lesson 11 case study i cuckoo s egg review n.
Download
Skip this Video
Download Presentation
Lesson 11 Case Study I: Cuckoo’s Egg Review

Loading in 2 Seconds...

play fullscreen
1 / 9

Lesson 11 Case Study I: Cuckoo’s Egg Review - PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on

Lesson 11 Case Study I: Cuckoo’s Egg Review. Overview. What Happened What Techniques Worked What Techniques Didn’t Lesson to Teach. What Happened?. Unknown user exploited a computer at UC Berkeley Exploited a vulnerability in Email System Gained Super User Created Accounts

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Lesson 11 Case Study I: Cuckoo’s Egg Review' - gil


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
overview
Overview
  • What Happened
  • What Techniques Worked
  • What Techniques Didn’t
  • Lesson to Teach

UTSA IS 6353 Security Incident Response

what happened
What Happened?
  • Unknown user exploited a computer at UC Berkeley
  • Exploited a vulnerability in Email System
  • Gained Super User
  • Created Accounts
  • Installed backdoors
  • Wiped Logs
  • Hacked other networks
  • Pilfered Systems

UTSA IS 6353 Security Incident Response

enter cliff stoll
Enter Cliff Stoll
  • Poor Astronomer who needed $$$$
  • Worked in Computer Center
  • Noticed a 75 cents anomaly in accounting system
  • Found the “Hunter” account
  • Grabbed the tiger by the tail and didn’t let go
    • Persistence, persistence, persistence
    • 1+ year chase

UTSA IS 6353 Security Incident Response

innovative techniques
Innovative Techniques
  • First Intrusion Detection System
  • Key stroke logging
  • Internet traceback
  • Use of a “honey pot”
  • Electronic signals analysis on Kermit

UTSA IS 6353 Security Incident Response

the good
The Good
  • His persistence
  • His willingness to learn
    • Diligently researched unknowns
  • Obtained supervisor’s approval
  • Kept detailed notes in his log book
  • Time stamped everything
  • Cross-correlation of data
  • Maintained tight operational security
  • Communicated with everyone

UTSA IS 6353 Security Incident Response

the bad
The Bad
  • No incident response plan
    • Initially removed “Hunter” account
  • Broke the chain of evidence by mis-handling the bulk of the printouts outside of a controlled environment
  • Conducted social engineering to get information
  • Sometimes failed to get permission
  • Failed to obtain funding (but he has a great book deal!)
  • Jumped to conclusions at times

UTSA IS 6353 Security Incident Response

the ugly
The Ugly
  • He social engineered others
  • He hacked in to some systems
  • Government investigators slow to respond

UTSA IS 6353 Security Incident Response

summary
Summary
  • Though provoking novel of intrigue
  • Many concepts still in use today
  • Common pitfalls:
    • Failed to discuss what didn’t work
    • Failed to reference properly
    • Lack of bibliography—minimum references

UTSA IS 6353 Security Incident Response