on
  • Presentation posted in: General

Lesson 11 Case Study I: Cuckoo’s Egg Review. Overview. What Happened What Techniques Worked What Techniques Didn’t Lesson to Teach. What Happened?. Unknown user exploited a computer at UC Berkeley Exploited a vulnerability in Email System Gained Super User Created Accounts

Download Presentation

Lesson 11 Case Study I: Cuckoo’s Egg Review

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Lesson 11 case study i cuckoo s egg review

Lesson 11Case Study I:Cuckoo’s EggReview


Overview

Overview

  • What Happened

  • What Techniques Worked

  • What Techniques Didn’t

  • Lesson to Teach

UTSA IS 6353 Security Incident Response


What happened

What Happened?

  • Unknown user exploited a computer at UC Berkeley

  • Exploited a vulnerability in Email System

  • Gained Super User

  • Created Accounts

  • Installed backdoors

  • Wiped Logs

  • Hacked other networks

  • Pilfered Systems

UTSA IS 6353 Security Incident Response


Enter cliff stoll

Enter Cliff Stoll

  • Poor Astronomer who needed $$$$

  • Worked in Computer Center

  • Noticed a 75 cents anomaly in accounting system

  • Found the “Hunter” account

  • Grabbed the tiger by the tail and didn’t let go

    • Persistence, persistence, persistence

    • 1+ year chase

UTSA IS 6353 Security Incident Response


Innovative techniques

Innovative Techniques

  • First Intrusion Detection System

  • Key stroke logging

  • Internet traceback

  • Use of a “honey pot”

  • Electronic signals analysis on Kermit

UTSA IS 6353 Security Incident Response


The good

The Good

  • His persistence

  • His willingness to learn

    • Diligently researched unknowns

  • Obtained supervisor’s approval

  • Kept detailed notes in his log book

  • Time stamped everything

  • Cross-correlation of data

  • Maintained tight operational security

  • Communicated with everyone

UTSA IS 6353 Security Incident Response


The bad

The Bad

  • No incident response plan

    • Initially removed “Hunter” account

  • Broke the chain of evidence by mis-handling the bulk of the printouts outside of a controlled environment

  • Conducted social engineering to get information

  • Sometimes failed to get permission

  • Failed to obtain funding (but he has a great book deal!)

  • Jumped to conclusions at times

UTSA IS 6353 Security Incident Response


The ugly

The Ugly

  • He social engineered others

  • He hacked in to some systems

  • Government investigators slow to respond

UTSA IS 6353 Security Incident Response


Summary

Summary

  • Though provoking novel of intrigue

  • Many concepts still in use today

  • Common pitfalls:

    • Failed to discuss what didn’t work

    • Failed to reference properly

    • Lack of bibliography—minimum references

UTSA IS 6353 Security Incident Response


  • Login