Question

Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage

Explain the cuckoo’s egg exploit using the 4 security tenets of confidentiality, integrity, availability, and accountability.

Answer 1

The basic tenets of information system security are confidentiality, integrity, and availability, sometimes known as the CIA triad.

Confidentiality ensures that the information is not disclosed to unauthorized persons or processes.

Integrity is achieved by accomplishing the following three goals:

1. Preventing the modification of information by unauthorized users.

2. Preventing the unauthorized or unintentional modification of information by authorized users

3. Preserving internal and external consistency:

  a). Internal consistency refers to a logical connection among data in the system. For example, assume that an internal database holds the number of units of a particular item in each department of an organization. The sum of the number of units in each department should equal the total number of units that the database has recorded internally for the whole organization.

b). External consistency refers to a logical connection among objects in the real world and their representations in the system. Using the example previously discussed in (a), external consistency means that the number of items recorded in the database for each department is equal to the number of items that physically exist in that department.

Availability ensures that a system’s authorized users have timely and uninterrupted access to the information in the system. Additional factors that support information system security are:

Authenticity: The confirmation of the origin and identity of an information source.

Identification: A user claiming an identity to an information system

Authentication: The confirmation and reconciliation of evidence of a user’s identity .

Accountability: Assigning responsibility for a user’s actions

Privacy: Protection of individually identifiable information

Organizational Security Policy: A high-level statement of management intent regarding the control of access to information and the personnel authorized to receive that information.

Availability:

Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a correctly functioning operating system environment that is free of software conflicts. It’s also important to keep current with all necessary system upgrades. Providing adequate communication bandwidth and preventing the occurrence of bottlenecks are equally important. Redundancy, failover, RAID even high-availability clusters can mitigate serious consequences when hardware issues do occur. Fast and adaptive disaster recovery is essential for the worst case scenarios; that capacity is reliant on the existence of a comprehensive disaster recovery plan (DRP). Safeguards against data loss or interruptions in connections must include unpredictable events such as natural disasters and fire. To prevent data loss from such occurrences, a backup copy may be stored in a geographically-isolated location, perhaps even in a fireproof, waterproof safe. Extra security equipment or software such as firewalls and proxy servers can guard against downtime and unreachable data due to malicious actions such as denial-of-service (DoS) attacks and network intrusions.

ACCOUNTABILITY – holds user accountable. Can be Audited.