Read the book The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. When you completed the book, create a report following these instructions: Cite chapters for each question so the graders can look up the references in case your points are unclear. Failing to cite chapters will result in a 4-point deduction. Also, by citing chapters, you are demonstrating you understand where you found the information. This assignment is NONCOLLABORATIVE—please do your own work. Turnitin function will be turned on for this assignment. Rubric Question Task– remember to cite chapters Grading weight 1-3.) In 1-2 pages (a paragraph or so for each item), describe your top 3 security-related takeaways or security insights you noted while reading the book. These insights can be about anything you noted in the story (chocolate chip recipes do not count, though) whether it is about technology, investigative/(pre)forensic techniques—technical or otherwise, preventative, reactive, collaboration (or lack thereof) between entities/organizations/groups, etc 16 points for each insight (total=48 points for this part) 4.) Explain the cuckoo’s egg exploit using the 4 security tenets of confidentiality, integrity, availability, and accountability. 7 points each (total=28 pts for this part) 5-8.) Choose and answer any 4 questions below; 6 points each (total=24 pts for this part) Questions—choose only 4 to answer, and remember to cite chapters: Name 5 default passwords that Cliff saw that every system administrator should have changed immediately upon installing new software that came with default, known passwords. Name 3 passwords Cliff and other system users use (NOT the hacker) and discuss why they are poor; What was the significance of copying the encrypted password file? When Cliff describes how the hacker is getting in, what 2 security design principles were not followed that allowed the cuckoos egg security flaw? What is a problem of a homogenous network? What is the value of software heterogeneity? Explain one way the hacker got passwords What was the one action the hacker always did that alerted cliff that it was the hacker? What program helped Cliff realize he could calculate the location of the hacker? Explain a technology/technique Cliff used to keep the hacker from getting any serious access on certain occasions What is the physical device that Cliff used to apprise him to the hacker’s presence? What is an intercept operator? What were the poor security practices that would have had to occur for the hacker to use the system to connect to another system (before VOIP and wireless routers!)? Where was Dockmaster located? What type of physical structure does the author compare a system to? How did Cliff first record the suspected hackers activity? On what did he record the suspected hackers’ activity? How did Cliff determine the hacker was an individual and not an automated program? How did the Morris worm propagate? Cliff states in the book that viruses are rare (At that point in security history, they were). What does he go on to say that is still true today?
Post your Paper