Every now and then I’ll read a book which I add to my library on the history of security. The Cuckoo’s Egg by Cliff Stoll has definitely earned its place among them. Well written for a non-technical audience, with enough detail for those of a more technical leaning to fill in the gaps, it’s a great read.
From the initial discovery from an accounting error down to an intruder’s unfamiliarity with software, through over a year of careful and methodical tracking, monitoring, and running headlong into bureaucratic brick walls (which may be familiar to some), to a dramatic climax. Throughout Stoll gives a very personal, first-hand account of the hunt, the effect that being a computer security expert can have on your life (early morning calls may bring back bad memories for some), and the way that looking into security deeply enough brings about the realisation that while it is a solution, and is needed, the need for openness cannot be overstated.
Especially interesting are the principles which Stoll details during his chase of the spy, all of which are in use in some form today. Of course, the criticisms of certain agencies only ever taking in information and not sharing it, to the detriment of innocents, is a political position that many would agree with even now – particularly given some recent leaks of vulnerability stockpiles.
If you’re looking for a security read for the beach (or, more appropriately at this time of year in front of the fireplace with a hot, alcoholic drink) then this is definitely one to grab. And if you’re looking for a Christmas present for your security aware and/or professionally paranoid friends or family then I cannot recommend The Cuckoo’s Egg highly enough.
I first read Shostack’s Threat Modeling some time ago and have tried to use the lessons since. Recently though it’s been recommended as reading for the MSc course, so I picked up my much-notated and dog-eared copy for another run through with fresh eyes.
Threat Modeling Fundamentals
Before I go into the book itself I am going to talk a little about threat modeling as a concept, and its value. Even if you do not go as far as using a formal methodology, are not looking at technical threats, or even have nothing to do with security in your company I highly recommend trying to use at least the basics of threat modeling. The simple idea behind it all is that when you are developing, planning or building something you should consider the threats – which are not the same as risks. A lot of attempted risk management takes place in the absence of consideration of threats, and (from experience) often without considering vulnerabilities. Risks arise from the combination of a threat and a vulnerability – the threat is a factor outside of your control. The vulnerability is something you can mitigate or even remediate.
The fundamental of threat modeling is to look at the threats to any endeavour, consider them carefully against vulnerabilities which exist in that endeavour (often because a threat hasn’t been considered) and manage the risks that arise, either by closing down vulnerabilities or simply accepting any residual risk. There are plenty of formal methodologies out there, as well as a few games, but to begin the principles are the important bit and a lot of the security awareness training I do works around teaching people how to build some sort of threat model before anything else.
Shostack’s book is not the only one available on threat modeling, but by many, it is considered to be the most important. It’s an enjoyable read in and of itself, and can even be read cover to cover if you’re interested in the subject matter (the writing style is helpful here, friendly and engaging). It also works well as a reference book to dig into when you’re trying to teach, learn or do a threat model. Working up from the fundamentals to the structured approaches of threat modeling, covering Microsoft’s STRIDE methodology, looking into attack trees and libraries, and advancing smoothly throughout I’d highly recommend this to anyone who wants to make use of threat modeling as well as those who need a good reference work on the subject.